Skip to content

switchboard-xyz/secrets-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
migrations
migrations
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Switchboard Logo

Switchboard Secrets Server: Securely Store Your Secrets

This repository provides the source code for the Switchboard Secrets server, a secure way to store and access secrets for your Switchboard functions.

What are Secrets?

Secrets are sensitive information like API keys, passwords, and database credentials. It's important to store them securely so unauthorized individuals cannot access them.

How it works

  1. Store your secrets as key-value pairs in the server.
  2. When your Switchboard function needs to access secret, it sends a request to the server.
  3. The server verifies the request using SGX-generated "quotes", ensuring only authorized functions can access secrets.
  4. If authorized, the server encrypts the secrets with a key generated by the function's enclave and returns it.
  5. The secrets are decrypted within the function's its secure enclave, ensuring confidentiality.

Sequence Diagram

Benefits to using Switchboard Secrets

  • Securely store secrets: Keep your secrets outside your Switchboard functions and only decrypt them within the SGX enclave for maximum security.
  • Easy integration: Easily access your secrets directly from your Switchboard function with simple SDK calls.
  • Self-hosting option: You can self-host the server for ultimate control and privacy.

Getting Started

To use Switchboard secrets, you can [1] self-host this server or [2] build & manage your secrets via Switchboard's Secrets App. No matter which option you choose, you'll be able to securely store and access your secrets within your Switchboard functions.

1 Self-hosting:

  • Create a postgres instance and initialize it with the proper schema:
    • psql -f ./migrations/20231017004955_init.sql -U <username> [<database>]
  • Initialize a kubernetes cluster with the provided helm manifest to retrieve the allocated static IP for your cluster
  • Access your secrets from within your Switchboard function:
let YOUR_PUBKEY: &str = ...;
// { keys: HashMap<String, String> }
let sb_secrets = switchboard_solana::fetch_secrets(
  YOUR_PUBKEY,
  "http://<YOUR_SERVER_IP>"
).await;
let YOUR_SECRET_VALUE = sb_secrets.keys.get("YOUR_SECRET_NAME");

2. Switchboard's Secrets App

  • Connect your wallet, and create your secrets by giving them a name (the key) and a secret (the value).
  • Access your secrets from within your Switchboard function:
// { keys: HashMap<String, String> }
let secrets = switchboard_solana::fetch_secrets(
  user_pubkey.as_str(),
  None
).await;
let YOUR_SECRET_VALUE = sb_secrets.keys.get("YOUR_SECRET_NAME");

Things to remember

  • Whenever you upload a new version of your container, it has a different "mrenclave" value than previously. You must explicitly whitelist your new "mrenclave" value to access your secrets.

Further Information

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages