You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.
Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.
I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!
The text was updated successfully, but these errors were encountered:
mattlockyer
changed the title
Where/How to Store Private Keys for Web Wallet 2FA Support
Where/How to Store Private Keys for Web Wallet 2FA Support?
May 21, 2020
We can generate effectively unlimited number of keys from one private seed (supplied in env variable) and account name. Ideally that would happen on some kind of HSM, but I think it is out of scope for MVP.
Looking for feedback on this.
We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.
Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.
I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!
The text was updated successfully, but these errors were encountered: