Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add da client can be initialized with the gcs seed #97

Merged
merged 2 commits into from
Dec 6, 2024
Merged

feat: add da client can be initialized with the gcs seed #97

merged 2 commits into from
Dec 6, 2024

Conversation

JayT106
Copy link
Contributor

@JayT106 JayT106 commented Nov 8, 2024
edited
Loading

Implement DA client can init with a encrypted seed from google cloud storage. The encrypted seed has been encrypted by a HSM key stored in google KMS.

There are 3 environment variables need to be setup for enabling this feature.

DA_SECRETS_FROM_GCS="true"
DA_SECRETS_GCS_BUCKET_NAME="cronos-zkevm-encrypt-seed--bucket-test"
DA_SECRETS_KMS_DECRYPT_KEY_NAME="projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op"

Note:
There is a tooling can generate a random seed, encrypted with the assigned kms key, and then upload to the gcs bucket.
https://github.com/JayT106/avail-seed-with-kms/blob/main/src/main.rs

run avail-seed-with-kms  [kms key path] [gcs bucket name]

i.e.
avail-seed-with-kms projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op  cronos-zkevm-encrypt-seed--bucket-test

@JayT106 JayT106 self-assigned this Nov 8, 2024
@JayT106 JayT106 marked this pull request as draft November 8, 2024 01:33
@JayT106 JayT106 marked this pull request as draft November 8, 2024 01:33
@JayT106 JayT106 force-pushed the jt/da-seed-from-gcs branch from 2020bc0 to ba7295d Compare November 8, 2024 03:04
@JayT106 JayT106 changed the title add da client can init with gcs seed feat: add da client can be initialized with the gcs seed Nov 8, 2024
@JayT106 JayT106 marked this pull request as ready for review November 8, 2024 03:14
@JayT106 JayT106 requested a review from thomas-nguy November 8, 2024 03:28
thomas-nguy
thomas-nguy reviewed Nov 21, 2024
View reviewed changes
Copy link
Member

@thomas-nguy thomas-nguy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good however not sure it is relevant in this cronos version.

could you open up a PR upstream and see if they would like to merge it?

@JayT106
Copy link
Contributor Author

JayT106 commented Nov 21, 2024

Implement DA client can init with a encrypted seed from google cloud storage. The encrypted seed has been encrypted by a HSM key stored in google KMS.

There are 3 environment variables need to be setup for enabling this feature.

DA_SECRETS_FROM_GCS="true" DA_SECRETS_GCS_BUCKET_NAME="cronos-zkevm-encrypt-seed--bucket-test" DA_SECRETS_KMS_DECRYPT_KEY_NAME="projects/zkevm-research/locations/northamerica-northeast2/keyRings/gkms_signer_test/cryptoKeys/avail-signer-seed-op"

looks good however not sure it is relevant in this cronos version.

could you open up a PR upstream and see if they would like to merge it?

Open an PR
matter-labs/zksync-era#3315

@thomas-nguy
Copy link
Member

Okay to merge because it seems harmless and its a mini improvement.

Some changes is being done on the DA layer with the gateway integration. Will see if it is still useful in later version

@thomas-nguy thomas-nguy merged commit 7d409c7 into cronos-v25.0.0 Dec 6, 2024
19 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomas-nguy thomas-nguy thomas-nguy left review comments

Assignees

@JayT106 JayT106

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JayT106 @thomas-nguy