Please describe your proposed solution.
In early 2023, The Morphium developed a simple Python based key management toolset to secure important application passwords (database passwords, skeys, etc) behind a gatekeeper. The tool is already available and has been fully open source since day one. The package uses the following logic:
1) Have a list of allowed IP Addresses to initiate access requests.
2) Have a list of servers allowed to retrieve keys.
3) An API request is sent from an authorized computer to enable a 5 minute access window.
4) Request uses 2FA as part of this authorization attempt.
5) If the request fails 3 times within a short period of time, the interface is entirely locked out for an hour, with no option to reset.
6) If the request is authenticated, the gatekeeper will allow retrieval of keys for the next 5 minutes.
7) An application requests a key as part of its start up procedure to access a database, etc.
8) The key is never stored on the application server, and only ever held in the applications running memory.
https://github.com/TheMorphium/crypt_keeper
This proposal is to expand on this library to make the tool even more usable. We would like to build a precompiled binary package (docker image, iso, etc) that can be installed easily to a virtual machine or raspberry pi, further tighten security, and create a web console to manage access. Presently the tool is built to be innaccessible except from a direct console connection. But it should be possible to create a one way interface that can onboard new servers and passwords, without exposing keys.
As a stretch goal, we would like to set up the web interface to support code updates, as well as support seed phrase key creation, so that a new instance would be able to reproduce identical keys to a previous installation.
How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?
This proposal allows for a significantly higher level of protection for application developers, with little to no cost for implementing.
How do you intend to measure the success of your project?
Success will be measured by ease of use, and ease of installation.
Please describe your plans to share the outputs and results of your project?
The entire project is open source, and will forever remain as such. Anyone with an interest will be able to monitor the progress in the repository.