Closed jmls closed 8 years ago
hmm, actually, looking at the code, it seems that you are passing an array of keys to the unseal, using sample .. this worries me on a couple of levels
primarily - I do not know all of the keys. I have 1 share. So when we need to unseal, several people have to post their share. How do I know when I have reached a threshold in order to call the unseal() ?
Secondly, what's the _.sample() function used for ?
Thirdly - I do not like the idea of the keys being stored in memory after the vault has been unsealed. This is a security risk
I've been considering changing this myself as the intent is for multiple parties to work together to unseal the Vault. From a simplicity / ease of use, I'm assuming it was done this way to that you can call init
and then chain unSeal
and the initialization and unsealing happening for you. But as your rightly point out, this means all the keys are together in one place which is a security hole.
I will look at doing something along the lines of the following:
unSeal
to accept a single keykeys
attribute obsolete or work on in DEV mode to aid in automated testing. (TBD)The _.sample
function from lodash basically says pick a random value from the Array such that only a single value is passed to the actual Vault API. That is why unSeal recursively calls itself until the Vault is unsealed.
You need to pass a share to the unseal function on vault : there is no documentation of the parameters required to unseal