Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(key-manager): move private key storage to kms-local #661

Merged
merged 5 commits into from
Sep 1, 2021
Merged

feat(key-manager): move private key storage to kms-local #661

merged 5 commits into from
Sep 1, 2021

Conversation

mirceanis
Copy link
Member

@mirceanis mirceanis commented Aug 11, 2021
edited
Loading

What's new

  • @veramo/key-manager no longer holds private key material
  • @veramo/kms-local gets its own PrivateKeyStore
  • Keys and DIDs are easier to import.
const managedKeyInfo = await agent.keyManagerImport({
        kms: 'local',
        type: <TKeyType>'Secp256k1',
        privateKeyHex: '31d1ec1...5f8655ec63',
        kid: 'this is optional'
        // all other properties are derived by KMS
      })

How to upgrade

If you're already working with Veramo and wish to upgrade existing agents to veramo 3.0, you'll have to make some changes to your configuration, depending on how you're using the framework.

It boils down to these 3 steps:

  1. Update your database connection to use migrations
  2. Remove the SecretBox parameter from KeyManager
  3. Add a PrivateKeyStore parameter to KeyManagementSystem with a SecretBox that you were using before with KeyManager (and keep the same encryption key)

Typescript app config changes

If your agents are part of a typescript app, these changes will look like this:

import {
  // ...
  migrations, // 0. import default veramo migrations
  PrivateKeyStore
} from '@veramo/data-store'

// 1. update your connection config to use migrations
dbConnection = createConnection({
    // ...
    synchronize: false, // switch this to false
    migrations,         // add default veramo migrations
    migrationsRun: true,// add this flag
  })

const agent = createAgent<>({
// ...
    plugins: [
      // 2. key manager: remove SecretBox param
      new KeyManager({
        store: new KeyStore(dbConnection),
        kms: {
          // 3. kms-local: add PrivateKeyStore with SecretBox
          local: new KeyManagementSystem(new PrivateKeyStore(dbConnection, new SecretBox(secretKey))),
        },
      }),
      // ...
    ]})

CLI config changes

# 0. update the version for your config file
version: 3.0
# ...

# 1. update your database connection to use migrations
dbConnection:
  $require: typeorm?t=function#createConnection
  $args:
    - type: sqlite
      database:
        $ref: /constants/databaseFile
      synchronize: false  # switch off synchronize
      migrationsRun: true # turn on migrations
      migrations:         # use veramo default migrations
        $require: '@veramo/data-store?t=object#migrations'
      logging: false
      entities:
        $require: '@veramo/data-store?t=object#Entities'

# then update your keyManager config:
keyManager:
  $require: '@veramo/key-manager#KeyManager'
  $args:
    - store:
        $require: '@veramo/data-store#KeyStore'
        $args:
          - $ref: /dbConnection
          # 2. remove the SecretBox argument from KeyManager
      kms:
        local:
          $require: '@veramo/kms-local#KeyManagementSystem'
          $args:
            - $require: '@veramo/data-store#PrivateKeyStore'
              $args:
                - $ref: /dbConnection
                # 3. add the SecretBox argument from KeyManager to your PrivateKeyStore
                - $require: '@veramo/kms-local#SecretBox'
                  $args:
                    - $ref: /constants/secretKey

fixes #539
fixes #540
fixes #680

BREAKING CHANGE: keyManagetGet no longer returns private key data
BREAKING CHANGE: KeyStore no longer requires a SecretBox
BREAKING CHANGE: KeyManagementSystem needs a PrivateKeyStore
BREAKING CHANGE: @veramo/cli configuration version update to 3.0

@mirceanis mirceanis force-pushed the 539-add-storage-to-kms-local branch 2 times, most recently from 9bd943f to a1401c3 Compare August 20, 2021 12:10
@codecov
Copy link

codecov bot commented Aug 20, 2021
edited
Loading

Codecov Report

Merging #661 (6324634) into next (88264db) will increase coverage by 11.61%.
The diff coverage is 76.57%.

❗ Current head 6324634 differs from pull request most recent head c6b0594. Consider uploading reports for the commit c6b0594 to get more accurate results

@@             Coverage Diff             @@
##             next     #661       +/-   ##
===========================================
+ Coverage   67.58%   79.19%   +11.61%     
===========================================
  Files          62       85       +23     
  Lines        1530     2591     +1061     
  Branches      247      439      +192     
===========================================
+ Hits         1034     2052     +1018     
- Misses        400      537      +137     
+ Partials       96        2       -94

@mirceanis mirceanis mentioned this pull request Aug 20, 2021
Closed
@mirceanis mirceanis mentioned this pull request Aug 24, 2021
Closed
@mirceanis mirceanis mentioned this pull request Aug 26, 2021
Closed
@mirceanis
feat(key-manager): move private key storage to kms-local
11ce073 
fixes #539
fixes #540

BREAKING CHANGE: `keyManagetGet` no longer includes private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0
@mirceanis
feat(data-store): add migration of key stores
aa10fce
@mirceanis mirceanis marked this pull request as ready for review August 31, 2021 15:43
simonas-notcat
simonas-notcat approved these changes Sep 1, 2021
View reviewed changes
Copy link
Contributor

@simonas-notcat simonas-notcat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job @mirceanis !

@mirceanis mirceanis merged commit 6b1d135 into next Sep 1, 2021
@mirceanis mirceanis deleted the 539-add-storage-to-kms-local branch September 1, 2021 08:38
@mirceanis mirceanis mentioned this pull request Sep 20, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kdenhartog kdenhartog kdenhartog left review comments

@simonas-notcat simonas-notcat simonas-notcat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@mirceanis @simonas-notcat @kdenhartog