[batcher] Replace Fireblocks wallet with KMS wallet #550
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ian-shim
force-pushed
the
kms-hot-wallet
branch
2 times, most recently
from
3eb8571 to
9a928a0
Compare
ian-shim
commented
May 9, 2024
| @@ -95,10 +95,10 @@ func ReadLoggerCLIConfig(ctx *cli.Context, flagPrefix string) (*LoggerConfig, er | |||
|
|
|||
| func NewLogger(cfg LoggerConfig) (logging.Logger, error) { | |||
| if cfg.Format == JSONLogFormat { | |||
| return logging.NewSlogJsonLogger(cfg.OutputWriter, &cfg.HandlerOpts), nil | |||
There was a problem hiding this comment.
This constructor has been deprecated
dmanc
approved these changes
May 9, 2024
| if config.KMSKeyConfig.KeyID == "" || config.KMSKeyConfig.Region == "" { | ||
| return errors.New("KMS key ID and region must be specified unless KMS wallet is disabled") | ||
| } | ||
| kmsClient, err := kms.NewKMSClient(context.Background(), config.KMSKeyConfig.Region) |
There was a problem hiding this comment.
Is it ok to use context.Background()?
There was a problem hiding this comment.
We can add a timeout there, but I think it's ok during the initialization
dmanc
reviewed
May 11, 2024
| Name: PrefixFlag(flagPrefix, "kms-key-id"), | ||
| Usage: "KMS key ID that stores the private key", | ||
| Required: false, | ||
| EnvVar: PrefixEnvVar(envPrefix, "KMS_KEY_ID"), |
There was a problem hiding this comment.
Should we use a KMS alias rather than the key id? Think it would help when rotating the key since we wouldn't need to do a deployment.
There was a problem hiding this comment.
Sounds good. This has to happen in sdk first, so I'll merge this and implement that as next iteration
There was a problem hiding this comment.
Apparently it just works: https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#API_Sign_RequestSyntax
anupsv
approved these changes
May 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why are these changes needed?
We're no longer using Fireblocks as hot wallet to send transactions. We're using an EOA with a private key managed by KMS instead.
This PR replaces the Fireblocks wallet to a private key wallet using KMS signer.
Checks