Now that we have a prototypes and some demos, I want to start solving some of the remaining UX questions.
In the demo I gave Wednesday at the SIG-Registries meeting, the user private key was supplied by an environment variable, but that isn't really how we'll want to do that in the long run.
Is there a good password-manager style key store that we could connect to so that a user can run the CLI and authenticate with the store to pull down the key, sign their log records, and then immediately get rid of it?
https://docs.rs/keyring/1.2.1/keyring/ is popular; I haven't used it though
Keyring would be a good thing to support, but I'd also like a way for people to pull down a key from an external store or even send the record to some key vault and have it signed without the key coming down the machine at all.
I know this is something that e.g. Azure Key Vault could do, but I don't know of any user-facing services that would fit the profile
Its kind of a rabbit hole; a mature system would support https://en.wikipedia.org/wiki/PKCS_11 modules for example. As long as we expect it to be extensible in the future I wouldn't try to boil this particular ocean
Filed as https://github.com/bytecodealliance/registry/issues/67
Last updated: Dec 23 2024 at 12:05 UTC