dq-vault - Hashicorp vault BTC/ETH plugin
This vault plugin stores a user's mnemonic inside vault in an encrypted manner. The plugin uses this stored mnemonic to derive a private key based on an HD wallet path provided by the user and signs a raw transaction given as input using that private key. All this process happens inside the vault and the user never knows the mnemonic (unless he has provided it manually) or the private key derived. All he needs to do is give a raw transaction as input and the vault returns a signed transaction. A particular user is identified in the vault using a UUID generated when the user is initially registered in the vault.
There will be two roles communicating with vault:
- Admin: The one who sets up the vault.
- Application Server: The one who uses vault to read and update data.
The application server can communicate with a vault server using API requests/calls. Both CLI commands and API call methods have been included in this guide.
Visit this link for full documentation of
This part of setting up vault can be done using two methods. You may follow any one of your choices.
Using Method 1:-
Dockerto get your vault server up and running. You can find it in this link. We have provided the required docker files in the setup folder.
Setting up Vault manually. The steps are given below in this README, starting from vault installation to creating your own vault server by using the CLI. Method 2:-
If you are already done with setting up the vault server using method 1, you may go directly to part 2 which elaborates the usage of the vault as an application server.
The first thing you need to do is to install vault to set-up a vault server.
To install Vault, find the appropriate package for your system and download it. Vault is packaged as a zip archive.
After downloading Vault, unzip the package. Vault runs as a single binary named vault.
Copy the vault binary to your
PATH. In Ubuntu, PATH should be the
To verify the installation, type vault in your terminal. You should see help output similar to the following:
$ vault Usage: vault <command> [args] Common commands: read Read data and retrieves secrets write Write data, configuration, and secrets delete Delete secrets and configuration list List data or secrets login Authenticate locally server Start a Vault server status Print seal and HA status unwrap Unwrap a wrapped secret Other commands: audit Interact with audit devices auth Interact with auth methods lease Interact with leases operator Perform operator-specific tasks path-help Retrieve API help for paths policy Interact with policies secrets Interact with secrets engines ssh Initiate an SSH session token Interact with tokens
You can find the official installation guide here
Get go files and Build plugin
Assuming that you have golang installed and your GOPATH configured, get the plugin repository and run the build command in that folder:
$ go build
This will you give you a binary executable file with the name
Now move this binary file to a directory which the vault will use as its plugin directory. The plugin directory is where the vault looks up for available plugins.
$ mv Vault /etc/vault/plugins/vault_plugin
The above path is just an example, you can change the etc path to your own desired path.
Copyright 2021, DeqodeLabs (https://deqode.com/) Licensed under the MIT License(the "License");