search

sam-goodwin / cdk3

CDK Construct Library for web3.
Apache License 2.0
11 stars 1 forks source link

Generate KeyStore password and store in a separate Secret. #14

Closed sam-goodwin closed 2 years ago

sam-goodwin commented 3 years ago

The Wallet Construct stores the private key data encrypted with KMS in a Secret. That data is, however, doubly encrypted since it is also stored a password-encrypted V3 keystore using ethereumwalletjs's API. For now, this password is hard-coded as "password" and we rely entirely on AWS KMS and Secrets. To improve the security, the CFN Resource should instead generate a high-entropy password and store it in a separate Secret so that an attacker would need to gain access to both Secrets to crack the wallet.

sam-goodwin commented 3 years ago

Related #10

github-actions[bot] commented 2 years ago

This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon.

github-actions[bot] commented 2 years ago

Closing this issue as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen.