Open ratio91 opened 2 months ago
Sounds like a good idea. Could you elaborate more about how would you like to use docker secrets?
I would create a docker secret first (e.g. a keystorefile file or secret) using:
cat myKeyStoreFile.json | docker secret create signer1 -
Then I would load the secret which never get's persisted on the file system btw but are only stored in memory as data rafts. They only exist in a virtual filesystem managed by Docker, and they are only accessible to the containers that have been granted access to them.
load_cli_owners_from_file /run/secrets/signer1
Thanks for the explanation. We will add it to our roadmap, but if you want you can send a PR in the meantime and we will kindly review it
Copy-pasting seed phrases or private keys is highly insecure. Ledger and Trezor support is great, but also cumbersome. Ideally, encrypted keystore files could be supported where the passphrase would either needs to be entered interactively or via a secret. Docker swarm mode supports docker secrets, which allows accessing them under
/run/secrets/<secret_name>
.