[Keybase] HashiCorp Vault support as a keybase backend #527
Comments
Olshansk
changed the title
Olshansk
changed the title
Olshansk
changed the title
|
If this is in M4, does that mean it's a priority to include in testnet @Olshansk? |
Not a blocker for starting TestNet, but will make it more efficient, simpler and easier to incorporate external node runners (e.g. if we do an incentivized TestNet). Might be a good alternate to #194 (comment) but will keep thinking of other starter tasks too. |
|
Great, thank you @Olshansk! Was weighing the impact of this over the threshold sigs. |
|
Hey @Olshansk can you provide an effort for this? Seems S-M but want to confirm. |
I think the effort to test & integrate it with HashiCorp is a fair amount of infra work: making it easy through documentation or tools for other to get set up. I set it as an |
## Description Introduces a keybase config into the runtime config and adds a more node-operator-oriented, production-ready backend for the keybase. https://app.dework.xyz/pokt-network/v1-protocol?taskId=04cb2ab8-8b7b-4c81-a407-857649a928b7 ## Issue Fixes #527 ## Type of change Please mark the relevant option(s): - [x] New feature, functionality or library - [ ] Bug fix - [ ] Code health or cleanup - [ ] Major breaking change - [x] Documentation - [ ] Other <!-- add details here if it a different type of change --> ## List of changes - Adds KeybaseConfig to runtime config - Add Hashicorp Vault keybase implementation - Fix a bug where build binary could not resolve private keys - Update CLI commands to parse keybase flags - Updates CLI docs - Adds confirm passphrase new key creation, importing unarmored private keys, and updating passphrases ## Testing - [x] `make develop_test` - [x] [LocalNet](https://github.com/pokt-network/pocket/blob/main/docs/development/README.md) w/ all of the steps outlined in the `README` ## Required Checklist - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have tested my changes using the available tooling - [x] I have updated the corresponding CHANGELOG ### If Applicable Checklist - [x] I have updated the corresponding README(s); local and/or global - [x] I have added tests that prove my fix is effective or that my feature works - [ ] I have added, or updated, [mermaid.js](https://mermaid-js.github.io) diagrams in the corresponding README(s) - [ ] I have added, or updated, documentation and [mermaid.js](https://mermaid-js.github.io) diagrams in `shared/docs/*` if I updated `shared/*`README(s)
Objective
Add a more node-operator-oriented, production-ready backend for the keybase.
Origin Document
The implementation for the CLI & keybase are available at app/client but only supports a filesystem-based key based backed by BadgerDb. Example from
/Users/olshansky/workspace/pocket/pocket/app/client/cli/account.go:PNI and other major node runners make use of HashiCorp Vault which makes it a great 1st candidate for an alternate keybase backend.
Goals
Deliverable
Non-goals / Non-deliverables
General issue deliverables
Testing Methodology
Creator: @Olshansk
Co-Owners: @h5law @okdas @jessicadaugherty
The text was updated successfully, but these errors were encountered: