Add a backup feature to the web3signer

tropicar commented 2 years ago

Is your feature request related to a problem? Please describe.

Since we added the infrastructure of Web3signer + consensus client, we dont have an easy way(from the UI) to do a backup of the keystores in the same way we had before when we only had Prysm client.

The previous backup feature was possible because the keystores were in the validator service of the Prysm client, so we only copied those files and restored them from the UI. But now its different, the keystore files are in the web3signer package so we have to add the feature in the web3signer package but we have to deal with some difficulties related to this topic.

Describe the solution you'd like

The solution is to add the backup feature to the package: this solves the main problem. But we have to solve some issues which appear if we do this. Firstly, we have to mention 2 important files here: the keystore files and the slashing protection database.

The keystore files we simply can download the files by adding the backup feature in the manifest(/opt/web3signer/keyfiles/data/keyfiles). That is ok, but we have to do some checks and be careful to avoid any situation where a double sign can be done.

We have to test and be 100% the dopelganger protection of EVERY consensus client works. The way to test this: download the keystores, and restore it and check if in testnet the double sign happens.
Add in this specific kind of package, that the backup feature is used only for backups and you need to wait for 5 epochs before restoring it.

Describe alternatives you've considered

Another possible solution maybe would be to download the slashing protection database, but you can only download the Postgres database with specific tools or calls to the web3signer, in the same way, we have this feature in the webs3signer UI.

┆Issue is synchronized with this Basecamp todo by Unito

pablomendezroyo commented 2 years ago

@tropicar Should the backup option be available instead from the keymanager UI? from there we can ask users to download the database also

tropicar commented 2 years ago

I dont have a strong opinion if its better to have the backup on the web3signer UI or dappnode UI, the case is to have an easy option.

pablomendezroyo commented 1 year ago

@dsimog01 Should we consider allowing users to download keystores as a backup from the brain?

dsimog01 commented 1 year ago

The signer and the validator will not return the keystores, so we would need to store them in a DB. I do not think this is a good option....

pablomendezroyo commented 1 year ago

Implemented!

dappnode / DAppNode

Add a backup feature to the web3signer #496