https://github.com/magiclabs/dkms-customer-api
Magic Labs DKMS customer encryption endpoint
https://github.com/magiclabs/dkms-customer-api
Last synced: about 1 year ago
JSON representation
Magic Labs DKMS customer encryption endpoint
- Host: GitHub
- URL: https://github.com/magiclabs/dkms-customer-api
- Owner: magiclabs
- License: apache-2.0
- Created: 2023-11-30T20:14:55.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2024-02-06T22:18:28.000Z (over 2 years ago)
- Last Synced: 2024-02-06T23:42:07.063Z (over 2 years ago)
- Language: Python
- Size: 1.81 MB
- Stars: 1
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Split KMS Customer Encryption API
Magic offers non-custodial Wallet-as-a-Service, allowing web or mobile
application developers to seamlessly integrate web3 wallets into their apps with
a familiar web2 user experience. The cornerstone of Magic’s offering is its
patented [Delegated Key Management System
(DKMS)](https://magic.link/docs/home/security/product-security#hardware-security-modules-hs-ms).
This repository introduces a novel shared security model where Magic’s
developers can deploy a cloud-native, elastic infrastructure to encrypt segments
of the private key, divided into multiple shares using the tested and proven
[Shamir's Secret Sharing
algorithm](https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf).
You can learn more about this wallet key management model in Magic’s [developer
documentation](https://magic.link/docs/split-kms).

## Getting started
Below outlines the expected workflow for developers participating in the Modular KMS offering:
1. Opt-in for Modular KMS when opening your developer account with Magic. Note
that this feature is currently in invite-only mode; therefore, please [contact
sales](https://magic.link/contact) to enable this functionality.
2. Customers using Magic’s Modular KMS need to encrypt device hydration private
key shares. To do so, fork this repository, make any modifications (if
necessary), and deploy it to your AWS account. The encryption API tech stack is
optimized for AWS Serverless Architecture, ensuring easy scalability.
3. Register the API endpoints with Magic to receive callbacks for encryption and
decryption at runtime when users create a wallet and perform signing
transactions.
## Requirements
Sign up for a cloud vendor; currently, we support Amazon Web Services (AWS).
## License
We have open-sourced this repository under the Apache 2.0 license, making it
suitable for modification to fit the unique requirements of your production
environment. [View the license](./LICENSE).
## Maintenance and Support for Versions
Currently we support AWS as the default cloud providers, we are looking to
integrate this offering with other cloud providers such as Google Cloud and
Microsoft Azure
## Installation
We use AWS CDK for this repository. The following commands will help you deploy
the CDK to your AWS account.
```bash
make install
make synth
make diff
make deploy
```
## Configuration
The reference implementation of the CDK comes with a bring-your-own KMS model
for encrypting and decrypting your share of the key. You are welcome to
customize the configuration further to suit your needs, such as using an
external HSM in place of AWS KMS.
## Getting Help
Reach out to Magic customer support for assistance.
## Documentation
- [AWS CDK API v2 Documentation](https://docs.aws.amazon.com/cdk/api/v2/)