Use Vault transit engine for storing Wallet & PaymentAddress sensitive data #2310
Conversation
Gemfile
Outdated
| @@ -55,6 +55,7 @@ gem 'peatio', '~> 0.6.1' | |||
| gem 'rack-cors', '~> 1.0.2', require: false | |||
| gem 'env-tweaks', '~> 1.0.0' | |||
| gem 'vault', '~> 0.12', require: false | |||
| gem 'vault-rails', '~> 0.5.0', git: 'http://github.com/dnfd/vault-rails' | |||
There was a problem hiding this comment.
Ask owner if they are going to merge it soon
Otherwise we will probably fork it to rubykube
Also could you check pls that patch you applied on top of master doesn't contain vulnerabilities
app/models/wallet.rb
Outdated
| end | ||
|
|
||
| define_method "#{accessor}=".to_sym do |value| | ||
| self.settings = self.settings.merge({ accessor.to_s => value }) |
There was a problem hiding this comment.
I think you could use .merge! and avoid hash in params
self.setting.merge!(attribute => value)There was a problem hiding this comment.
I prefer self.settings=, it is a method call actually, while merge! modifies a hash returned with settings, and it breaks some specs
db/migrate/20190807092706_add_encrypted_secret_to_payment_address.rb
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,12 @@ | |||
| class AddEncryptedSecretToPaymentAddress < ActiveRecord::Migration[5.2] | |||
| def change | |||
There was a problem hiding this comment.
-
Put columns before timestamps
-
What is the string limit for encrypted attribute ? May be default string(255) is too many or we need more for wallet settings which is actually a long string
-
You can't just remove column you need to transfer existing data to vault before
dnfd
force-pushed
the
feature/vault-rails
branch
5 times, most recently
from
78ffc98 to
87e7dd9
Compare
app/models/wallet.rb
Outdated
| end | ||
|
|
||
| define_method "#{attribute}=".to_sym do |value| | ||
| update(settings: self.settings.merge(attribute.to_s => value)) |
app/models/wallet.rb
Outdated
| # We use this attribute values rules for wallet kinds: | ||
| # 1** - for deposit wallets. | ||
| # 2** - for fee wallets. | ||
| # 3** - for withdraw wallets (sorted by security hot < warm < cold). | ||
| ENUMERIZED_KINDS = { deposit: 100, fee: 200, hot: 310, warm: 320, cold: 330 }.freeze | ||
| enumerize :kind, in: ENUMERIZED_KINDS, scope: true | ||
|
|
||
| # temporary solution |
There was a problem hiding this comment.
Start comment from capital letter and end with dot
dnfd
changed the title
dnfd
force-pushed
the
feature/vault-rails
branch
from
87e7dd9 to
b8127f3
Compare
ysv
changed the title
ysv
changed the title
ysv
changed the title
config/initializers/vault.rb
Outdated
|
|
||
| Vault.configure do |config| | ||
| config.address = ENV.fetch('VAULT_URL', 'http://127.0.0.1:8200') | ||
| config.token = ENV.fetch('VAULT_TOKEN') | ||
| config.ssl_verify = false | ||
| config.timeout = 60 | ||
| config.application = 'peatio' |
dnfd
force-pushed
the
feature/vault-rails
branch
3 times, most recently
from
31b5c73 to
e303bf3
Compare
* Update migration
dnfd
force-pushed
the
feature/vault-rails
branch
from
e303bf3 to
d5d5a30
Compare
|
It seems like |
No description provided.