The example code for doing "secure" signing using ripple-lib shows the secret coming from environment variables, but doesn't show where it comes from. It's entirely possible it's either unencrypted at-rest on the disk or visible in the process list or bash history depending on how the user sets it.
We should build out some more elaborate, working examples of using secure signing configurations, including:
Using Vault or some other system to manage secrets and pass them to XRP Ledger apps/scripts (via environment variables??)
Using a hardware wallet, with demonstrating the actual flow (probably with screenshots or a video cast) for creating, signing, and submitting transactions this way, and how that can be incorporated into an app's design.
Storing secrets encrypted at-rest using a password manager and asking for user input when secrets are required.
q411
commented
3 years ago
The example code for doing "secure" signing using ripple-lib shows the secret coming from environment variables, but doesn't show where it comes from. It's entirely possible it's either unencrypted at-rest on the disk or visible in the process list or bash history depending on how the user sets it.
We should build out some more elaborate, working examples of using secure signing configurations, including: