consensys / quorum-key-manager Goto Github PK
View Code? Open in Web Editor NEWA universal Key & Account Management solution for blockchain applications.
Home Page: http://docs.quorum-key-manager.consensys.net/
License: Apache License 2.0
A universal Key & Account Management solution for blockchain applications.
Home Page: http://docs.quorum-key-manager.consensys.net/
License: Apache License 2.0
Add pagination to endpoints returning lists.
Implement function taking manifest specs, extracting it to create the corresponding store
Implement a Manifest Loader that loads manifest files from a filesystem folder this is expected to be static (load only once)
As part of this task, we should define the type of file format json, yaml, toml...? Initialize Hashicorp Vault secret store
json-rpc protocol support multiple request at once by appending requests into body. The goal is to make the interceptor aware of this and handle it
When communicating with the keys
endpoints. Return results in base64 instead of 0x.
[HIGH] Node component appears to be one of our application core component which it belongs to our business layer, so that, two things about it:
Node should not be aware of the outside layer of our application what it is at the moment because its interface it exposes httpClient, jsonrpc.Client, jsonrpc.Handler, all of them are part of what we could called INFRA layer. Alternatively I think Node should implement jsonrpc call methods required by the service layer (a proxy receiving a method and a payload req) and help methods such as getGasPrice, getNonce to be used on the business layer
This component should be place at /src/core/node
[HIGH] IMO sessions should not be manage by the node components. Session will not necessarily depend on the node but on the users making the requests to the same node. For that the most standardized way to do is SESSION_ID which lives in the Request object and exchanged between the client and the server. To achieve that gorilla provides a library which I believe we could easily integrate https://github.com/gorilla/sessions
[MEDIUM] Everything related to jsonrpc server code, proxy logic and the preparer /pkg/http/request/preparer_proxy.go should be moved together under /src/infra. As far as I see all that logic appear to be out outside facing layer including the proxy preparer which IMO it is not a preparer but part of business logic of our proxy server.
4. [MEDIUM] If I am not mistaken we could skip the wrapper implementations of json-rpc request and response and it would be enough with a RequestMSG and ResponseMSG. As far as I understand a request will flow over different request preparers till it reaches the intended Besu/Quorum node and same for the response over the modifiers till it comes back to the user. Accounting on that I think it would be cleaner if we attach things directly over the http.request and http.response and make all the work of transforming to the right formats using static parsing methods fetching the context attached on those objects (alternatively on the context in case those object can not hold key-value fields)
5. [MEDIUM-LOW] Config structs should be a things initialize once and we never modify over the course of execution. The initialization of those config struct should only happen when the application inits, or when a new request it is coming into our application via our service layer. So that all config struct should remain under infra package (edited)
JSON-RPC use-case (e.g. eth_sendTransaction
) needs some functional logic in order to synchronize various operation involving secure Stores, downstream node, etc.
What is the best approach for implementation?
To be implemented in core/store/keys/azure-key-vault
type Config struct
New(cfg *Config) *Store
creating store from configurationCreate(...)
Get(...)
Update(...)
List(...)
Sign(...)
NotImplementedError
Currently, the Hashicorp plugin keys
domain uses Ethereum [R||S||V] signature scheme instead of the standard ECDSA [R||S] signatures. This should be modified to make the keys compatible with other stores (AKV, AWS).
Acceptance criteria:
ecdsa
standard package.base64
formatDiscussion:
Change the key format to return x
and y
values?
Implement integration tests for Hashicorp key store.
Implement ready
and live
endpoints in the key manager. Following the same implementation than in Orchestrate, on a dedicated port.
Implement acceptance tests for secrets store:
Currently the development environment fails to start when running the command make dev
.
hashicorp
only now)Methods to implement
Should this issue broken is smaller ones?
To be implemented in core/store/keys/local
Create(...)
Get(...)
Update(...)
List(...)
Sign(...)
NotImplementedError
Waiting for research over if this feature would be useful to be implemented based on the web3 usage
To be implemented in core/store/eth1/base
Create(...)
Import(...)
Get(...)
Update(...)
List(...)
Sign(...)
SignHomestead(...)
SignEIP155(...)
SignEEA(...)
SignPrivate(...)
ECRevocer(...)
IMPORTANT: Current Orchestrate client impl align with the one required here
To be implemented in core/store/keys/hashicorp
type Config struct
New(cfg *Config) *Store
creating store from configurationCreate(...)
Get(...)
Update(...)
List(...)
Sign(...)
Sign....(...)
NotImplementedError
IMPORTANT: Compare impl with https://github.com/ConsenSys/quorum-signer-plugin-for-hashicorp-vault
Consist in implementing a JSON-RPC proxy able to extract JSON-RPC information.
Implementing interceptors is not part of this issue. In the end it should be a pass-through, possibly logging.
To be implemented in core/store/keys/aws-kms
type Config struct
New(cfg *Config) *Store
creating store from configurationCreate(...)
Get(...)
Update(...)
List(...)
Sign(...)
NotImplementedError
Improve error handling of the Vault plugin:
Implement http.Server
logic,
type Config struct
for the main application to runWrite acceptance test for the following:
Include Besu and go-quorum
Implement a Manifest Loader that
As part of this task, we should define the type of file format json, yaml, toml...?
We should get in touch with pliny and collaborate to release the first version of KM docs
Create a command to start the Key-Manager
Part of this ticket consist in proposing the library for command line (cobra?)
type Store interface {
// Info returns store information
Info(context.Context) (*entities.StoreInfo, error)
// Set secret
Set(ctx context.Context, id, value string, attr *entities.Attributes) (*entities.Secret, error)
// Get a secret
Get(ctx context.Context, id string, version int) (*entities.Secret, error)
// List secrets
List(ctx context.Context) ([]string, error)
// Update secret
Refresh(ctx context.Context, id string, expirationDate time.Time) error
// Delete secret not permanently, by using Undelete the secret can be restored
Delete(ctx context.Context, id string, versions ...int) (*entities.Secret, error)
// GetDeleted secrets
GetDeleted(ctx context.Context, id string) (*entities.Secret, error)
// ListDeleted secrets
ListDeleted(ctx context.Context) ([]string, error)
// Undelete a previously deleted secret
Undelete(ctx context.Context, id string) error
// Destroy secret permanently
Destroy(ctx context.Context, id string, versions ...int) error
}
Currently, the ETH account data comes from the underlying key store. This data is not enough to index the accounts because the address is not present in the keys. We need to store the address to be able to query accounts by address:
Acceptance criteria
Please read comments of the ticket
Implement token renewal runnable service to renew token, following what has been implemented in Orchestrate (at least for this first version).
Decide between next options:
Implement the AWS secret store by following the specifications and by taking example from the other secret stores:
https://docs.google.com/document/d/1GkGUW79iKAhzbFnwY28TVizZGxxMiO8f2XQvZyE2zl4/edit?usp=sharing
infra
layerstore
layer by taking example from the hashicorp secret store (also AKV)Write acceptance test for the following:
Include Besu and go-quorum
Remove orchestrate dependency from Vault plugin:
pkg
of pluginTo be implemented in core/store/secrets/hashicorp
type Config struct
New(cfg *Config) *Store
creating store from configurationSet(...)
Get(...)
Update(...)
List(...)
NotImplementedError
The goal of this ticket is to evaluate different logger alternatives, such as go-kit or zap
Requirements are:
Currently the Hashicorp plugin deals with camel case, it should be changed to snake case to comply with Hashicorp. keys
have already been updated.
To be implemented in core/store/keys/hashicorp
Define type Config struct
All other methods should return NotImplementedError
IMPORTANT: Compare impl with https://github.com/ConsenSys/quorum-signer-plugin-for-hashicorp-vault
The goal of this ticket is to investigate which alternatives we can use to connect to AKV and create tickets around them
In order to align with best practices standard over key management Hashicorp should provide support for soft-delete on keys.
Implement http.Handler
exposing the base keys.Store
functionalities.
Method and route naming are to be discussed and confirmed as part of this task
POST /keys/{id}
PATCH /keys/{id}/import
GET /keys/{id}
GET /keys
PATCH /keys/{id}
DELETE /keys/{id}
GET /keys/deleted
GET /keys/deleted/{id}
DELETE /keys/{id}/destroy
POST /keys/{id}/sign
POST /keys/{id}/verify
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.