As an operator, I would like to be able to define strategies for the ETH wallets needed
Created by: lullis
To be able to receive payments in a controlled manner, we need to be able to have a pool of different wallets that can be selected. On a naive implementation, this means that the each wallet needs to be generated by the system automatically, which means that the database will store information about the private key. This can be problematic if there is any security issue that can give access to the database to malicious people.
Other alternatives can be thought of that would avoid having private keys in the database. Examples:
- The operators are responsible for generating the wallets offline and the database only contains the addresses
- The wallets are part of some kind of smart contract (e.g Gnosis Safe)
- The private keys for the wallets are managed by a secret store (https://www.hashicorp.com/blog/using-vault-to-build-an-ethereum-wallet/)
Ideally, this should be a configurable and extendable solution, much like Django's authentication backends.