Standing up your own `lattice-connect` communication endpoint

Connecting to your Lattice1 in Private

The following post describes a newly-released option for connecting a Lattice1 to your own self-hosted cloud endpoint rather than using the default infrastructure GridPlus provides. For now, we only recommend advanced users pursue this option. Longer term we plan to release a more user-friendly UI for setting up this configuration.

One unique attribute of the Lattice1 is that it allows for permissioned signing and subscriptions (more advanced remote signing features are planned later in the year); this attribute requires a framework for remote encrypted communications with the device. By default, Lattice1 hardware wallets are configured to use GridPlus cloud infrastructure for receiving communications from third party applications. For example, when you visit https://wallet.gridplus.io and type in your device ID, your browser makes a request to the GridPlus cloud, which routes the message to your Lattice1 based on the ID you gave it. To put it simply: third party applications cannot make requests directly to your Lattice1 — the requests must be routed through cloud infrastructure to reach your device.

Note: This lack of direct connection is an artifact of how the Internet works. For obvious security reasons, consumer routers block most incoming requests by default. We cannot assume that Lattice1 owners will have the desire or ability to configure their home router’s settings, so the Lattice1 instead “subscribes” to requests from an available message broker (i.e. in the cloud) and “publishes” responses — this is called a “pub/sub” model. You can read a bit more about the general problem here.

As a security and privacy focused company, GridPlus strives to make the hardware you purchase 100% yours. We do not want the responsibility of maintaining proprietary communication channels with our customers’ hardware wallets and while all messages are encrypted, we still do not want to be the only game in town routing Lattice1 messages. Today we are taking the first step to opening access that we hope advanced users will appreciate: the ability to stand up your own communication endpoint and connect your Lattice1 to it.

Setting Up Your Endpoint

Go to the lattice-connect repo and read through the README — it will cover everything you need to get started. The lattice-connect repo contains a simple express.js server combined with an mqtt.js client/broker set. These services are run with node.js.

The README also discusses how to connect to the MQTT broker from your Lattice1 using the SSH credentials on your device. As you might infer, your deployed instance needs to be publicly available (with both HTTP and MQTT ports exposed) and must remain online (to keep the subscriptions alive). Note that if your service goes offline or crashes, your Lattice1 will automatically try to re-establish a connection with the MQTT broker so don’t worry too much about constant uptime.

Read on once you have the lattice-connect endpoint running and your Lattice1 is connected to its MQTT broker.

Configuring the Web Wallet

The GridPlus Web Wallet is a simple wallet interface for your Lattice1 and also serves as a mechanism to establish connections from external integrations such as Yearn (see current full integrations list here). If you visit https://wallet.gridplus.io, you will see a “Settings” link on the login page:

See new Settings link ^

There is also a Settings tab on your main menu once you are logged in:

See new Settings tab

Get to the Settings view and you will see a setting called (Advanced) Connection Endpoint. To use your own endpoint, click on the switch and type in your endpoint URL plus web server port:

Type in your endpoint URL, e.g. http://mynode.myserver.io:3000

You must click Update and Reload for the changes to take effect.

Note that you must specify the protocol being used (e.g. http:// ) in your endpoint URL!

Using your Custom Endpoint

We now assume you have done the following:

1. Clone lattice-connect repo, read through the README, configure your endpoint, and deploy it (e.g. to the cloud).
2. Connect your Lattice1 to your endpoint’s MQTT broker using the instructions detailed in the README.
3. Go to https://wallet.gridplus.io and configure the application to point to your endpoint’s web server.

If you’ve done these things, you should be able to use the GridPlus Web Wallet and all third party integrations as you otherwise would. If you ever wish to go back to the default GridPlus cloud infrastructure, you are always welcome to do that — just restore the configurations on your Lattice1 (see README for more details) and flip the switch back to the default position in your Web Wallet.