Stream: warg

Topic: User Key Management


view this post on Zulip Robin Brown (Jan 27 2023 at 15:47):

Now that we have a prototypes and some demos, I want to start solving some of the remaining UX questions.
In the demo I gave Wednesday at the SIG-Registries meeting, the user private key was supplied by an environment variable, but that isn't really how we'll want to do that in the long run.

Is there a good password-manager style key store that we could connect to so that a user can run the CLI and authenticate with the store to pull down the key, sign their log records, and then immediately get rid of it?

view this post on Zulip Lann Martin (Jan 27 2023 at 15:58):

https://docs.rs/keyring/1.2.1/keyring/ is popular; I haven't used it though

view this post on Zulip Robin Brown (Jan 27 2023 at 16:00):

Keyring would be a good thing to support, but I'd also like a way for people to pull down a key from an external store or even send the record to some key vault and have it signed without the key coming down the machine at all.

view this post on Zulip Robin Brown (Jan 27 2023 at 16:00):

I know this is something that e.g. Azure Key Vault could do, but I don't know of any user-facing services that would fit the profile

view this post on Zulip Lann Martin (Jan 27 2023 at 16:04):

Its kind of a rabbit hole; a mature system would support https://en.wikipedia.org/wiki/PKCS_11 modules for example. As long as we expect it to be extensible in the future I wouldn't try to boil this particular ocean

view this post on Zulip Robin Brown (Jan 27 2023 at 16:08):

Filed as https://github.com/bytecodealliance/registry/issues/67

The warg CLI should allow user signing keys to be pulled from keyring

Last updated: Dec 23 2024 at 12:05 UTC