You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once we have the ability to use PK_RECOVERY_CODE to automatically bootstrap the PK keynodes, we need to create at least 1 recovery code and 1 root key to be used.
The recovery code must be kept secret. I'll maintain this right now. The root key will be inside AWS's block device mounted into the ECS container and this will be kept safe inside AWS.
The recovery code will need to be used as an environment variable for ECS for the testnet.
Eventually we can store the recovery code inside a running Polykey node, and make use of AWS integrations, like our wiki page: "Service Deployment Secrets with AWS ECS".
Doing this should ensure that we don't need to maintain the volume state mounted in to the ECS container, it just has to be mutable, but it can be deleted, since everything can be recovered.
Tasks
- Use pk bootstrap locally to generate a recovery code and root key.
- Save the recovery code securely.
- Try using pk bootstrap on a different directory and see if the same root key is used. Compare them.
- Delete the root key.
- Use the recovery code for ECS Task Definition
This will be done for 1 single testnet node. We can scale this up later.
Once we have the ability to use
PK_RECOVERY_CODEto automatically bootstrap the PK keynodes, we need to create at least 1 recovery code and 1 root key to be used.The recovery code must be kept secret. I'll maintain this right now. The root key will be inside AWS's block device mounted into the ECS container and this will be kept safe inside AWS.
The recovery code will need to be used as an environment variable for ECS for the testnet.
Eventually we can store the recovery code inside a running Polykey node, and make use of AWS integrations, like our wiki page: "Service Deployment Secrets with AWS ECS".
Doing this should ensure that we don't need to maintain the volume state mounted in to the ECS container, it just has to be mutable, but it can be deleted, since everything can be recovered.
Tasks
pk bootstraplocally to generate a recovery code and root key.pk bootstrapon a different directory and see if the same root key is used. Compare them.This will be done for 1 single testnet node. We can scale this up later.