The UI itself can be deployed by hosting the minified source with a webserver or as a Docker image.
A .tgz archive containing the latest minified source can be found on the releases page.
The latest Docker image can be found in the GitLab registry.
Simply start the docker iamge to start the application. It has a webserver built in and will start running on port 80 inside the container.
If you you opt for the .tgz archive, you will need to use your own webserver to host it.
Alternatively you can build the UI yourself from source. For more information on building the application, refer to the ui project contributing documentation.
The UI will not function without access to the cellar API.
It expects to be able to access the api from the path /api.
For example, if you are hosting the Cellar UI on https://cellar.example.com,
it will attempt to make all api requests to https://cellar.example.com/api/...
No additional configuration is necessary.
The API itself can be deployed as a standalone binary or as a Docker image. The latest binary can be found on the releases page. The latest Docker image can be found in the GitLab registry.
Simply run the standalone binary or start the docker image.
It will start listening on the APP_BIND_ADDRESS that you specify in your configuration.
Alternatively you can build the API yourself from source. For more information on building the application, refer to the api project contributing documentation.
Cellar requires somewhere to store application data. Please refer to each section below for each supported datastore.
Cellar does not require any special configuration for Redis. Password is optional, but supported.
Cellar does not do its own encryption. Instead it relies on whatever encryption service you already trust! Please refer to each section below for each supported cryptography engine.
AWS KMS requires some pre-existing setup to work with Cellar.
First you must create a KMS key. Then you must create an IAM policy that has permissions to the key for both encryption and decryption. Finally provide this policy to the key (probably by creating a role and providing it to the infrastructure where you are running the Cellar api).
Vault requires some pre-existing setup to work with Cellar.
First it must have an authentication method. Currently the only supported auth method is AppRole. A role must be setup in the AppRole auth mehod.
It must also have the Transit Secrets Engine enabled and have a key generated. The role must be given the proper capabilities to encrypt and decrypt using that key.
For more information on setting up Vault refer to Vault’s documentation.
