Updated the documentation.

Author: Harri Klingsten

README.md

@@ -4,7 +4,11 @@
 This repo contains a Power Command Console project with different commands with some kind of security purpose
 
 # Prerequisites
-You need DockerDesktop or equivalent software installed to run Cdxgen Sbom creation.
+If this is the first time you use a Power Commands implementation a encryption setup will be done at the first startup. The encryption key is setup for all Power Commands projects and is unique for every machine. Encryption is used by this Power Commands project to secure your **Dependency Track** API key.
+
+This application is intended to use **CycloneDX** and **Dependency Track** software running as container, therefore you need to have Docker Desktop installed, this way you do not need to install software on your machine besides this Power Commands console application. Setup Docker Desktop is however not described in this documentation. 
+
+If you want to setup **CycloneDX** and **Dependency Track** in any other way, I recommend you to look at their respective documentation, links to their repos are present at the end of this document. You also need to adjust the ```PowerCommandsConfiguration.yaml``` configuration file with the appropriate API endpoints. You do not need to run the ```start``` command if the software is installed and already running on your machine or a server else where.
 
 ## Start
 ```start```
@@ -15,8 +19,10 @@ You need DockerDesktop or equivalent software installed to run Cdxgen Sbom creat
  - Download ```docker-compose.yaml file```, path must be set in configuration file, if the file is already downloaded, this step will be skipped, that way you can change settings in the compose file if you want.
  - Start the Dependency Tracker Web GUI and API server. (Docker container) default url is: http://localhost:8080 login with ```admin```:```admin```
 
+ NOTICE! The first time you run startup the containers needed to run by DockerDesktop on your machine will be downloaded, this could take some time, but you see the process in the console, have patience with that. 
+
 ## Good to know, before you creating Sbom files...
-You can create the files and add them to **Dependency Track** manually if you want but the sbom command will also try to upload them if you use the ```--upload``` option flag. For this to work you will need to configure **Dependency Track** a bit. You need to create a **Team** in the **Administration/Access Management** section, and add at least the permission that is shown in the image below.
+You can create the files and add them to **Dependency Track** manually in the GUI. But if you configure **Dependency Track** and **PowerCommands** you been able to us the ```--upload``` option flag and with that the sbom content is automatically uploaded to **Dependency Track**. First tou need to create a **Team** in the **Administration/Access Management** section, and add at least the permission that is shown in the image below.  
 
 <img src="dt-api-key.png" alt="cdxgen" width="512">
 
@@ -35,6 +41,8 @@ Create sbom content from a local path or github repository
 
 **Github repository**
 
+Please notice that https://github.com/PowerCommands/PowerCommands2022.git is just for the example, you can point at any git repository, I do not think that my Power Commands repo is that interesting for you.
+
 ```sbom --path https://github.com/PowerCommands/PowerCommands2022.git --NAME <my-sbom-name>```
 
 ### --upload
@@ -44,6 +52,10 @@ If you add the --upload option, the sbom will also be uploaded to Dependency Tra
 
 ___
 
+## Power Commands
+
+Read more about Power Commands: https://github.com/PowerCommands/PowerCommands2022
+
 Read more about SBOM: https://www.cisa.gov/sbom
 
 ## CycloneDX Generator

src/SecTools/Core/PainKiller.PowerCommands.Core/Commands/SecretCommand.cs

@@ -3,9 +3,9 @@
 namespace PainKiller.PowerCommands.Core.Commands
 {
     [PowerCommandDesign(description: "Get, creates, removes or view secrets, first you need to configure your encryption key with initialize argument",
-                            options: "initialize|configuration|create|get|remove|salt",
+                            options: "create|initialize|configuration|remove|salt",
                  disableProxyOutput: true,
-                            example: "//View all declared secrets|secret|//Get the decrypted value of named secret|secret --get \"mycommand-pass\"|secret --create \"mycommand-pass\"|secret --remove \"mycommand-pass\"|//Initialize your machine with a new encryption key (stops if this is already done)|secret --initialize")]
+                            example: "//View all declared secrets|secret|secret --create \"mycommand-pass\"|secret --remove \"mycommand-pass\"|//Initialize your machine with a new encryption key (stops if this is already done)|secret --initialize")]
     public class SecretCommand : CommandBase<CommandsConfiguration>
     {
         public SecretCommand(string identifier, CommandsConfiguration configuration) : base(identifier, configuration) { }
@@ -14,7 +14,6 @@ public override RunResult Run()
             if (Input.HasOption("initialize")) return Init();
             if (Input.HasOption("")) return CheckEncryptConfiguration();
             if (Input.HasOption("salt")) return Salt();
-            if (Input.HasOption("get")) return Get();
             if (Input.HasOption("create")) return Create();
             if (Input.HasOption("remove")) return Remove();
             if ((Input.Arguments.Length + Input.Quotes.Length < 2) && Input.Arguments.Length > 0) throw new MissingFieldException("Two parameters must be provided");
@@ -62,17 +61,6 @@ private RunResult List()
             foreach (var secret in Configuration.Secret.Secrets) ConsoleService.Service.WriteObjectDescription($"{GetType().Name}", secret.Name, $"{string.Join(',', secret.Options.Keys)}");
             return Ok();
         }
-        private RunResult Get()
-        {
-            var name = Input.SingleQuote;
-            var secret = Configuration.Secret.Secrets.FirstOrDefault(s => s.Name.ToLower() == name.ToLower());
-            if (secret == null) return BadParameterError($"No secret with name \"{name}\" found.");
-
-            var val = SecretService.Service.GetSecret(name, secret.Options, EncryptionService.Service.DecryptString);
-            ConsoleService.Service.WriteObjectDescription($"{GetType().Name}", name, val);
-
-            return Ok();
-        }
         private RunResult Create()
         {
             var name = Input.SingleQuote;

src/SecTools/SecToolsCommands/Commands/DockerDesktopCommand.cs

@@ -18,6 +18,16 @@ public override RunResult Run()
         CycloneDxManager.Start(xCfg.HostMount, xCfg.ContainerMount, xCfg.HostPort, xCfg.ContainerPort, xCfg.SdxGenServerVolumeMount, xCfg.ImageUrl, xCfg.ServerHost);
 
         DependencyTrackManager.Start(Configuration.DependencyTracker.UrlToDockerComposeFile, Configuration.DependencyTracker.AdminUrl, Configuration.DependencyTracker.StartupTime);
+
+        WriteHeadLine("You are now ready to create SBOM files\n");
+        WriteLine("Notice that to automatically upload the SBOM to Dependency Track, you first need to do two things:");
+        WriteLine("1) Create a Team in Dependency Track give the Team BOM_UPLOAD, PROJECT_CREATION, PORTFOLIO_MANAGEMENT permissions");
+        WriteLine("2) Copy the API key, and create a secret in PowerCommands like this:");
+        WriteCodeExample("secret","--create \"DT_PowerCommand\"");
+
+        WriteLine("\nNow you can upload your sbom after it has been created with the sbom command like this:");
+        WriteCodeExample("sbom","https://github.com/PowerCommands/PowerCommands2022.git --name exampleRepo --upload");
+
         return Ok();
     }
 }