-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hashicorp Vault wallet implementation proposal #568
Comments
@TsvetanG thanks for the proposal, so what i think we could do is make the wallet more plug-able/modular. we could make a spec that a wallet would need to implement, and a user could configure their console to use 1 of many wallets, which could include hashicorp. the actual wallet code would sit in it's own repository, and it would be pulled into a console build when we bundle the fontend js. i like the idea of this plug-able wallet solution, because ALL users don't have to download code and get maintenance updates from every different wallet implementation, when they are only using 1 particular kind. |
so next steps would be to define the wallet api spec, and make some stubs to bring in other wallets during our esbuild process |
Yes, we are working on the technical details and a plan. Our existing impl is not using modules so we need to do a small re-work. |
@dshuffma-ibm Do you think we should be adding the Wallet vault implementation inside the fabric operations console git repo or we should use a dedicated repository? |
@TsvetanG a dedicated repository |
Here are the technical details.
@dshuffma-ibm : let us know what you think. |
@ckpaliwal What are your thoughts? |
@TsvetanG |
@ckpaliwal Do you have any update? |
Discussed with @TsvetanG today. Current thinking is to keep the implementation simple by having console repository natively support both the browser storage and Hashicorp vault storage, with a simple configuration that determines which will be used. |
Pull Request ready for review #781 |
@dshuffma-ibm Thanks for merging the pull request to the experimental branch. Could you also start the build so we can get the images published? |
on it, I made a tag, looks like its building now, job: https://github.com/hyperledger-labs/fabric-operations-console/actions/runs/11371570067/job/31633935822 |
@dshuffma-ibm the build is ready and the package is available. Thank you for reviewing and moving that feature in. I am closing the issue. |
Currently, the fabric operation console wallet implementation uses the local browser storage to store the user identities (cert and private key). The console user must download those identities locally to persist them. This can be a cumbersome process that requires additional steps to keep the downloaded data secure.
Hashicrop Vault can be used to persist automatically the user identities and keep the data secure without the need to download and manage locally.
The fabric operations console wallet can be extended to support Hashicorp Vault as a secure store of the user identities.
The idea is to abstract the existing wallet implementation and introduce a new Hashicorp Vault based wallet. Furthermore, a configuration can be enabled to control what wallet impl to use based on the specific deployment needs. That way the console would support the current wallet impl and the new Hashicrop Vault based impl.
My team at Senofi is willing to contribute the implementation to the project.
The text was updated successfully, but these errors were encountered: