S3 store vault #213
Merged
S3 store vault #213
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR includes multiple breaking changes that require a complete network reset, contract redeployment, full database reset, and migration from initial state.
Major Changes
Migration File Consolidation:
Merged migration files for store-vault-server and withdrawal-server to improve readability during this database reset.
UUID Replacement:
Eliminated UUIDs in store-vault-server in favor of encrypted data hash values.
Purpose: Enables future local file data management without dependency on store-vault-server UUIDs.
Security: Data typically contains user-selected random salt, making collisions possible only through intentional action. Submissions with duplicate hash values will be rejected, maintaining security.
S3 Integration:
Created s3-store-vault to store data directly in AWS S3.
Signature Implementation:
Added signatures to encrypted data that should only be stored/retrieved by private key holders, reducing reliance on store-vault-server trust.
Data Storage Abstraction:
Reorganized store-vault/s3-vault storage into:
Both implemented as immutable objects in S3 to ensure update consistency
Required Configuration
s3-store-vault
The following environment variables must be specified:
BUCKET_NAME: S3 bucket nameCLOUDFRONT_DOMAIN: CloudFront domainCLOUDFRONT_KEY_PAIR_ID: Key-pair ID for CloudFront presigned URLsCLOUDFRONT_PRIVATE_KEY_BASE64: Base64 string of CloudFront private keyS3_UPLOAD_TIMEOUT=20: Expiry timeout for S3 uploadsS3_DOWNLOAD_TIMEOUT=40: Expiry timeout for CloudFront downloadsBlock Builder and withdrawal-server
When using s3 store vault server:
STORE_VAULT_SERVER_BASE_URLto the s3 store vault server URLUSE_S3=truePrivate zkp server
Requires update due to encryption method changes. I will submit a separate PR.
Frontend
When using s3 server:
store_vault_server_urlto the s3 server URLuse_s3=true