Where/How to Store Private Keys for Web Wallet 2FA Support? #149
Labels
enhancement
New feature or request
Milestone
Comments
mattlockyer
changed the title
|
We can generate effectively unlimited number of keys from one private seed (supplied in env variable) and account name. Ideally that would happen on some kind of HSM, but I think it is out of scope for MVP. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looking for feedback on this.
We need to come up with a secure method of storing our keys that provide the 2nd Factor for users that have enabled 2FA with web wallet.
Since we need the keys to be usable we will have to have access via code + env vars, but they should be encrypted at rest.
I'm a little in the dark re: this repo's deployment, where the postgres database is hosted, if there are any protections already in place and if they are sufficient. Please illuminate!
The text was updated successfully, but these errors were encountered: