Add support for AWS KMS as a way to sign block in the `fuel-core` #2043

xgreenx · 2024-07-23T23:09:25Z

Overview

We need to add an ability to sign blocks with AWS KMS.

Use aws-sdk-kms crate for adding support for the PoA service to use AWS KMS to sign blocks.

It requires updating the CLI argument to pass a private key. It should be either a raw private key or credentials for KMS.

It would be nice to abstract the signing of the block via some trait and have different backed for signing. The sign function could be async.

Please check the https://fuellabs.slack.com/archives/C0298A7TT1C/p1720046999839619 thread for test credentials to test the change with a real cluster.

The text was updated successfully, but these errors were encountered:

Dentosal · 2024-07-31T03:19:16Z

Open questions:

Should we allow passing in the configuration in any other way than just loading from the environment, i.e. with aws_config::load_from_env
- Should we lock ourselves to a specific version of this config, or always use the latest availble defaults?
Should we have this all behind an opt-out feature flag?

xgreenx assigned Voxelot, Dentosal and MitchTurner Jul 23, 2024

Dentosal mentioned this issue Jul 31, 2024

AWS KMS block signing support and Rust 1.79 #2051

Merged

9 tasks

Dentosal closed this as completed in #2051 Aug 19, 2024

Dentosal closed this as completed in 08f4637 Aug 19, 2024

AurelienFT mentioned this issue Oct 31, 2024

Implement AWS KMS in fuel-crypto FuelLabs/fuel-vm#865

Open