Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove private key information access from the top-level key-manager plugin #540

Closed
mirceanis opened this issue May 28, 2021 · 0 comments · Fixed by #661
Closed

remove private key information access from the top-level key-manager plugin #540

mirceanis opened this issue May 28, 2021 · 0 comments · Fixed by #661
Assignees
Labels
enhancement New feature or request planned-feature don't close this just for being stale

Comments

@mirceanis
Copy link
Member

mirceanis commented May 28, 2021

It should be up to the KMS(AbstractKeyManagementSystem) implementations to decide how (and if) they store private key material.
KMS implementations should not rely on a privateKeyHex field being supplied by the key-manager plugin.
After #539 is implemented, the key-manager should not require a KeyStore any more

Constraints:

  • the key-manager plugin (as any other agent plugin) should never be able to reach private key material directly.
  • the core packages should still allow static configurations (like agent.yml for CLI)
  • migration to the new KMS should be seamless
@mirceanis mirceanis added enhancement New feature or request planned-feature don't close this just for being stale labels May 28, 2021
@mirceanis mirceanis self-assigned this Jul 12, 2021
mirceanis added a commit that referenced this issue Aug 6, 2021
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
mirceanis added a commit that referenced this issue Aug 20, 2021
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
mirceanis added a commit that referenced this issue Aug 24, 2021
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
mirceanis added a commit that referenced this issue Aug 25, 2021
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
mirceanis added a commit that referenced this issue Aug 31, 2021
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
mirceanis added a commit that referenced this issue Sep 1, 2021
BREAKING CHANGE: `keyManagetGet` no longer returns private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0

If you're already working with Veramo and wish to upgrade existing agents to veramo 3.0, you'll have to make some changes to your configuration, depending on how you're using the framework.

It boils down to these 3 steps:

1. Update your database connection to use migrations
2. Remove the `SecretBox` parameter from `KeyManager`
3. Add a `PrivateKeyStore` parameter to `KeyManagementSystem` with a `SecretBox` that you were using before with `KeyManager` (and keep the same encryption key)

* feat(key-manager): move private key storage to kms-local

fixes #539
fixes #540
fixes #680

* feat(data-store): add migration of key stores

* fix(data-store): fix usage of where clause for queries

* refactor(kms-local): simplify constructor for KeyManagementSystem

* style: remove scar tissue and unused code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request planned-feature don't close this just for being stale
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant