Closed ryardley closed 1 week ago
ryardley
commented
2 weeks ago In Docker land - most secret providers - kubernetes - docker swarm - hashicorp vault - suggest reading from mounted files instead of env vars. We should provide a component like a 'PasswordManager' to read the secret from a given chmod 600 file within the docker container. /enclave/data/p or ~/.config/enclave/p
ryardley
commented
2 weeks ago Ethereum wallets could evetually be collected / generated by a web view onboarding see rocketpool's dappnode implementation https://github.com/dappnode/DAppNodePackage-rocketpool-testnet/tree/main/build/ui this means our daemon should be able to accept commands to encrypt the private key or at least on first launch if the key doesn't exist the cli component should ask the use for a private key which can then be encrypted and stored.
We will need to manage stuff that needs to be encrypted at rest (and probably also to be safe in memory):