From 7e360d95618c461d1c1a8f72ee4817013f7c7a77 Mon Sep 17 00:00:00 2001 From: Lucas Meier Date: Tue, 7 May 2024 07:06:53 -0700 Subject: [PATCH] Add documentation about new pcli commands --- docs/guide/src/pcli/wallet.md | 6 ++++-- docs/guide/src/pcli/wallet/softkms.md | 16 +++++++++++++++- docs/guide/src/pcli/wallet/threshold.md | 11 +++++++++++ 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/docs/guide/src/pcli/wallet.md b/docs/guide/src/pcli/wallet.md index 61ff6c56d8..caf2b01d20 100644 --- a/docs/guide/src/pcli/wallet.md +++ b/docs/guide/src/pcli/wallet.md @@ -8,9 +8,11 @@ custody backend used to store keys. There are currently three custody backends: 1. The [`softkms` backend](./wallet/softkms.md) is a good default choice for low-security use cases. It stores keys unencrypted in a local config file. -2. The [threshold backend](./wallet/threshold.md) is a good choice for high-security use cases. It provides a shielded multisig, with key material sharded over multiple computers. +2. The [`threshold` backend](./wallet/threshold.md) is a good choice for high-security use cases. It provides a shielded multisig, with key material sharded over multiple computers. 3. The `view-only` backend has no custody at all and only has access to viewing keys. +Furthermore, `softkms` and `threshold` allow encrypting the spend-key related material with a password. + After running `pcli init` with one of the backends described above, `pcli` will be initialized. ## Shielded accounts @@ -100,4 +102,4 @@ definition updates or governance votes, this is possible: - To sign a validator vote over an airgap, produce a signature on the airgapped machine or machines using `pcli validator vote sign`, then upload the vote on a networked machine, after copying the signature across the airgap, using `pcli validator vote cast` with the optional `--signature` flag - to specify the externally-produced signature for the vote. \ No newline at end of file + to specify the externally-produced signature for the vote. diff --git a/docs/guide/src/pcli/wallet/softkms.md b/docs/guide/src/pcli/wallet/softkms.md index 6a93aa2de4..31600f6012 100644 --- a/docs/guide/src/pcli/wallet/softkms.md +++ b/docs/guide/src/pcli/wallet/softkms.md @@ -17,4 +17,18 @@ Alternatively, to import an existing wallet, try $ pcli init soft-kms import-phrase Enter seed phrase: Writing generated config to [PATH TO PCLI DATA] -``` \ No newline at end of file +``` + +## Encryption + +A password can be used to generate an encrypted config via: +```bash +$ pcli init --encrypted soft-kms ... +``` +with either the `generate`, or the `import-phrase` command. + +Furthermore, an existing config can be converted to an encrypted one with: +```bash +$ pcli init re-encrypt +``` + diff --git a/docs/guide/src/pcli/wallet/threshold.md b/docs/guide/src/pcli/wallet/threshold.md index 1ab80a557f..75cfc6f634 100644 --- a/docs/guide/src/pcli/wallet/threshold.md +++ b/docs/guide/src/pcli/wallet/threshold.md @@ -81,3 +81,14 @@ the participants securely. An end-to-end example of how this process works is captured in this video: [https://twitter.com/penumbrazone/status/1732844637180862603](https://twitter.com/penumbrazone/status/1732844637180862603) +## Encryption + +A password can be used to generate an encrypted config via: +```bash +$ pcli init --encrypted threshold dkg ... +``` + +Furthermore, an existing config can be converted to an encrypted one with: +```bash +$ pcli init re-encrypt +```