Skip to content

Port Streamplace's HSM feature to go-livepeer for improved Orchestrator / Broadcaster security #3527

New issue
New issue
Open
Open
Port Streamplace's HSM feature to go-livepeer for improved Orchestrator / Broadcaster security#3527
Labels
status: triagethis issue has not been evaluated yet
@Strykar

Description

@Strykar
Strykar
opened on Apr 22, 2025

Is your feature request related to a problem? Please describe.
HSMs help improve security for stakeholders and has already been tested and deployed on Streamplace by Eli.
Storing the key on a hardware device prevents key loss / leaks that a traditional OS / filesystem are vulnerable to as the private key never leaves the HSM.
See https://www.nitrokey.com/files/doc/Nitrokey_HSM_factsheet.pdf

Describe the solution you'd like
Please port the HSM feature from Streamplace to go-livepeer so Orchestrators and Broadcasters may (optionally) use HSM's like Nitrokey to massively improve security of their infrastructure.

Describe alternatives you've considered
There are currently none, but this is opt-in so Orch's who do not wish to use an HSM can continue as-is.

Additional context
Many Orchestrators may not wish to learn PKCS11 or deal with the cost / complexity of integrating HSMs so this should definitely be optional to use.
This was discussed on yesterday's WC call with @iameli who felt it should not be a lot of effort to port it to go-livepeer.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: triagethis issue has not been evaluated yet

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions