The growth of Coinbase over the year 2018 has led to an increase in revenue for the firm. Besides a rise in revenue Coinbase has also been forced to up its number of engineers working to maintain its infrastructure be always up to date all the times. Aside from the success, the increase of engineers has also led to a growth of audit trails which are vital for approvals which give engineers permissions to make essential changes for the whole system.
Previously, Coinbase had put in place a Codeflow pipeline which was coupled with a GeoEngineer codification tooling used by Snapchain. Through the latter systems, Coinbase engineers can gain access to Coinbase blockchain infrastructure to take care of the changes. But for the engineers to gain access to any production environment service, they need approval. For that, the engineers need a quorum of engineer’s approval for their configurations, code and lastly permissions to be implemented.
Besides engineers, other staff at Coinbase also require approval to gain access to production services that the systems highly depends on. Some of the services the personnel need access to include GitHub and AWS services. For these approvals, Coinbase was going the manual way by onboarding employees into these services. Although manual onboarding worked well, the current hypergrowth came with its bit of challenges. Furthermore, it led to Coinbase experiencing an operational backlog due to the significant increase of requests for consensus approvals.
Out With the Manual in the Automation System
To sort all the above consensus issues Coinbase come up with Single Sign On (SSO). Through SSO engineers and Coinbase personnel get access to production services. Besides just enabling personnel to gain access to the production services SSO also achieves high-security standards. To fully achieve its role Coinbase had to combine several mechanisms to reach to full SSO automation. For approving the permissions Security Assertion Markup Language (SAML) is used. On the other hand, LDAP comes in at securing native authentication mechanism for Coinbase personnel. Furthermore, LDAP also comes with two directory which determines users are part of which part.
How SSO Consensus Works
To achieve its primary goal of granting permission engineers need to upgrade their request for permissions to services by making a repository request. From the repository request, SSO builds a group directory which gets information from a read-only file. From the directly SSO gets details of users cryptographically hashed passwords. It is from the details from the directory that user’s use to issue permissions.