Merge pull request #24 from zama-ai/ghislain/chore/upgrade-v0.13

feat: update KMS Core and KMS Connector versions and configurations

Author: maxnovawind

mainnet/helm-values/kms-connector.yaml

@@ -9,6 +9,11 @@ commonConfig:
     gatewayConfig: "0xDE537Be194777A56f8B19d14079E6a78249390ab"
     kmsGeneration: "0x290947F9fed2d91fdB22f35E162aDfA744b7aEe3"
   env:
+    - name: ETHEREUM_RPC_URL
+      valueFrom:
+        secretKeyRef:
+          name: rpc
+          key: ethereum-rpc-url
     - name: DATABASE_ENDPOINT
       valueFrom:
         secretKeyRef:
@@ -84,6 +89,10 @@ kmsConnectorKmsWorker:
     tag: v0.10.8
   replicas: 1
   config:
+    hostChains:
+      - url: "$(ETHEREUM_RPC_URL)"
+        chainId: 1
+        aclAddress: "0xcA2E8f1F656CD25C01F05d0b243Ab1ecd4a8ffb6"
     kmsCoreEndpoints: "http://kms-core:50100"
   affinity:
     nodeAffinity:

mainnet/helm-values/kms-core.yaml

@@ -10,13 +10,23 @@ kmsCore:
   nameOverride: kms-core
   image:
     name: hub.zama.org/zama-protocol/zama-ai/kms/core-service-enclave
-    tag: v0.12.7
+    tag: v0.13.2
   serviceAccountName: mpc-party
   envFrom:
     configmap:
       name: mpc-party
   thresholdMode:
     enabled: true
+    trustedReleases:
+     # KMS Core v0.12.7
+     - pcr0: "5695392a1772c4832fe6b1153e36af6ca302a5b524b63398079164541d5529fc468d2d5fecc12e79fbe441a33d52ba6f"
+       pcr1: "4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493"
+       pcr2: "e299a77ded75a13c060103fa1ed41b5b16946dec3abeb351aabebbe02788cd3425e49a78447da1e5459a4189f877e476"
+     # KMS Core v0.13.2
+     - pcr0: "cd2896066896a82ad2c9d87c833ac3ccee8e1d7930913277193a651165c7efe432c32274d2cc0d49d772c10ac719ca29"
+       pcr1: "4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493"
+       pcr2: "db0b41ee919fc3e3b4cbbdcad6df9d39060db2913324639357fca3cd2fcbc351cb827b58e9cefabf2413e336fa23f035"
+ 
     tls:
       enabled: false
     peersList:
@@ -90,9 +100,15 @@ kmsCore:
   publicVault:
     s3:
       enabled: true
+      # use prefix in order to override the default prefix which is PUB, and to be backwards compatible with the old prefix system
+      # Replace p1 with p{id} where id is the peer id
+      prefix: "PUB-p1"
   privateVault:
     s3:
       enabled: true
+      # use prefix in order to override the default prefix which is PRV, and to be backwards compatible with the old prefix system
+      # Replace p1 with p{id} where id is the peer id
+      prefix: "PRV-p1"
     awskms:
       enabled: true
 
@@ -101,7 +117,7 @@ kmsCoreClient:
   nameOverride: kms-client
   image:
     name: hub.zama.org/zama-protocol/zama-ai/kms/core-client
-    tag: v0.12.4
+    tag: v0.13.2
   envFrom:
     configmap:
       name: mpc-party

testnet/helm-values/kms-connector.yaml

@@ -9,6 +9,11 @@ commonConfig:
     gatewayConfig: "0x94153006067B89399e059284f5a7Fe016940E332"
     kmsGeneration: "0x5779Ac320BbDB267Cc4d1b77195a203F926bBC60"
   env:
+    - name: ETHEREUM_RPC_URL
+      valueFrom:
+        secretKeyRef:
+          name: rpc
+          key: ethereum-rpc-url
     - name: DATABASE_ENDPOINT
       valueFrom:
         secretKeyRef:
@@ -34,7 +39,7 @@ kmsConnectorDbMigration:
   enabled: true
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/db-migration
-    tag: v0.10.8
+    tag: v0.11
   env: []
   affinity:
     nodeAffinity:
@@ -56,7 +61,7 @@ kmsConnectorGwListener:
   nameOverride: kms-connector-gw-listener
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/gw-listener
-    tag: v0.10.8
+    tag: v0.11
   replicas: 1
   config:
     # Use full node
@@ -81,9 +86,19 @@ kmsConnectorKmsWorker:
   nameOverride: kms-connector-kms-worker
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/kms-worker
-    tag: v0.10.8
+    tag: v0.11
   replicas: 1
+  env:
+    - name: ETHEREUM_RPC_URL
+      valueFrom:
+        secretKeyRef:
+          name: rpc
+          key: ethereum-rpc-url
   config:
+    hostChains:
+      - url: "$(ETHEREUM_RPC_URL)"
+        chainId: 11155111
+        aclAddress: "0xf0Ffdc93b7E186bC2f8CB3dAA75D86d1930A433D"
     kmsCoreEndpoints: "http://kms-core:50100"
   affinity:
     nodeAffinity:
@@ -105,7 +120,7 @@ kmsConnectorTxSender:
   nameOverride: kms-connector-tx-sender
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/tx-sender
-    tag: v0.10.8
+    tag: v0.11
   replicas: 1
   serviceAccountName: mpc-party-connector
   wallet:

testnet/helm-values/kms-core.yaml

@@ -10,15 +10,21 @@ kmsCore:
   nameOverride: kms-core
   image:
     name: hub.zama.org/zama-protocol/zama-ai/kms/core-service-enclave
-    tag: v0.12.7
+    tag: v0.13.2
   serviceAccountName: mpc-party
   envFrom:
     configmap:
       name: mpc-party
   thresholdMode:
     enabled: true
     tls:
-      enabled: false
+      enabled: true
+    trustedReleases:
+     # KMS Core v0.13.2
+     - pcr0: "cd2896066896a82ad2c9d87c833ac3ccee8e1d7930913277193a651165c7efe432c32274d2cc0d49d772c10ac719ca29"
+       pcr1: "4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493"
+       pcr2: "db0b41ee919fc3e3b4cbbdcad6df9d39060db2913324639357fca3cd2fcbc351cb827b58e9cefabf2413e336fa23f035"
+ 
     peersList:
       - id: 1
         host: mpc-node-1
@@ -90,9 +96,15 @@ kmsCore:
   publicVault:
     s3:
       enabled: true
+      # use prefix in order to override the default prefix which is PUB, and to be backwards compatible with the old prefix system
+      # Replace p1 with p{id} where id is the peer id
+      prefix: "PUB-p1"
   privateVault:
     s3:
       enabled: true
+      # use prefix in order to override the default prefix which is PRV, and to be backwards compatible with the old prefix system
+      # Replace p1 with p{id} where id is the peer id
+      prefix: "PRV-p1"
     awskms:
       enabled: true