search

onflow / flow-cli

The Flow CLI is a command-line interface that provides useful utilities for building Flow applications
https://onflow.org
Apache License 2.0
208 stars 66 forks source link

Support other KMS providers (e.g. AWS) #436

Open muttoni opened 2 years ago

muttoni commented 2 years ago

Issue To Be Solved

Currently the Flow CLI only supports Google KMS.

Example:

...
"accounts": {
  "admin-account": {
    "address": "service",
    "key": {
        "type": "google-kms",
        "index": 0,
        "signatureAlgorithm": "ECDSA_P256",
        "hashAlgorithm": "SHA3_256",
        "resourceID": "projects/flow/locations/us/keyRings/foo/bar/cryptoKeyVersions/1"
    }
  }
}
...

You can also use a key management system (KMS) to sign the transactions. Currently, we only support Google KMS.

(Optional): Suggest A Solution

Add support for other KMS providers (e.g. aws-kms, azure-kms, etc), or provide sample on docs that shows workaround for other KMS providers if functionality already exists.

(Optional): Context

Requested on Discord

bluesign commented 1 year ago

btw most KMS's have a CLI to sign stuff, maybe adding one external signer type can be also useful.

Something like: ( command is totally randomly generated by me ) 

"accounts": {
  "admin-account": {
    "address": "service",
    "key": {
        "type": "CLI",
        "index": 0,
        "command": "blueKMS --keyId 1 --sigAlgo EP256 --hashAlgo sha3 --payload {payload}"  
    }
  }
}
sideninja commented 1 year ago

This could be an interesting idea yeah. I just added another type here which is of "file" type to replace from file.

sideninja commented 1 year ago

This has been implemented in Go SDK and should be possible to add https://github.com/onflow/flow-go-sdk

turbolent commented 5 months ago

For reference: