-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keyring's encrypted file backend integration #5355
Conversation
If users use the |
@jackzampolin no, absolutely not. If users want to avoid inputting password at all they should use the test keyring, i.e. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes LGTM. I'd like to add the comment you posted on slack somewhere:
Same impl as test keyring w/ the difference that when you export COSMOS_SDK_TEST_KEYRING you enable an on-file, passwordless keyring (for testing only).
If you pass the --keyring-file option to gaiacli (or you set the opt to true in the config file), then you get a CLI only-based keyring. It uses the same backend as the test keyring, though files are stored under a different directory (you don't want to mix&match test keyring keys AND encrypted keyring keys).
Codecov Report
@@ Coverage Diff @@
## master #5355 +/- ##
==========================================
+ Coverage 54.5% 54.53% +0.03%
==========================================
Files 311 311
Lines 18721 18740 +19
==========================================
+ Hits 10203 10219 +16
- Misses 7740 7741 +1
- Partials 778 780 +2
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you open an accompanying PR on Gaia that points to this branch so that I can test this out please?
After having a conversation with @jackzampolin, I think it makes more sense and is overall more secure to replace the |
This is now ready for review again. The feature can be tested on gaia via cosmos/gaia#212 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK. @alessio, I really do think it would be great if we had a README.md
under crypto/keys
that outlines what the Keybase is, what the Keyring is and the different modes and their details (e.g. where is key material persisted, how is it managed, etc..).
Great idea @alexanderbez, I just added a README.md under |
crypto/keys/README.md
Outdated
### NewInMemory | ||
|
||
The [NewInMemory](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewInMemory) constructor returns | ||
an implementation backed by an in-memory LevelDB storage that we've historically used for testing purposes or on-the-fly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this true? I believed MemDB
to be a true in-memory map
db -- no LevelDB involved. I could be wrong here though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're definitely right, just double checked. Will amend accordingly, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
### NewKeyringFile, NewTestKeyring | ||
|
||
Both [NewKeyringFile](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewKeyringFile) and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should state where NewKeyringFile
stores key material on disk (i.e. the default path).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-Authored-By: Alexander Bezobchuk <[email protected]>
Co-Authored-By: Alexander Bezobchuk <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK
Use new --keyring-backend flag. See cosmos/cosmos-sdk#5355 for more information.
Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
Add encrypted file support to keyring implementation.
docs/
)Unreleased
section inCHANGELOG.md
Files changed
in the github PR explorerFor Admin Use: