-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key management improvements #252
Comments
I agree. I would be very happy for more secure key management apis that don't have negative impact on workflow |
Cool. Will try to get this done as well. Thanks, might take a bit to understand the codebase. |
Thank you. A quick intro:
You can see how we load it currently: You may want to first refactor all instances of this logic into one helper, then later extend it to load mnemonics other ways. It should work with |
Note, we cannot use a ledger (which is interactive), but I believe there may be other hardware signers that don't need confirmation. The I guess an encrypted mnemonic with only a passphrase entered in stdin would be better. What is your design? |
Ledger support will be an issue, but I dont think most of the node operators use ledger since most of the nodes are remote anyways. The way i am looking at this
We keep the current method of passing the mnemonic directly too, required for testing, but not recommed it for running on standalone nodes. Also it would make sense to have seperate keys for seperate chains, node operators can use the same mnemonics as well, with differenent index. |
Ah, I like the idea of using os-level keyring for the backend. Something that can be unlocked once on startup is fine. |
Overview
For making ts-relayer production ready, we need better key management, giving operators multiple ways to handle keys.
Again the goal is to make ts-relayer as a standalone relayer.
Currently
Mnemonics are passed a variables or stored in
~/.ibc-setup/app.yaml
. This is only good for testing or debugging, and not for production nodes.Proposal
Ability to handle multiple key-management systems from plain test, keyrings or additional settings.
Some of the work done in cosmology https://github.com/cosmology-tech/cosmology#mnemonics could be something easily ported here as well.
The text was updated successfully, but these errors were encountered: