Akash Sovryn Node Challenge

Proposal for this challenge:

It looks like the challenge with running a Sovryn node on Akash will be getting the private keys and wallet configuration onto the containerized image without compromising security.

I propose to use a 1-time-use-API to send the necessary credentials to the containerized node image once it’s up and running. I did the pre-research but haven’t started on the code yet so I’m not sure if this will require any changes to the Sovryn node code itself, but I’m hoping it won’t.

I might need seed funding to pay for Akash network services to test the solution, once I have a prototype working.

1 Like

Hi @sarasioux I will send you funding for your project to get you started. Message me on Discord!

I spoke with @abozanich about your project and he asked if you are using HashiCorp’s Vault or something else.

I did a little research and made a list of open source solutions for managing secrets and keys for Akash deployments:
 Barbican - built for OpenStack OpenStack Key Manager (barbican) — Barbican 12.1.0.dev18 documentation / Barbican - OpenStack
 Castellan - built for OpenStack Castellan — castellan 3.8.1.dev1 documentation / Castellan - OpenStack
 Hashicorp Vault - probably the most popular https://www.vaultproject.io/ / GitHub - hashicorp/vault: A tool for secrets management, encryption as a service, and privileged access management
 KeyWhiz - Square’s open source project Keywhiz
 Confidant - Lyft’s open source Confidant: Your secret keeper
 Conjur - Kubernetes Authenticator
 EJSON - Shopify’s open source GitHub - Shopify/ejson: EJSON is a small library to manage encrypted secrets using asymmetric encryption.
 Knox - Pinterest’s open source GitHub - pinterest/knox: Knox is a secret management service
 Red October - Clouflare’s opensource GitHub - cloudflare/redoctober: Go server for two-man rule style file encryption and decryption.

I ended up getting much more complex, or simple depending on how you look at it. I’ll put together a write-up and update you here shortly. I got it up and running here: http://nba91b3rk5cq3dv01t8g4lghg0.ingress.sjc1p0.mainnet.akashian.io/ By just setting the wallet addresses in an environment variable in the deployment file. But then I wanted a little UI so I could play with my Sovryn node more easily and that’s where things got fun/interesting/complex.

Anyway, almost done and I’ll write it up, but I think the answer to your question is I didn’t use any key manager, I just made a disposable container that you can recreate at any time, and the keys are ephemeral in the environment.