Releases: Layr-Labs/cerberus-api
v0.1.0
v0.1.0 Migration guide
v0.1.0
has some breaking changes and will require to setup the BLS signer from scratch.
High Level Changes
- API spec has been changed. Please refer to cerberus-api
- New requirement for a postgresDB for persistence. So users will need to have a postgres DB, either hosted or use the docker compose file to setup a fresh DB (If you were testing using a version of cerberus with DB, you might need to start a fresh DB instance and re-import keys)
High level steps
- If you are using docker get the latest Docker compose file (if using the postgres from the setup)
- Import the keys using the ImportKey endpoint
grpcurl -plaintext -d '{"privateKey": "<sk>", "password": "password"}' localhost:50051 keymanager.v1.KeyManager/ImportKey
It will respond back with
{
"publicKeyG1": "<g1-pub-key>",
"apiKey": "<unique-api-key>"
}
- Use this API key in every signing request
grpcurl -plaintext -H 'authorization: <unique-api-key>' -d '{"public_key_g1": "<g1-pub-key>", "password": "<password>", "data": "SGVsbG8sIFdvcmxkIQ=="}' localhost:50051 signer.v1.Signer/SignGeneric
Without this header (or without correct api key), you won’t be able to sign any request
Every signer also has a way to spin up an admin API on different port which should only be accessible by super admin. The APIs in those admin service should help you in locking and unlocking keys and rotation the API key which is mapped to a g1 pub key. Please make sure to NOT expose this port to public or to any EigenDA nodes
EigenSDK
The latest EigenSDK has a module which abstract everything away - https://github.com/Layr-Labs/eigensdk-go/tree/dev/signer
This is a separate module which can be used if you want to use it.
EigenDA
The latest EigenDA release will have support this version of Cerberus. So please upgrade if you are using it.
If you are using eigenda with existing version of Cerberus, there are two path on how you can upgrade
1. Setup a new instance (Recommended)
Since this is a breaking change. You can setup a new instance of cerberus and then import the key again. Then once you update eigenda and the new env vars you can just point to new instance and run eigenda
2. Using Existing instance
2.1 Switch to Local signer
If you don’t want to disrupt eigenda signing, then switch to local signer (make sure to have key locally as we used to do it ) and then keep running eigenda. Upgrade the Cerberus instance, reimport the key and then point eigenda back to remote signer and enable remote signer
2.2 Just upgrade the remote signer
This way might lead to little downtime. Just upgrade the signer and import the key and then update eigenda envs for api key and restart eigenda
What's Changed
- feat: add endpoint to get g1 and g2 pubkeys by @shrimalmadhur in #8
- feat: add g1 point sign api by @shrimalmadhur in #9
- feat: add api key and admin API by @shrimalmadhur in #7
- docs: update readme by @shrimalmadhur in #10
Full Changelog: v0.0.1...v0.1.0
v0.0.1
Notable changes
- This is the first release of remote signer specification.
- This is not ready for Production yet, so please use at your own risk.
What's Changed
- feat: add rust bindings by @shrimalmadhur in #1
- correct link of hash and curve by @shrimalmadhur in #3
- chore: get crate ready by @shrimalmadhur in #4
- chore: exclude folders by @shrimalmadhur in #5
New Contributors
- @shrimalmadhur made their first contribution in #1
Full Changelog: https://github.com/Layr-Labs/cerberus-api/commits/v0.0.1