We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.
Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.
I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!
We can generate effectively unlimited number of keys from one private seed (supplied in env variable) and account name. Ideally that would happen on some kind of HSM, but I think it is out of scope for MVP.
Looking for feedback on this.
We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.
Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.
I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!