Web3Signer is an open-source signing service capable of signing on multiple platforms (Ethereum1 and 2, Filecoin) using private keys stored in an external vault, or encrypted on a disk.
As it stands, any user able to access that port (e.g. via kubectl port-forward) can easily make authenticated requests to Vault via port 8200. Being able to send requests via a unix socket would improve the situation.
I'm currently running a Vault Proxy sidecar alongside Web3Signer to handle auth and forward requests to Vault.
Each key file looks something like this:
In order to improve security (and, to a minimal extent, performance), it would be great to be able to configure Vault Proxy to use unix sockets:
and then specify:
Rather than:
As it stands, any user able to access that port (e.g. via
kubectl port-forward
) can easily make authenticated requests to Vault via port 8200. Being able to send requests via a unix socket would improve the situation.