Skip to content

v0.1.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 21 Feb 01:48
v0.1.0
621d517
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.1.0 Migration guide

v0.1.0 has some breaking changes and will require to setup the BLS signer from scratch.

High Level Changes

  1. API spec has been changed. Please refer to cerberus-api
  2. New requirement for a postgresDB for persistence. So users will need to have a postgres DB, either hosted or use the docker compose file to setup a fresh DB (If you were testing using a version of cerberus with DB, you might need to start a fresh DB instance and re-import keys)

High level steps

  1. If you are using docker get the latest Docker compose file (if using the postgres from the setup)
  2. Import the keys using the ImportKey endpoint
grpcurl -plaintext -d '{"privateKey": "<sk>", "password": "password"}' localhost:50051  keymanager.v1.KeyManager/ImportKey

It will respond back with

{
  "publicKeyG1": "<g1-pub-key>",
  "apiKey": "<unique-api-key>"
}
  1. Use this API key in every signing request
grpcurl -plaintext -H 'authorization: <unique-api-key>' -d '{"public_key_g1": "<g1-pub-key>", "password": "<password>", "data": "SGVsbG8sIFdvcmxkIQ=="}' localhost:50051 signer.v1.Signer/SignGeneric

Without this header (or without correct api key), you won’t be able to sign any request

Every signer also has a way to spin up an admin API on different port which should only be accessible by super admin. The APIs in those admin service should help you in locking and unlocking keys and rotation the API key which is mapped to a g1 pub key. Please make sure to NOT expose this port to public or to any EigenDA nodes

EigenSDK

The latest EigenSDK has a module which abstract everything away - https://github.com/Layr-Labs/eigensdk-go/tree/dev/signer
This is a separate module which can be used if you want to use it.

EigenDA

The latest EigenDA release will have support this version of Cerberus. So please upgrade if you are using it.
If you are using eigenda with existing version of Cerberus, there are two path on how you can upgrade

1. Setup a new instance (Recommended)

Since this is a breaking change. You can setup a new instance of cerberus and then import the key again. Then once you update eigenda and the new env vars you can just point to new instance and run eigenda

2. Using Existing instance

2.1 Switch to Local signer

If you don’t want to disrupt eigenda signing, then switch to local signer (make sure to have key locally as we used to do it ) and then keep running eigenda. Upgrade the Cerberus instance, reimport the key and then point eigenda back to remote signer and enable remote signer

2.2 Just upgrade the remote signer

This way might lead to little downtime. Just upgrade the signer and import the key and then update eigenda envs for api key and restart eigenda

What's Changed

Full Changelog: Layr-Labs/cerberus-api@v0.0.1...v0.1.0

What's Changed

New Contributors

Changelog

  • 621d517 docs: update readme (#41)
  • 104a0bf chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.29.0 to 1.29.2 (#40)
  • 0316cbb chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.28.5 to 1.29.0 (#33)
  • 4aed786 Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.5 (#3)
  • 4cdf1cf feat: add api key for authz (#31)
  • 6d0c13b feat: implement g1 sign api (#25)
  • bd104ca feat: add postgres db to store keys metadata (#24)
  • d5b380b chore: remove go mod tidy from docker build (#16)
  • 5ce56d9 feat: add google secret manager as backend (#15)
  • d1ebb95 fix: Image fix (#14)
  • 6e97cec chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#13)

Full Changelog: v0.0.2...v0.1.0

Contributors

shrimalmadhur, dependabot, and RonTuretzky
Assets 7
Loading