relaycorp / awala-keystore-cloud-js Goto Github PK
View Code? Open in Web Editor NEWMulti-cloud Awala Key Store for server-side Node.js apps
Home Page: https://docs.relaycorp.tech/awala-keystore-cloud-js/
License: MIT License
Multi-cloud Awala Key Store for server-side Node.js apps
Home Page: https://docs.relaycorp.tech/awala-keystore-cloud-js/
License: MIT License
https://github.com/nsmithuk/local-kms
Just like we're doing in VeraId Authority.
This requires #174, which only supports RSA-PSS as of this writing, so we'd need some solution for session keys (encryption).
Instead of using the initial root token. See: https://www.vaultproject.io/docs/auth/kubernetes/
This will require changing keystore-vault to renew the token periodically: https://www.vaultproject.io/api-docs/auth/token#renew-a-token
See notes #1
https://github.com/relaycorp/keystore-vault-js
And archive the repo.
To make the code more maintainable and easy to test.
It could be a much simpler version of https://github.com/relaycorp/relaynet-pong/tree/master/src/functional_tests
main
branch failed. π¨I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. Iβm sure you can fix this πͺ.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the main
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here are some links that can help you:
If those donβt help, or if this issue is reporting something you think isnβt right, you can always ask the humans behind semantic-release.
An npm token must be created and set in the NPM_TOKEN
environment variable on your CI environment.
Please make sure to create an npm token and to set it in the NPM_TOKEN
environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/
.
Good luck with your project β¨
Your semantic-release bot π¦π
This is what the apps will actually be using.
Also remove any other export
from index.ts
when this is done.
The current implementation, where everything is a library, makes it hard/impossible to distribute migration scripts, as every app would have its own migration system.
Most of the code in this library to be moved to a microservice -- basically anything that interacts with the underlying backings services (e.g., Vault). Then this library would become a very thin client to that microservice.
None
None
(Bound key: A session key that can only be used with a specific recipient; unbound key: A node key or an initial session key)
Bound keys should expire after whatever TTL is set in Vault, but unbound keys should normally be kept around for much longer, so that default TTL should be overridden when unbound keys are created (which requires making a second API call unfortunately).
This is currently blocked by relaycorp/relaynet-core-js#453
See: https://cloud.google.com/kms/docs/additional-authenticated-data
GCP KMS/HSM doesn't support any (EC)DH algorithm, so as a workaround we're having to use envelope encryption with a Cloud KMS-backed symmetric key and the wrapped key stored in Datastore.
This means that the app has direct access to the ECDH private key and resulting shared key.
The option to have ECDH session keys stored in Cloud KMS/HSM.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.