diff --git a/quorum-vault-system/src/SUMMARY.md b/quorum-vault-system/src/SUMMARY.md index 6445010..60a6f3e 100644 --- a/quorum-vault-system/src/SUMMARY.md +++ b/quorum-vault-system/src/SUMMARY.md @@ -24,7 +24,8 @@ * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md) * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Proposer]() - * [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md) + * [Solana: Create Transaction Payload](generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md) + * [Cosmos: Create Transaction Payload](generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md) * [Approver]() * [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md) * [Operator](generated-documents/level-2/fixed-location/operator/index.md) diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md new file mode 100644 index 0000000..01e2a06 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md @@ -0,0 +1,10 @@ +# Cosmos: Create Transaction Payload + +{{ #include template-create-tx-0.md:content }} + +1. Use icepick to generate and sign the payload: + ``` + $ icepick workflow <--option value> <--option value> --export-for-quorum --sign > + ``` + +{{ #include template-create-tx-1.md }} diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md deleted file mode 100644 index e9f7c67..0000000 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md +++ /dev/null @@ -1,117 +0,0 @@ -# Proposer - Create Transaction Payload - -The proposer is a fiduciary whose responsibility is to make sound financial decisions on behalf of a business and determine where funds are moving from, where to and in which amount. The reasons for sending funds may range across settlement, exchanging, staking and more. - -The proposer MUST include the workflow type and all arguments required by a workflow, such as `from_address`, `to_address`, `asset_name`, etc., as well as a UTC datetime representing the time when the transaction is proposed. - -The proposer must combine these values into a JSON file, such as: - -```json -{ - "workflow": ["cosmos", "withdraw"], - "values": { - "delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer", - "validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh", - "asset_name": "KYVE", - "asset_amount": "0.4", - "chain_name": "korellia" - }, - "proposal_datetime": "2025-01-28T18:18:00" -} -``` - -## Requirements - -* [Quorum PGP Key](../operator/quorum-entropy-ceremony.md) - -* [Air-Gapped Bundle](../provisioner/air-gapped-bundle.md) - - * The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. - - * The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo - -{{ #include ../../../../component-documents/linux-workstation.md:content }} - -* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine - -## Procedure - -1. Turn on online linux workstation - -1. Clone the `vaults` repository if it's not available locally and get the latest changes: - ``` - $ git clone - $ git pull origin main - ``` -1. Unseal the SD Card Pack - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Plug a fresh SD card into the online linux workstation - -1. {{ #include ../../../../component-documents/finding-device-name.md:content }} - -1. Save the `vaults` repo to the SD card, referred to as the Ceremony SD card - ``` - $ cp -r ~/vaults/ /media - ``` -1. Unplug the Ceremony SD card - -1. Unseal the tamper proofed bundle - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Insert the AirgapOS SD card into the airgapped machine and turn it on - -1. Once booted, unplug the AirgapOS SD card and place it in High Visibility Storage - -1. Plug in the Ceremony SD card - -1. Copy the git repo locally from the Ceremony SD card and change to it - ``` - $ cp -r /media/vaults /root - $ cd /root/vaults - ``` -1. Create a new payloads directory in the `vaults` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist - - * `mkdir -p /ceremonies//payloads` - - * e.g `mkdir -p solana-01/ceremonies/2025-01-01/payloads` - -1. Use `icepick workflow --help` to list the available workflows and options - -1. Plug in the Operator smart card - -1. Use icepick to generate and sign the payload: - ``` - $ icepick workflow <--option value> <--option value> --export-for-quorum --sign > - ``` - * e.g `$ icepick workflow cosmos withdraw-rewards --delegate-address kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer --validator-address kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh --chain-name korellia --export-for-quorum --sign > /ceremonies//payloads/payload_.json` - - * e.g `$ icepick workflow sol transfer --from-address "$(cat //0.txt)" --to-address "$(cat to_address.txt)" --amount --export-for-quorum --sign > /ceremonies//payloads/payload_.json` - -1. Copy the updated ceremonies repo to the SD card - ``` - $ cp -r /root/vaults /media - ``` -1. Transfer the SD card from the air-gapped machine to the online machine - -1. {{ #include ../../../../component-documents/finding-device-name.md:content }} - -1. Copy the updated repository locally and switch to it: - ``` - $ cp -r /media/vaults ~/ - $ cd ~/vaults - ``` -1. Stage, sign, commit and push the changes to the ceremonies repository: - ``` - $ git add /ceremonies//payloads/* - $ git commit -S -m "add payload signature for payload_.json" - $ git push origin main - ``` - -1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool. - -1. Tamper proof the AirgapOS and Air-gapped laptop - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md new file mode 100644 index 0000000..793aa47 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md @@ -0,0 +1,10 @@ +# Solana: Create Transaction Payload + +{{ #include template-create-tx-0.md:content }} + +1. Use icepick to generate and sign the payload: + ``` + $ icepick workflow sol <--option value> <--option value> --export-for-quorum --sign > + ``` + +{{ #include template-create-tx-1.md }} diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-0.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-0.md new file mode 100644 index 0000000..2f511d5 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-0.md @@ -0,0 +1,65 @@ +/* ANCHOR: all */ +// ANCHOR: content +## Requirements + +* [Quorum PGP Key](../operator/quorum-entropy-ceremony.md) + +* [Air-Gapped Bundle](../provisioner/air-gapped-bundle.md) + + * The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. + + * The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo + +{{ #include ../../../../component-documents/linux-workstation.md:content }} + +* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine + +## Procedure + +1. Turn on online linux workstation + +1. Clone the `vaults` repository if it's not available locally and get the latest changes: + ``` + $ git clone + $ git pull origin main + ``` +1. Unseal the SD Card Pack + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Plug a fresh SD card into the online linux workstation + +1. {{ #include ../../../../component-documents/finding-device-name.md:content }} + +1. Save the `vaults` repo to the SD card, referred to as the Ceremony SD card + ``` + $ cp -r ~/vaults/ /media + ``` +1. Unplug the Ceremony SD card + +1. Unseal the tamper proofed bundle + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Insert the AirgapOS SD card into the airgapped machine and turn it on + +1. Once booted, unplug the AirgapOS SD card and place it in High Visibility Storage + +1. Plug in the Ceremony SD card + +1. Copy the git repo locally from the Ceremony SD card and change to it + ``` + $ cp -r /media/vaults /root + $ cd /root/vaults + ``` +1. Create a new payloads directory in the `vaults` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist + + * `mkdir -p /ceremonies//payloads` + + * e.g `mkdir -p acme-coin-01/ceremonies/2025-01-01/payloads` + +1. Use `icepick workflow --help` to list the available workflows and options + +1. Plug in the Operator smart card +// ANCHOR_END: content +/* ANCHOR_END: all */ diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-1.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-1.md new file mode 100644 index 0000000..d0fbe03 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/template-create-tx-1.md @@ -0,0 +1,29 @@ +/* ANCHOR: all */ +// ANCHOR: content +1. Copy the updated ceremonies repo to the SD card + ``` + $ cp -r /root/vaults /media + ``` +1. Transfer the SD card from the air-gapped machine to the online machine + +1. {{ #include ../../../../component-documents/finding-device-name.md:content }} + +1. Copy the updated repository locally and switch to it: + ``` + $ cp -r /media/vaults ~/ + $ cd ~/vaults + ``` +1. Stage, sign, commit and push the changes to the ceremonies repository: + ``` + $ git add /ceremonies//payloads/* + $ git commit -S -m "add payload signature for payload_.json" + $ git push origin main + ``` + +1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool. + +1. Tamper proof the AirgapOS and Air-gapped laptop + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} +// ANCHOR_END: content +/* ANCHOR_END: all */