Store node keys in key service/layer instead of in IPFS repo #77
Comments
|
Maybe store it encrypted by KMS similar to what we do with the serverless functions? |
|
More details and summary of convo with @lsenta In the ipfs js client keys are in the 'root' repo/store which includes configs files and some extra metadata. The keys are stored in the config file at the moment. Basically if we just load and pass the keys on start they are still going to end up there (same place they are now). What the go ipfs client does is better, the keys are a in the 'keys' repo/store which stores key files. So an actual implementation would be creating a keys store that loads the keys when needed. The keys repo is just empty in the js client at the moment. You can technically create a custom root store that stores configs in places and keys in another, but not worth the effort at the moment. Would likely say we can hold on this for now |
|
The related issue in js-ipfs: ipfs/js-ipfs#1138 +1 to hold and revist this in a few weeks and / or when the github issue is fixed. |
Root store in ipfs repo includes, configs include keys. We likely want to move these keys into a more clearly permissioned layer vs s3 layer which may have more open permissions.
The text was updated successfully, but these errors were encountered: