@ -121,3 +121,149 @@ We use the tokio async runtime environment. Please see the docs
- follow the pattern in `optics-base/src/main.rs`
- make a `config` folder and a toml file
- Make sure to include your own settings from above
# Provisoning KMS Keys
There exists a script in this repository (`provision_kms_keys.py `) that facilitates KMS key provisioning for agent roles.
The script will produce a single set of keys per "environment." Where an __environment__ is a logical set of smart contrace deployments. By default there are two environments configured, `staging` and `production` where `staging` is testnet deployments of the contracts and `production` corresponds to mainnet deployments.
The current strategy, in order to reduce complexity, is to use the same keys for transaction signing on both Celo and Ethereum networks. Should you desire, the key names to be provisioned can be modified such that the script creates unique keys per-network. Ex:
If the required keys are not present, the script will generate them. If they keys _are_ present, their information will be fetched and displayed non-destructively.
Upon successful operation, the script will output a table of the required keys, their ARNs, ETH addresses (for funding the accounts), and their regions.
## Provision IAM Policies and Users
This is an opinionated setup that works for most general agent operations use-cases. The same permissions boundaries can be achieved through different means, like using only [Key Policies](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)