tmkms 0.15.0

Tendermint Key Management System: provides isolated, optionally HSM-backed signing key management for Tendermint applications including validators, oracles, IBC relayers, and other transaction signing applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

//! Configuration for the Fortanix DSM backend

use super::KeyType;
use crate::chain;
use sdkms::api_model::SobjectDescriptor;
use serde::Deserialize;
use uuid::Uuid;

/// The (optional) `[providers.fortanixdsm]` config section
#[derive(Clone, Deserialize, Debug)]
#[serde(deny_unknown_fields)]
pub struct FortanixDsmConfig {
    /// Fortanix DSM API endpoint, e.g. <https://amer.smartkey.io>
    pub api_endpoint: String,

    /// API key for authenticating to DSM
    pub api_key: String,

    /// List of signing keys
    #[serde(default)]
    pub signing_keys: Vec<SigningKeyConfig>,
}

/// Signing key configuration
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct SigningKeyConfig {
    /// Chains this signing key is authorized to be used from
    pub chain_ids: Vec<chain::Id>,

    /// Signing key descriptor
    #[serde(flatten)]
    pub key: KeyDescriptor,

    /// Type of key
    #[serde(default, rename = "type")]
    pub key_type: KeyType,
}

/// A key (i.e. security object) stored in Fortanix DSM
#[derive(Clone, Debug, Deserialize)]
#[serde(deny_unknown_fields, rename_all = "snake_case")]
pub enum KeyDescriptor {
    /// Specify a DSM key by its unique id
    KeyId(Uuid),

    /// Specify a DSM key by its name
    KeyName(String),
}

impl From<KeyDescriptor> for SobjectDescriptor {
    fn from(x: KeyDescriptor) -> Self {
        match x {
            KeyDescriptor::KeyId(id) => SobjectDescriptor::Kid(id),
            KeyDescriptor::KeyName(name) => SobjectDescriptor::Name(name),
        }
    }
}