Reading mnemonic from keychain

[0xlaine]

Idea

In thread with #39 I was thinking whether support should be added for reading the signer's mnemonic from the local device's keychain, rather than hardcoded config or ENV vars.

Keychains on Linux, Mac OS and Windows provides encrypted storage with access-gating by the logged in user, and should thus be a safer storage option than exporting ENV or saving static config files.

It should be opt-in and not the default option, to ensure that this is not a breaking change to terrain

Implementation

Expand on wallet:new (if #41 is accepted and merged) so it can --store-to-keychain=<name>. Name would be the name of the secret to register in the keychain, and it could default to signer_mnemonic or so.

Additionally a wallet:store command can be added to save either the content of a file (with a mnemonic) or via standard-in, into the keychain.

Finally, adding support for setting an env-var like SECRET_FROM_KEYCHAIN_NAME=<name> which would supercede all other secret vars or config, and instruct terrain to read the mnemonic from the keychain.

The node-js package keytar from https://github.com/atom/node-keytar works cross platform and has a very easy to use async interface for writing and reading keychain data. I have just verified it working on Ubuntu, mac OS and Windows without hassle.

[0xlaine]

@octalmage @emidev98 Thoughts - love it, hate it?

I'll be happy to provide a PR :)

[emidev98]

Hey, I like the approach that the mnemonics are stored safely and at the same time I like the approach of using a unique library that will fix the platform compatibility issue. I will check with the team and come back to you. Thanks!

[octalmage]

I would love this! I'm a big fan of node-keytar, I attempted to implement node-keytar in a way that could read from the same keystore that terrad uses. I think this would be ideal, but I was struggling to get it working.

[0xlaine]

I would love this! I'm a big fan of node-keytar, I attempted to implement node-keytar in a way that could read from the same keystore that terrad uses. I think this would be ideal, but I was struggling to get it working.

Cool, I will give it a stab and submit a PR when I have something working 👍

[0xlaine]

@octalmage @emidev98

Okay so I have been digging into how the terrad cli is storing the keys into the keychain (and the rabbit hole goes very deep now 😅 ).

From what I can gather the terra-money/cosmos-sdk keys command is Amino encoding it's storage... Clues:

• LocalInfo storage type defined here
• keyring writing w. encoding

There's also a terra-money/amino-js project however this is archived, and the amino-structs for the LocalInfo are outdated and therefore unable to decode (I have tried already, decoding throws byte-length errors).

A way forward:
Either terra-money resurrects the amino-js project and we update the structs, rebuild and publish a v4 of the package (as I assume the struct updates is a breaking change), or I fork it and create a separate package we can consume. I like the first approach best.

That is, if we wish to read and store in a terrad compatible way.

I will try with a local updated version of the amino-js library to verify that this path would indeed work, before we pursue any library resurrections.