Support optional remote signer in kosud

[hrharder]

Overview

For optimal security, Tendermint recommends using an external signer process on production chains for validators. This prevents double signing, and reduces (or eliminates) the risk of the keys being compromised.

Background

This is a really good primer on the topic!

The PrivValidator interface provides signing functionality for Tendermint validators. The simplest is FilePV (used by go-kosu currently) which uses priv_validator_state.json and priv_validator_key.json.

Currently, we create our in-process tendermint node with a custom constructor, CreateNode.

It assumes usage of FilePV:

node, err := node.NewNode(
		app.Config,
		pv.LoadOrGenFilePV(                                // <= FilePV!
			app.Config.PrivValidatorKeyFile(),
			app.Config.PrivValidatorStateFile(),
		),
		nodeKey,
		proxy.NewLocalClientCreator(app),
		node.DefaultGenesisDocProviderFunc(app.Config),
		node.DefaultDBProvider,
		node.DefaultMetricsProvider(app.Config.Instrumentation),
		logger,
	)

Requirements

• The kosud CLI should provide the option to configure a remote signer, by configuring a SignerListenterEndpoint and SignerClient
• The SignerClient becomes the PrivValidator passed to node.NewNode()
• The default should be FilePV (as it stands now)

For example (just an idea):

// not exactly sure what is required by SignerListenerEndpoint, more flags may be needed
kosud start -E [URL] --remote-signer "10.0.0.4:8000"

Testing

We may have to write a simple remote signer implementation in order to properly test.

[qustavo]

This has been partially implemented in #320. We still need to wait for Tx signing support.

[hrharder]

Do you think we close this issue since technically the implementation satisfies the above? Or leave it open since its not fully compatible with a live network?

[qustavo]

Since the functionality is not there yet, I'd keep it open. And close it when enabled.