You have already installed Vault and you are using TLS for transport security.To keep this exercise focused on this use case, I will make a few assumptions: To demonstrate the power of using Vault as a platform for blockchain wallets, let's use the Vault Ethereum plugin to build an MFA-enabled Ethereum desktop wallet. This means that Vault can live on a different machine than your laptop- something you typically can't do with RPC-based wallets. When you enable TLS, authentication to Vault is secure and no credentials or key material are leaked when signing transactions. Other functionality (deploying contracts and sending transactions) will require access to the Ethereum RPC interface. Some of the functionality (creating accounts, signing and verifying) can happen without needing access to an Ethereum Node. It enables you to sign and verify signatures on arbitrary data. It can support smart contract continuous development practices by providing mechanisms to deploy smart contracts. This plugin provides many of the capabilities of an Ethereum wallet. The Vault Ethereum plugin is an implementation of a secret backend. Another benefit of using Vault as a platform for an Ethereum Wallet is that we get all the benefits of a hierarchical deterministic wallet without the risk - with this Vault plugin, I can very quickly and easily create many Ethereum accounts based on independently derived private keys. As a consequence of using Vault as a platform for an Ethereum Wallet, I was able to trivially add MFA support - making Vault the first standalone Ethereum Wallet with MFA. Vault's design allows it to broker many forms of authentication with many forms of credentialing. And since Vault can scale from a single laptop to a highly available, globally replicated data center, it can be used as a personal wallet or as an enabler of enterprise blockchain use. Vault's raison d'être is to solve the secrets management problem. » Vault As Platform for Blockchain Wallets Private key management is the first problem that any blockchain consumer needs to solve. This is especially true within an enterprise: try to imagine a large company using a laptop for the keys to all its accounts.
Wallets often feel like awkward sidecars to the protocol and, the security and usability of private key management tools for Ethereum (and blockchains in general) are often lacking. This fact has caused a bit of an impedance mismatch: it often feels like the centralized nature of private keys is an afterthought in the design of many blockchain systems-including Ethereum. And while the public portion of a key pair may be disseminated in a decentralized manner, the private key is a fundamentally centralized concept. The foundation of all blockchain ecosystems-the "crypto" in the currency-is the system known as public key cryptography. And while there are endless debates about the efficiency costs of this trustless model or the overall utility of blockchain, I am more interested in the practical ramifications of this decentralized architecture. The fundamental innovation of blockchain is how distributed consensus is achieved without trust. The blockchain that underlies Ethereum is replicated on every node in the network so that the loss of any particular node (or subset of nodes) is not impactful. The protocol was designed to place little to no trust in 3rd parties like cloud providers, certificate authorities, or DNS. This blog will look at how the two can work seamlessly together.Įthereum, like many blockchain-based ecosystems, is fundamentally a decentralized technology. It allows you to hold and secure ether and other crypto-assets built on Ethereum, as well as deploy and use smart contracts.
An Ethereum Wallet is a gateway to decentralized applications on the Ethereum blockchain. HashiCorp Vault focuses on keeping application data secure across distributed infrastructure by tightly coupling your trusted identity with brokering access and managing sensitive organizational information and secrets.
Rowe Price and founder of the DC-Baltimore HashiCorp User Group - this work was done in his role as an Ethereum aficionado and open source contributor. This is a guest post by Jeff Ploughman, a Security Architect at T.