From 031aaca16c411b593943588007d8f1f2b0a4adb9 Mon Sep 17 00:00:00 2001 From: Sina Taghizadeh Date: Fri, 11 Aug 2023 10:28:53 -0400 Subject: [PATCH] Fix genkey/pubkey confusion and update r2c --> Semgrep Added more context on how to use the pubkey command, (using echo to input the private key) There was an error in the docs where pubkey and genkey were switched around Replaced instances of r2c with Semgrep Signed-off-by: Sina Taghizadeh --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7cb0416..c2b9e92 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ The Semgrep Network Broker facilitates secure access between Semgrep and a private network. -The broker accomplishes this by establishing a Wireguard VPN tunnel with the Semgrep backend, and then proxying inbound (r2c --> customer) HTTP requests through this tunnel. This approach allows Semgrep to interact with on-prem resources without having to expose them to the public internet. +The broker accomplishes this by establishing a Wireguard VPN tunnel with the Semgrep backend, and then proxying inbound (Semgrep --> customer) HTTP requests through this tunnel. This approach allows Semgrep to interact with on-prem resources without having to expose them to the public internet. Examples of inbound traffic include: @@ -25,17 +25,17 @@ Examples of inbound traffic include: The broker requires a Wireguard keypair in order to establish a secure connection. - `semgrep-network-broker genkey` generates a random private key in base64 and prints it to stdout -- `semgrep-network-broker pubkey` reads a base64 private key from stdin and prints the corresponding base64 public key to stdout +- `echo "" | semgrep-network-broker pubkey` reads a base64 private key from stdin and prints the corresponding base64 public key to stdout -Your public key is safe to share. _Do not_ share your private key with anyone (including r2c). +Your public key is safe to share. _Do not_ share your private key with anyone (including Semgrep). ### Configuration -r2c will help you create a configuration file tailored to your Semgrep deployment. +Semgrep will help you create a configuration file tailored to your Semgrep deployment. **Do not** alter the `wireguard` and `heartbeat` sections. -**Do not** share the value of `inbound.wireguard.privateKey`. This is your organization's private key. Reach out to r2c on Slack if you need to rotate your Wireguard keys. +**Do not** share the value of `inbound.wireguard.privateKey`. This is your organization's private key. Reach out to Semgrep on Slack if you need to rotate your Wireguard keys. Example: ```yaml @@ -161,13 +161,13 @@ Requirements: `semgrep-network-broker dump` dumps the current config. This is useful to see what the result of multiple configurations overlays would result in -### pubkey +### genkey -`semgrep-network-broker pubkey` generates a private key +`semgrep-network-broker genkey` generates a base64 private key to stdout -### genkey -`semgrep-network-broker genkey` generates a public key for a given private key (via stdin) +### pubkey +`echo "" | semgrep-network-broker pubkey` generates a base64 public key for a given private key (via stdin) ### relay `semgrep-network-broker relay` launches an HTTP server that relays request that match a certain rule.