-
Notifications
You must be signed in to change notification settings - Fork 305
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an encrypted config option to pcli (#4343)
This adds a new option to encrypt the `soft-kms` and `threshold` custody backends with a password, so that spend-key related material is encrypted at rest. This is implemented by: 1. Having a `pcli init --encrypted` flag that applies to both of these backends, which prompts a user for a password (and confirmation) before using that to encrypt the config. 2. Having a `pcli init re-encrypt` command to read an existing config and encrypt its backend, if necessary, to allow importing existing configs. This is also implemented internally in a lazy way, so that a password is only prompted when the custody services methods are actually called, allowing us to not need a password for view only commands. Closes #4293. - [x] If this code contains consensus-breaking changes, I have added the "consensus-breaking" label. Otherwise, I declare my belief that there are not consensus-breaking changes, for the following reason: > This is a client-only change. --------- Co-authored-by: cratelyn <[email protected]>
- Loading branch information
Showing
12 changed files
with
570 additions
and
99 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.