Security on Hyperledger Fabric is enforced with digital signatures. All requests made to the fabric must be signed by users with appropriate enrollment certificates. Once a user is enrolled, the application certificate is stored in wallet for future use. Explore this code pattern to understand what types of wallets are available and how to make more secure.
Hyperledger Fabric is private and permissioned, and all requests made to Hyperledger Fabric must be signed by users with appropriate enrollment certificates. Once a user is enrolled, the Hyperledger Fabric SDK saves the certificates in the wallet for future use. An application run by a user selects one of these identities when it connects to a channel.
There are existing Fabric wallets, such as FileSystemWallet and CouchDBWallet, which you can leverage to store registered user identities. The Hyperledger Fabric SDK provides a default file system wallet for storing Fabric certificates. The FileSystem wallet stores user certificates in folders. This approach does not provide the required security or flexibility. The security concern with these implementations is in externalizing the associated private key of the identity. It can be compromised if someone gets access to these storage systems. Generally, the front-end client application and client SDK application (integration layer) gets deployed in the containerized environment (i.e., into the Kubernetes platform). So what about storing the wallet into Kubernetes platform itself? It would be considered more secure since it removes the dependency to store wallet outside the Kubernetes platform.
This developer code pattern demonstrates the methodology of storing wallets in the Kubernetes platform as secrets and using the secrets while performing transactions using the Hyperledger Fabric Java SDK.
- Set up the Hyperledger Fabric network using the IBM Blockchain Platform.
- Deploy the client application built using the Hyperledger Fabric Java SDK to communicate with the blockchain network on the IBM Kubernetes Cluster.
- Users with admin identity register new users to the blockchain network, and new users enroll in the network.
- The generated certificates are stored as Kubernetes secrets.
- The Kubernetes secrets certificates are used for further transactions with the blockchain network.
Ready to get started? Check out the README for detailed instructions on how to:
- Get the code
- Create IBM Cloud Services
- Set up the Hyperledger Fabric network using IBM Blockchain Platform
- Register and enroll users to connect to the Hyperledger Fabric network
- Deploy the Hyperledger Fabric Java SDK Client application on IBM Kubernetes Service
- Store the Hyperledger Fabric wallet as Kubernetes secret
- Access the client application