Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Vault for secret management and key rotation #57

Open
i5okie opened this issue Sep 16, 2024 · 0 comments
Open

Implement Vault for secret management and key rotation #57

i5okie opened this issue Sep 16, 2024 · 0 comments

Comments

@i5okie
Copy link
Contributor

i5okie commented Sep 16, 2024

Inventory of Credentials

Notes added after initial assessment

Secret Name Key Type Instances Notes
aries-endorser-agent admin-api-key API Key ACA-Py Agent Used by controllers, sometimes external, to authenticate with the Admin API. In the case of an endorser service the controller is the internal endorser API.
aries-endorser-agent webhook-url API Key ACA-Py Agent Only the API key portion of the webhook URL is rotatable. This is used by ACA-Py to authenticate with it's associated, sometimes external, controller's webhook endpoint. In the case of an endorser service the controller is the internal endorser API.
aries-endorser-agent-wallet-credentials DID DID ACA-Py Agent NOT Rotatable
aries-endorser-agent-wallet-credentials key Wallet Key ACA-Py Agent The wallet encryption key. The process to rotate wallet keys can be complicated.
aries-endorser-agent-wallet-credentials seed Wallet Seed ACA-Py Agent The DID's seed. The seed itself can not be rotated (confirm this), however the keys associated to a DID can be rotated. The process to rotate a DIDs keys can be complicated.
aries-endorser-api admin-api-key API Key Endorser API Used by controllers, possibly external, to authenticate with the endorser API.
aries-endorser-api webhook-api-key API Key Endorser API Used by the associated ACA-Py instance to authenticate with the endorsers webhook endpoint.
aries-endorser-db admin-password password Endorser DB The admin password for the database instance.
aries-endorser-db admin-user username Endorser DB The admin username for the database instance.
aries-endorser-db database-name database name Endorser DB NOT Rotatable
aries-endorser-db database-password password Endorser DB The password associated to the database-user account.
aries-endorser-db database-user username Endorser DB The username of the account used by the application for database access.
aries-endorser-wallet admin-password password ACA-Py Wallet Database The admin password for the wallet's database instance.
aries-endorser-wallet database-name database name ACA-Py Wallet Database NOT Rotatable
aries-endorser-wallet database-password password ACA-Py Wallet Database The password associated to the database-user account.
aries-endorser-wallet database-user username ACA-Py Wallet Database The username of the account used by the application for wallet database access.
@i5okie i5okie moved this to Assignment Ready in CDT Enterprise Apps Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Assignment Ready
Development

No branches or pull requests

1 participant