Skip to main content
← Back

June 26, 2024

Agenda

Meeting Notes

Secrets demo

  • Brooks has brought a demo application that shows off wasmCloud's new secret support—essentially a modified version of the Redis kvcounter example. When performing the usual curl against the app, he gets an unauthorized response. If he gives a password, he can authenticate. This is a wasmCloud application comprised of a component and two providers, one of which is a modified Redis keyvalue provider.

  • The wasmCloud host makes the request to fetch a secret, not the provider. This works with a new interface called wasmcloud:secrets.

  • In this example, the secret is stored in a NATS keyvalue bucket using a NATS keyvalue backend. A Vault backend is expected to drop next week.

  • wasmCloud's secret support is the first reference implementation for what could be a wasi:secrets interface.

  • Brooks walks through the secrets RFC, highlighting that the wasmCloud host itself isn't actually storing any values. The values themselves are stored in your secrets store (a NATS key-value store in this case) and the secret is entirely encrypted on the message bus—the host decrupts the secret with an xkey.

  • Secret names and tied to specific components or providers' workload identities. Each secret can be scoped to a specific component in a specific application, but can also be used more generally.

  • A given secrets backend (for example, a provider like the modified kvredis provider Brooks has brought) can serve secrets to multiple components or providers.

  • You can also fetch secrets from multiple secrets backends.

Roadmap check-in

  • With a couple weeks to go, it's a good time to check in on the Q2 roadmap. While we have a number of issues open, we've accomplished a ton, and our major priorities like secrets are landing now.

  • Question/comment: It can sometimes be difficult to understand how to start contributing for a given issue. It might be a good idea to focus on just a couple of issues and then fleshing out the articulation of those issues so it's easier for contributors to jump in.

  • Brooks: We've completed a lot, and we want to maintain velocity, but it's definitely a good idea to hold ourselves to a high standard for making these issues accessible.

wRPC updates

  • Roman has been working on the Rust transport abstraction, making wRPC easier to use and more efficient. It now goes all in on tokio. We also have a wasm-tokio crate.

  • We also now have QUIC transport which can be used as an alternative to NATS. The wRPC protocol is designed to be transport-agnostic, and this provides a new option.

Recording