How to set up ledger access rules
| Date | Responsible | Changes |
|---|---|---|
| January 24, 2023 | @Luis Fidelis | Initial version |
| February 10, 2023 | @Omar Monterrey | SDK Options refactoring (url to server and key to signer) |
| February 27, 2023 | @Luis Fidelis | Rename bearer.$key access constraints to bearer.$signer |
| February 27, 2023 | @Omar Monterrey | Refactored signer.schema → signer.format |
| March 7, 2023 | @Filip Herceg | Changed bearer action to read |
| March 9, 2023 | @Tomislav Herman | Changed ledger → sdk and instance → ledger in order to match new SDK interface. |
Each ledger instance record supports attaching access rules through the access property. This property holds a list of permissions to signers and/or JWT tokens to access ledger records i.e wallets, symbols, etc, or the ledger instance itself. When making api requests using the SDK those access rules can be added when building the record.
import { LedgerSdk } from '@minka/ledger-sdk'
const sdk = new LedgerSdk({
server: '<your ledger URL>',
signer: {
format: 'ed25519-raw',
public: '<your ledger public key>'
}
})
const { ledger } = await sdk.ledger.init()
.data({
handle: 'test-ledger',
signer: 'ledger-signer',
access: [{
action: 'read',
record: 'wallet',
bearer: {
$signer: {
handle: 'bearer-key-value'
}
}
}]
})
.hash()
.sign([{ keyPair: yourKeyPair }])
.send()Access data can be also added interactively through CLI:
$ minka ledger create
? Handle: test-ledger
? Enter access content: Press <enter> to launch your preferred editor.Then the default editor will open with an empty list [] as default value. This list must be fulfilled with the desired access rules
After confirming those permissions, a summary of the ledger instance as well as a confirmation question will be prompt in order to finish the operation without any mistake
$ minka ledger create
? Handle: test-ledger
? Enter access content: Received
? Add custom data? No
? Signer: signerlocal
Ledger summary:
------------------------------------------------------------------------
Handle: test-ledger
Access rules:
#0
- Action: read
- Record: wallet
- Bearer:
- $signer:
- handle: owner
⚠️ To allow a new ledger instance to sign specific operations
when needed, a new signer will be created and attached to it.
This new signer will be owned and managed by the server.
Its public key and key format are going to be available
for verification of the signature.
? Sign this ledger instance using signer signerlocal? Yes
✅ Ledger instance created successfully:
Handle: test-ledger
Public: orr9rbdN4gtFLOqxk2rZsEZl4qj6IdOZ+R6PPaHTN0U=
Signer: 5y3Dv13lLQ4Ewd1WG0Pmi9gV/wc8Lh1UnidXMdMG0+w= (signerlocal)See About Authorization for more details about this concept.