It'd be good to launch a self-hosted Guardian whose identity doesn't change on every restart, without requiring AWS Secrets Manager. A local file/env secret provider would make that possible.
This matters because a changing identity freezes accounts: each multisig account pins the Guardian's ack-key commitment on-chain, and the client refuses to co-sign if the live commitment doesn't match. Today a stable commitment requires AWS (the only AckSecretProvider is AwsSecretsManagerProvider), so a non-AWS deployment gets a new identity on each restart. Recovery is possible but costly: each affected account must re-pin the new commitment with a SwitchGuardian transaction (cosigner quorum only, no Guardian ack).
It'd be good to launch a self-hosted Guardian whose identity doesn't change on every restart, without requiring AWS Secrets Manager. A local file/env secret provider would make that possible.
This matters because a changing identity freezes accounts: each multisig account pins the Guardian's ack-key commitment on-chain, and the client refuses to co-sign if the live commitment doesn't match. Today a stable commitment requires AWS (the only
AckSecretProviderisAwsSecretsManagerProvider), so a non-AWS deployment gets a new identity on each restart. Recovery is possible but costly: each affected account must re-pin the new commitment with a SwitchGuardian transaction (cosigner quorum only, no Guardian ack).