flow-cli
flow-cli copied to clipboard
onflow
Support other KMS providers (e.g. AWS)
Issue To Be Solved
Currently the Flow CLI only supports Google KMS.
Example:
...
"accounts": {
"admin-account": {
"address": "service",
"key": {
"type": "google-kms",
"index": 0,
"signatureAlgorithm": "ECDSA_P256",
"hashAlgorithm": "SHA3_256",
"resourceID": "projects/flow/locations/us/keyRings/foo/bar/cryptoKeyVersions/1"
}
}
}
...
You can also use a key management system (KMS) to sign the transactions. Currently, we only support Google KMS.
(Optional): Suggest A Solution
Add support for other KMS providers (e.g. aws-kms, azure-kms, etc), or provide sample on docs that shows workaround for other KMS providers if functionality already exists.
(Optional): Context
Requested on Discord
btw most KMS's have a CLI to sign stuff, maybe adding one external signer type can be also useful.
Something like: ( command is totally randomly generated by me )
"accounts": {
"admin-account": {
"address": "service",
"key": {
"type": "CLI",
"index": 0,
"command": "blueKMS --keyId 1 --sigAlgo EP256 --hashAlgo sha3 --payload {payload}"
}
}
}
This could be an interesting idea yeah. I just added another type here which is of "file" type to replace from file.
This has been implemented in Go SDK and should be possible to add https://github.com/onflow/flow-go-sdk
For reference:
- Support in Flow Go SDK: https://github.com/onflow/flow-go-sdk/tree/master/crypto/awskms
- KMS config option in CLI: https://github.com/onflow/flowkit/blob/6a5d2696cb01397c4d373628683f716ba65fccf5/config/config.go#L48
