Amend grant agreement secret management #2309
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Amendment
Upon further evaluation, it turned out that requiring Vault to run a validator adds unnecessary complexity for no real benefit to users that don't already utilize Vault. Effectively, at the moment, Vault would only be used to deliver already existing credentials to a single validator. So even though it would be possible to automatically spin up a Vault cluster alongside the validator, it would neither increase security nor ergonomics of Dotnix. The fact that the validator secrets have to exist unencrypted on the filesystem anyway allows for a simpler implementation where the user can manage secrets using a command line utility with no need for additionally running services.
This does not prevent a future integration with Vault, but creates a base line and a convenient interface for the user.
We already have implemented a succeeding test scenario that provides secrets from Vault to the validator.
This work has been pushed to will be kept for future reference in a separate branch: https://github.com/sporyon/dotnix-core/compare/vault