Hot Storage

General Overview

The Hot Storage component is used to store "hot shares": shares that are required each time an operation is performed with the private key the "hot share" belongs to: log in, sign transactions, export the private key, etc.

Unlike the Cold Storage component, which is only accessed when the user logs into a new device, the hot storage is designed with fast, frequent access in mind.

Also unlike the Cold Storage, the Hot Storage does not come with a battle-tested implementation. We have created a base implementation, not intended for production, under the hot_storage/sample directory. We encourage you to implement your own version according to your needs. See Hot Storage Specification for more details. The sample implementation is written in Go, uses PostgreSQL to store data, and can be configured through the environment variables shown in the docker-compose.yml file at the root fo the repository.

How It Works

The Hot Storage links shares to a specific device, user, and auth provider, and stores them in a database. The user is validated against the specified auth provider using the configured Auth Service.

Users will need to specify the user id, auth provider, and device id when requesting shares, and prove their addentity through a JWT token issued by the specified auth service. The auth service must match the one configured when creating the share.

Hot shares are not encrypted with user entropy, so it is important to ensure that the database is secure and access is controlled. We strongly encourage following best practices for database security.

Specification

The full specification for the request is available in the API documentation, and a Postman collection with pre-configured calls is available at the Postman Collection.