HSM integration for private keys

[Otaiki1]

Context

Exposing oracle private keys in env vars is a major security risk.

Goal

Implement KeyService adapter for AWS KMS / Google Cloud KMS.

Contributor guide

1. Directory: oracle/
2. Create HSM-backed sign() method in KeyService.
3. Never fetch the raw secret; perform signing in the HSM.
4. Update config to choose KeyProvider based on environment.
5. Document IAM policy requirements.

References

• Security Best Practices - Key Management.

[Vera3289]

@Vera3289 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hello maintainer. I can work on this issue, please assign. Thank you

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Vera3289 to this issue.