feat: add more console docs (#532)

docs/GetStarted/Enterprise/addDevice.md

@@ -20,7 +20,7 @@
 
 6. Enter the **AMT Password** of the device set during activation.
 
-7. **For AMT 16.1 or newer devices only**, select the **Use TLS** checkbox and **Allow Self-Signed Certificates** checkbox.
+7. For AMT devices configured to use TLS, select the **Use TLS** checkbox and **Allow Self-Signed Certificates** checkbox.
 
     ??? tip "Important - TLS Requirement for AMT 16.1 and newer devices"
         Starting with AMT 16.1, TLS is required. By default, the AMT device will come with a self-signed TLS certificate as part of the firmware. By selecting both the **Use TLS** and **Allow Self-Signed Certificates** checkboxes, AMT will utilize the built-in TLS certificate. *This is the recommended path for Getting Started as it requires less initial setup*.

docs/GetStarted/Enterprise/setup.md

@@ -7,8 +7,8 @@
 
 **Configure a network that includes:**
 
--  A development system 
--  An activated Intel AMT device
+-  A development system (to run Console)
+-  A provisioned or unprovisoned Intel AMT device
 
 ## What You'll Do
 
@@ -19,29 +19,37 @@
 
 **To complete a deployment:**
 
-- Download and run Console.
-- Activate and configure an Intel AMT device.
-- Add a device to Console.
-- Manage a device using Console.
+1. [Download and run Console](#get-console)
+2. [Create a CCM](createProfileCCM.md) or [ACM Profile](createProfileACM.md)
+3. [Activate and configure an Intel AMT device](activateDevice.md)
+4. [Add a device to Console](addDevice.md)
+5. [Manage a device using Console](manageDevice.md)
+
+!!! note "Note - For devices that are already activated in ACM or CCM"
+    If your Intel AMT device is already activated in CCM or ACM, you can skip steps 2 and 3 after completing step 1 and proceed directly to [Add a device to Console](addDevice.md).
+
 
 ## Get Console
 
 ### Download
 
 1. Find the latest release of Console under [Github Releases](https://github.com/open-amt-cloud-toolkit/console/releases/latest).
 
+    !!! warning "Warning - Upgrading from Alpha to **BETA**"
+        Starting from the Beta release, all sensitive data in the SQLite database will be encrypted using an encryption key. Due to this security enhancement, you'll need to delete the existing database file before upgrading. Instructions on how to delete the database can be found [here](../../Reference/Console/upgrade.md/#upgrading-from-alpha-to-beta)
+
 2. Download the appropriate binary assets for your OS and Architecture under the *Assets* dropdown section.
 
     !!! note "Note - Warnings when Downloading from Github"
         If downloading Console on Windows, a warning may appear and require approval to continue the download. The Beta executable of Console is not currently signed. This will no longer be the case when the full release of Console is available. 
 
 ### Configure Console
 
-1. Create a new file named `config.yaml`.
+1. Create a `config` directory and a new file named `config.yml` in the same directory as *Console executable*. Alternatively, Console can automatically generate a `config.yml` file, see [here](../../Reference/Console/configuration.md/#using-configyml) for more details.
 
-2. Copy and paste the following example text into the file.
+2. Copy and paste the following example text into the `config.yml` file.
 
-    ```yaml hl_lines="6 8 9"
+    ```yml hl_lines="6 8 9"
     app:
       name: console
       repo: open-amt-cloud-toolkit/console
@@ -75,7 +83,7 @@
 
     | Field Name     | Required                              | Usage                    |
     | -------------- | ------------------------------------- | ------------------------ |
-    | jwtKey         | A strong secret of your choice (Example: A unique, random 256-bit string, e.g. `Yq3t6w9z6CbE3HRMcQfTjWnZr4u7x6AJ`). | Used when generating a JSON Web Token (JWT) for authentication. This example implementation uses a symmetrical key and HS256 to create the signature. [Learn more about JWT](https://jwt.io/introduction){target=_blank}.|
+    | jwtKey         | A strong secret of your choice (Example: A unique, random 32-character string, e.g. `Yq3t6w9z6CbE3HRMcQfTjWnZr4u7x6AJ`). | Used when generating a JSON Web Token (JWT) for authentication. This example implementation uses a symmetrical key and HS256 to create the signature. [Learn more about JWT](https://jwt.io/introduction){target=_blank}.|
     | adminUsername  | Username of your choice               | For logging into Console |
     | adminPassword  | **Strong** password of your choice    | For logging into Console |
 
@@ -90,18 +98,18 @@
 
 ### Run
 
-1. Set Console's configuration and run the executable. A terminal will open containing the Console process.
+1. Run the executable, and a terminal will open containing the Console process. The Console process will read the configuration from `config/config.yml`. 
 
-    ```
-    console.exe -config config.yaml
-    ```
+    !!! note "Note - Alternate Methods to Run Console"
+        You can also open a terminal session and run Console by providing a custom path to config.yml with the following command:
+        ```console.exe -config /path/to/config.yml```
 
-2. If an `encryption_key` was not set, Console will prompt to generate a new key for encryption. Type `Y` and press enter.
+2. If an `encryption_key` was not set, Console will prompt to generate a new key for encryption. Type `Y` and press **Enter**.
 
     !!! note "Note - Encryption Key Information"
-        Console automatically stores this key within the Operating System's credential manager such as Windows Credential Manager under the name *device-management-toolkit*. This key is used when interacting with the database is required.
+        Console automatically stores this 32-character key in Operating System's credential manager, such as Windows Credential Manager, under the name *device-management-toolkit*. This key is used to encrypt sensitive data before it is stored in the database.
 
-3. Console is now successfully running! A browser window will open running `localhost:8181`. The Console UI is now useable and devices can be added.
+3. Console is now successfully running! A browser window will open running `http://localhost:8181` where you can access the Console UI and start adding devices.
 
     !!! success
         <figure class="figure-image">

docs/Reference/Console/configuration.md

@@ -0,0 +1,39 @@
+# Console Configuration
+
+Console can be configured using either a YAML configuration file (`config.yml`) or environment variables (`.env`). Both methods allow you to customize the behavior of the Console application.
+
+## Using config.yml
+
+When you first run the Console, a `config.yml` file is generated and stored in the `config/` directory, located in the same directory as the Console executable. You can stop the Console, edit the config.yml file, and then restart the Console to apply the changes.
+
+Alternatively, you can also download the `config.yml` file from [GitHub](https://github.com/open-amt-cloud-toolkit/console/blob/main/config/config.yml) or create your own configuration file, edit the YAML content, and then use the `config` flag to run the Console `console.exe -config /path/to/config.yml`.
+
+## Using .env Variables
+
+Console can also be configured using environment variables. These `.env` variables take precedence over the corresponding settings in the `config.yml` file, effectively overwriting them.
+
+## Configuration Variables
+
+| `.env` Variable Name | `config.yml` Variable Name       | Default | Description |
+|-------------------|----------------------------|----------|-------------|
+| APP_NAME | app.name | console | Name of the application. |
+| APP_REPO | app.repo | open-amt-cloud-toolkit/console | Repository path of the application. |
+| APP_ENCRYPTION_KEY | app.encryption_key | No Value | A 32-character long encryption key is automatically generated by Console if not provided by the user. This key is used to encrypt and protect sensitive data stored in SQLite DB. |
+| APP_JWT_KEY | app.jwtKey | `your_secret_jwt_key` | Secret key for JWT token generation. |
+| APP_AUTH_DISABLED | app.authDisabled | `false` | When set to true, this will disable authentication for the Console. During the Beta release, the Console UI will not be accessible if this is set to true. |
+| APP_ADMIN_USERNAME | app.adminUsername | `standalone` | Admin username for accessing Console. |
+| APP_ADMIN_PASSWORD | app.adminPassword | `G@ppm0ym` | Admin password for accessing Console. |
+| APP_JWT_EXPIRATION | app.jwtExpiration | `24h0m0s` | This setting determines the default expiration time for JWT tokens used for Console login sessions. It controls how long a user's login session will remain valid. |
+| APP_REDIRECTION_JWT_EXPIRATION | app.redirectionJWTExpiration | `5m0s` | This setting determines the expiration time for redirection JWT tokens, which are used for features like KVM, SOL, and IDER. It controls how long these redirection sessions will remain valid. |
+| HTTP_HOST | http.host | `localhost` | By default, Console listens only on `localhost`, restricting network access. For now, it's recommended to keep Console accessible only from `localhost` until HTTPS is available to ensure secure access.|
+| HTTP_PORT | http.port | `8181` | This is the port on which the Console HTTP server will listen. Users will access the Console UI through this port in their browser. |
+| HTTP_ALLOWED_ORIGINS | http.allowed_origins | `*` | Allowed origins for CORS policy. |
+| HTTP_ALLOWED_HEADERS | http.allowed_headers | `*` | Allowed headers for CORS policy. |
+| LOG_LEVEL | logger.log_level | `info` | Controls the level of logging. Options: `error`, `warn`, `info`, `debug`, `fatal`. |
+| DB_POOL_MAX | postgres.pool_max | `2` | Maximum number of database connections in the pool. |
+| DB_URL | Not available | No Value | By default, Console uses a SQLite database to store device data locally. Users can optionally configure this variable to provide a PostgreSQL connection string, enabling the use of an external PostgreSQL database for data storage. This allows for greater scalability and centralized database management. |
+| EA_URL | ea.url | `http://localhost:8000` | URL for the Enterprise Assistant service. |
+| EA_USERNAME | ea.username | No Value | Username for the Enterprise Assistant service. |
+| EA_PASSWORD | ea.password | No Value | Password for the Enterprise Assistant service. |
+
+

docs/Reference/Console/upgrade.md

@@ -0,0 +1,33 @@
+# Upgrading Console
+
+## Overview
+We plan to provide a seamless upgrade path from the MVP or v1.0 release, ensuring that no database deletion is required.
+
+## Upgrading from Alpha to Beta
+
+Starting from Beta release, all sensitive data in the SQLite database will be encrypted using an encryption key. Due to this security enhancement, you'll need to delete the existing database file before upgrading.
+
+### Steps to Delete Database
+
+1. Navigate to the directory where the `console` database file is stored:
+
+    === "Windows"
+        ```
+        %APPDATA%\device-management-toolkit
+        ```
+
+    === "Ubuntu"
+        ```
+        ~/.config/device-management-toolkit
+        ```
+
+    === "MAC"
+        ```
+        ~/LIbrary/Application Support/device-management-toolkit
+        ```
+
+2. Delete the `console` database file.
+
+
+### Add all the devices
+After deleting the database and running the Console executable, you'll need to reconfigure or add all your devices again, as the previous data cannot be migrated due to the encryption changes.

mkdocs.yml

@@ -122,6 +122,8 @@ nav:
     - SSL with Local Postgres: Reference/sslpostgresLocal.md
     - Console (Beta):
       - Overview: Reference/Console/overview.md
+      - Configuration: Reference/Console/configuration.md
+      - Upgrade: Reference/Console/upgrade.md
       - Security Information: Reference/Console/securityConsole.md
       - WSMAN Explorer: Reference/Console/wsmanExplorer.md
     - Enterprise Assistant: