Reputation module

[JonathanScialpi]

This branch includes:

• UI component to create a new CropTemplate OR apply an existing one to a Crop/Field/Subfiled
• Integration with AWS KMS
• Integration with Ethers.js
• A signer Class capable of creating, getting, and signing with CMKs (Customer Managed Keys)
• Integration with Colony SDK
• Mongoose DB Entities for CropTemplate and Farmer (updated to store a keyID),
• Simple Calculation function to generate payload amount

[rayoz12]

Just some small things it looks mostly good.

[rayoz12]

It looks pretty good, the only part I'm concerned about is relying on AWS KMS for just one piece of functionality. We shouldn't rely on the cloud given what Heifer have said already about not wanting it and i think multiple cloud providers will just make it more complicated. A quick look online suggests to me that people use it because it supports the signing algo that eth uses, but there probably is more to that in the form of availability.

The standard for open source key and secret management is Hashicorp Vault and I was thinking it might be a decent alternative? By itself it looks like it doens't have the functionality but the gap can be closed with plugins and software.

• https://github.com/ConsenSys/ethsigner
  • Backed by Vault
• https://github.com/kaleido-io/vault-plugin-secrets-ethsign

My (mis-)understanding is probably obvious but we can go through it in the PR run though to get a clearer picture!

Other than that I can't wait to see it in action!

[JonathanScialpi]

The ideal solution is an HSM however most solutions are too expensive for the pilot. For a quicker setup, we focused on on KMS solutions such as Vault and AWS. Vault requires more upfront setup (larger learning curve for the server/backend components) and maintenance (since its open source we need remove as much maintenance as possible). Vault also seems like it will be a more expensive solution as its starter prices is .50 cents an hour which is around $360 a month.

AWS KMS is a fully managed solution (no maintenance required) which I was able to setup in a day.

Check out this post on a similar idea (this one is a little different as the signer functions are encapsulated in lambda functions but the use of KMS is the same).

[rayoz12]

Vault is open source (the core of it is free and there's enterprise features on top for a fee) and free which is really the only 2 reasons I'm suggesting it, but you're right KMS is less of a headache because it's a managed for us and more importantly there are examples on the internet on our use case. With vault I think we'll have to figure it out from deploying and configuring vault to integrating it with the code because there are few samples on the internet.

The main reason I was discounting the maintenance and setup costs is because in terms of infrastructure we're already running on a Kubernetes cluster and deploying new software is made easy via infra as code projects like helm.

I think it's good to merge in since the other stuff is fixed because as always the work and feature is more important than problems but maybe in the future we can look to migrating to vault.

Vault Source: https://github.com/hashicorp/vault
Kubernetes Integration: https://www.vaultproject.io/docs/platform/k8s

[JonathanScialpi]

Vault is open source (the core of it is free and there's enterprise features on top for a fee) and free which is really the only 2 reasons I'm suggesting it, but you're right KMS is less of a headache because it's a managed for us and more importantly there are examples on the internet on our use case. With vault I think we'll have to figure it out from deploying and configuring vault to integrating it with the code because there are few samples on the internet.

The main reason I was discounting the maintenance and setup costs is because in terms of infrastructure we're already running on a Kubernetes cluster and deploying new software is made easy via infra as code projects like helm.

I think it's good to merge in since the other stuff is fixed because as always the work and feature is more important than problems but maybe in the future we can look to migrating to vault.

Vault Source: https://github.com/hashicorp/vault Kubernetes Integration: https://www.vaultproject.io/docs/platform/k8s

Good points and I agree that it might be worth while to look into being that we already have Kubernetes running (didn't realize that)