New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reputation module #23
Conversation
bf40e31
to
d520ffa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some small things it looks mostly good.
It looks pretty good, the only part I'm concerned about is relying on AWS KMS for just one piece of functionality. We shouldn't rely on the cloud given what Heifer have said already about not wanting it and i think multiple cloud providers will just make it more complicated. A quick look online suggests to me that people use it because it supports the signing algo that eth uses, but there probably is more to that in the form of availability. The standard for open source key and secret management is Hashicorp Vault and I was thinking it might be a decent alternative? By itself it looks like it doens't have the functionality but the gap can be closed with plugins and software.
My (mis-)understanding is probably obvious but we can go through it in the PR run though to get a clearer picture! Other than that I can't wait to see it in action! |
The ideal solution is an HSM however most solutions are too expensive for the pilot. For a quicker setup, we focused on on KMS solutions such as Vault and AWS. Vault requires more upfront setup (larger learning curve for the server/backend components) and maintenance (since its open source we need remove as much maintenance as possible). Vault also seems like it will be a more expensive solution as its starter prices is .50 cents an hour which is around $360 a month. AWS KMS is a fully managed solution (no maintenance required) which I was able to setup in a day. Check out this post on a similar idea (this one is a little different as the signer functions are encapsulated in lambda functions but the use of KMS is the same). |
…ads generated Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
…ads generated Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
…tions and also update their values Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
…mplate, new endpoints for cropTemplate management Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
Signed-off-by: JonathanScialpi <scialpi27@gmail.com>
b291c1b
to
0e06182
Compare
Vault is open source (the core of it is free and there's enterprise features on top for a fee) and free which is really the only 2 reasons I'm suggesting it, but you're right KMS is less of a headache because it's a managed for us and more importantly there are examples on the internet on our use case. With vault I think we'll have to figure it out from deploying and configuring vault to integrating it with the code because there are few samples on the internet. The main reason I was discounting the maintenance and setup costs is because in terms of infrastructure we're already running on a Kubernetes cluster and deploying new software is made easy via infra as code projects like helm. I think it's good to merge in since the other stuff is fixed because as always the work and feature is more important than problems but maybe in the future we can look to migrating to vault. Vault Source: https://github.com/hashicorp/vault |
Good points and I agree that it might be worth while to look into being that we already have Kubernetes running (didn't realize that) |
This branch includes: