Validator key encryption #151
Assignees
Labels
security
security fix or enhancement
Comments
|
In this document, we also recommended plaintext private key in .env file, which should be avoided. Please research and add support of encrypted key support. https://docs.story.foundation/docs/validator-operations#overview |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description and context
story client and cosmos clients in general use un-encrypted validator key files. This can be a security risk especially for bigger validators. We should provide better options for validators to safeguard their keys.
Suggested solution
There are certain existing solutions in cosmos ecosystem. But some of them only support ed25519 keys. tmkms can be an initial option since it requires no changes to the story client code. But the remote signing may not be reliable especially in unreliable network and faulty hardware.
A better approach is to load the encrypted keys and a separate passphrase from a remote server during the node startup and use the passphrase to decrypt and store the keys in memory.
Definition of done
Explore and find or design the right solution
Fully implement and test the solution
The text was updated successfully, but these errors were encountered: