User security is a top priority for us at @wise-team. That is why Wise uses industry-standard top-security Hashicopr's vault to store steemconnect tokens.
Vault is deployed with ansible playbooks. Just run the wise-vote playbook with --tags "vault"
# 1.
$ ./scripts/vault-exec.sh status # check if vault is accessible
$ ./scripts/vault-exec.sh operator init
# This command will output 5 unseal keys. Distribute them among wise-team members.
# Warning! This can be done only once. There is no possibility to reset unseal keys.
# 2.
# After init, please do unseal with three keys as shown below.
# 3. Enter vault and execute the following commands:
$ ./scripts/vault-enter.sh
$ vault operator unseal
$ vault operator unseal
$ vault operator unseal
$ export VAULT_TOKEN="...root token" # we will revoke it later
$ vault policy write admin /wise-vault/policies/admin.hcl
$ vault policy write provisioner /wise-vault/policies/provisioner.hcl
$ vault auth enable userpass
$ vault write auth/userpass/users/noisy password=... policies=admin,provisioner
$ vault write auth/userpass/users/jblew password=... policies=admin,provisioner
$ vault write auth/userpass/users/perduta password=... policies=admin,provisioner
At least three of us has to run to the production server and run:
$ ./scripts/vault-exec.sh status # check if vault is accessible
$ ./scripts/vault-exec.sh operator unseal
# The command will prompt for unseal key.
Manual backup is done with ansible.
Run the wise-vote playbook with --tags "vault-backup"
. It will download sealed and sealed and gzipped version of vault to
the local machine. As it is sealed, it can be securely stored anywhere. To unseal it someone needs at least 3 of the 5 unseal keys
that are distributed among @wise-team members.
- Feel free to talk with us on our chat: https://discordapp.com/invite/CwxQDbG .
- You can read The Wise Manual
- You can also contact Jędrzej at jedrzejblew@gmail.com (if you think that you found a security issue, please contact me quickly).
You can also ask questions as issues in appropriate repository: See issues for this repository.
We welcome warmly:
- Bug reports via issues.
- Enhancement requests via via issues.
- Pull requests
- Security reports to jedrzejblew@gmail.com.
Before contributing please read Wise CONTRIBUTING guide.
Thank you for developing WISE together!
If you use & appreciate our software — you can easily support us. Just vote for "wise-team" to become you one of your witnesses. You can do it here: https://steemit.com/~witnesses.