Skip to content
/ vault-plugin-secrets-iden3 Public

Modification of vault-plugin-secrets-kv/v1 with signing capability

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iden3/vault-plugin-secrets-iden3

BranchesTags

Repository files navigation

vault-plugin-secrets-iden3

Modification of vault-plugin-secrets-kv/v1 with signing capability.

Build plugin

cd cmd/vault-plugin-secrets-iden3
go build

Install plugin

cd <path_to_vault_plugins_dir>
rm vault-plugin-secrets-iden3
# copy binary plugin to vault's plugins directory
cp <path_to_vault_plugin_secrets_bjj>/cmd/vault-plugin-secrets-iden3/vault-plugin-secrets-iden3 ./
# get sha265 of plugin binary
openssl dgst -sha256 vault-plugin-secrets-iden3
# register plugin with vault
vault plugin register -sha256=<checksum from previous step> vault-plugin-secrets-iden3
# if plugin was registered earlier, reload it.
vault plugin reload -plugin=vault-plugin-secrets-iden3

Enable secret engine

vault secrets enable -path=bjjkeys vault-plugin-secrets-iden3

Use of plugin

# Generate new random key.
# key_type may be either "ethereum" or "babyjubjub"
vault write bjjkeys/new/key1 key_type=ethereum
# Generate new random key annotated with some metadata.
vault write bjjkeys/new/key2 key_type=babyjubjub extra1=value1 extra2=value2

# List keys
vault list bjjkeys/keys
# Keys
# ----
# key1
# key2

# Read key data
vault read bjjkeys/keys/key2
# Key           Value
# ---           -----
# extra1         value1
# extra2         value2
# key_type       babyjubjub
# public_key     e15da94d881ce6f83dd159ea99675200a731be95fa71740a94628ed219f0690a

# Get key data with private key
vault read bjjkeys/private/key2
# Key           Value
# ---           -----
# extra1         value1
# extra2         value2
# key_type       babyjubjub
# private_key    9655feb98b2680723401867222d1250010dbd6001198ecd35333cad7a8de5a61
# public_key     e15da94d881ce6f83dd159ea99675200a731be95fa71740a94628ed219f0690a

# Move key2 to old_keys/key3
vault write bjjkeys/move/key2 dest=bjjkeys/keys/old_keys/key3

# Sign data with key.
# For BJJ key data should be a hex representation of little endian encoded int.
# For ethereum key it should be a hex encoded 32-bytes hash.
vault read bjjkeys/sign/key1 \
  data=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# Key          Value
# ---          -----
# data         0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# signature    cbe3edf96251643c538fe7535cd06105c20f707ae71b309d67f895d2221615e22ef64e5556f50d1d4bf879dc4f1f5a33093488843a82230a6561b9e69e08754501

# Import new private key into vault
vault write bjjkeys/import/key4 \
  key_type=ethereum \
  private_key=052e6bb7a24a3e0eb049d5dff3125cc52285252f33022ce8d150fcf6784a5a73
# or
vault kv put bjjkeys/import/key5 \
  key_type=babyjubjub \
  private_key=e40459d3db390b67b42d31fc89c7500b54b131a9f3acf156cfa1a24272f58900 \
  extra_field=value1

# Delete key
vault delete bjjsecret4/keys/old_keys/key3

About

Modification of vault-plugin-secrets-kv/v1 with signing capability

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases 8

v0.0.8 Latest
Oct 17, 2024
+ 7 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages