Releases: iExecBlockchainComputing/iexec-sms
Releases · iExecBlockchainComputing/iexec-sms
8.0.0
New Features
- #150 #127 Support SMS in enclave for Scone TEE tasks.
- #131 #128 #124 #121 #120 #119 #117 #116 #115 #112 Support Gramine framework for TEE tasks.
- #130 Add
GET /upclient method in iexec-sms-library. - #125 Return a same
SmsClientfrom theSmsClientProviderof iexec-sms-library when calling a same SMS URL. - #151 Add iExec banner at startup.
- #158 #159 Show application version on banner.
Bug Fixes
- #136 Remove TLS context on server.
- #135 #156 Remove
GET /secretsendpoints. - #126 Remove non-TEE workflow.
- #157 Remove enclave entrypoints from Gramine sessions since already present in manifests of applications.
- #163 Update Scone transformation parameters to enable health checks in SMS in enclave.
Quality
- #146 #142 #139 #138 #140 #134 Refactor secret model.
- #123 #122 #132 #133 #137 #147 Improve code quality.
Dependency Upgrades
v7.3.0
v7.2.0
v7.1.1
v7.1.0
- #62 An application developer can define a secret associated to its dapp address.
- #86 Allow a requester to define multiple secrets in the SMS. They can then be used when buying an order.
- #88 Add OpenFeign client library in dedicated iexec-sms-library jar.
- #93 Define possible errors during TEE session creation for task feedback.
- #82 Use Spring Boot 2.6.2.
- #101 Use Java 11.0.15.
v7.0.0 - The 7th Gear
Highly improved throughput of the iExec protocol.
v6.1.0
v6.0.0
What's new?
- #41 #45 #47 Add TEE pre-compute stage for iExec Workers (confidential task inputs)
- #46 #48 #50 Enable confidential task on iExec Workers with production enclave mode (pre-compute, compute and post-compute stages)
- #49 #53 #54 Expose trusted TEE configuration for iExec Workers
- #51 Add custom options for security policies
- #57 Disable requester post-compute
v1.0.0
What is it?
- The Secret Managment Service (SMS) stores secrets which are then usable in the iExec network.
- This key component makes possible for anyone to compute confidential assets on the iExec network.
- This component is mandatory to enable the TEE (Trusted Execution Environment) mode of the iExec network.
- The iExec SMS provisions secrets to remote applications that are running inside identified & trusted enclaves.
- Confidential assets you have (password, token, API key, AES key, ..) should be securely transferred from your machine to the SMS over a TLS channel (iExec SDK is recommended). This operation is only done once.
- Internally, secrets are encrypted with standard AES encryption before being written to disk.
- The iExec SMS secret provisioning policy is based on on-chain ACL (PoCo). PoCo smart contracts define simple ACL rules where individuals have ownership of on-chain objects they have deployed (workerpool, application, secret-dataset & requester).
- Each individual who is the owner of an object could define a policy on it. For example, "As a Requester (0xAlice), I only authorize my confidential Secret-Dataset (0xSecretOfAlice) to be used by the application of Bob (0xAppOfBob) I trust which will run on the Workerpool of Carl (0xWorkerpoolOfCarl)".
- When the secure application of Bob starts, the secret of Alice is written into a temporary session and sent over TLS to a dedicated Configuration & Attestation Service (CAS) enclave responsible for communicating with the final application enclave.
- If the application enclave is legit (measurable with its mrenclave with Scone), it will receive the secrets.
- To sum up, if all checks are correct, the secret of Alice will cross the following environments: Alice-Host -> iExec-SMS -> Scone-CAS -> Bob-Scone-Application