-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove private key information access from the top-level key-manager
plugin
#540
Labels
Comments
mirceanis
added
enhancement
New feature or request
planned-feature
don't close this just for being stale
labels
May 28, 2021
mirceanis
added a commit
that referenced
this issue
Sep 1, 2021
BREAKING CHANGE: `keyManagetGet` no longer returns private key data BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox` BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore` BREAKING CHANGE: @veramo/cli configuration version update to 3.0 If you're already working with Veramo and wish to upgrade existing agents to veramo 3.0, you'll have to make some changes to your configuration, depending on how you're using the framework. It boils down to these 3 steps: 1. Update your database connection to use migrations 2. Remove the `SecretBox` parameter from `KeyManager` 3. Add a `PrivateKeyStore` parameter to `KeyManagementSystem` with a `SecretBox` that you were using before with `KeyManager` (and keep the same encryption key) * feat(key-manager): move private key storage to kms-local fixes #539 fixes #540 fixes #680 * feat(data-store): add migration of key stores * fix(data-store): fix usage of where clause for queries * refactor(kms-local): simplify constructor for KeyManagementSystem * style: remove scar tissue and unused code
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
It should be up to the KMS(
AbstractKeyManagementSystem
) implementations to decide how (and if) they store private key material.KMS implementations should not rely on a
privateKeyHex
field being supplied by thekey-manager
plugin.After #539 is implemented, the
key-manager
should not require aKeyStore
any moreConstraints:
key-manager
plugin (as any other agent plugin) should never be able to reach private key material directly.agent.yml
for CLI)The text was updated successfully, but these errors were encountered: