In this three-part series, we will explore the innovative Orbit platform - a secure on-chain governance solution for teams managing digital assets and smart contracts across multiple blockchains.
This article delves into the container governance capabilities of Orbit, showcasing how it transforms the governance of the Internet Computer from deployment to production through multi-user governance. For those interested in the Orbit technology architecture, read 'Unveiling Orbit: A Flexible Policy Engine', and for insights into financial operations, 'Orbit for Treasuries: Secure Management' explores how teams manage crypto assets securely through fine-grained permissions.
For teams building on the Internet Computer, securely and efficiently managing containers is crucial. Traditional container management approaches often rely on direct control by individual developers or rigid, inflexible governance models. Orbit disrupts this paradigm by providing a robust framework for secure, multi-user governance of containers from the outset.
Whether upgrading containers, managing controllers, or handling static asset updates, Orbit ensures that each operation is governed by customizable approval policies, providing teams with the confidence and tools to scale their operations securely.
The role of Orbit in container governance
The core of Orbit Station is the governance layer for containers, enabling teams to define and enforce fine-grained permissions and approval workflows for all container operations, including managing controllers, upgrading containers, and executing static asset updates— all conducted under secure and auditable policies.
Orbit's governance capabilities can transition from a centralized model (where a single developer may control a container) to a distributed governance framework, ensuring accountability and reducing risks.
So far, the capability to securely manage canister operations has been enabled through the SNS framework or directly through the NNS for DAOs, but for small teams, even with long-term goals of creating an SNS for their projects, Orbit now offers a solution.
Orbit's ecosystem provides two key tools for container governance:
Orbit Wallet - A browser-based user interface for cataloging and managing external containers;
dfx-orbit - A command line tool for advanced governance workflows, including asset container management.
Orbit Wallet for external container management
Orbit Wallet features a user-friendly interface designed to streamline external container management. Teams can create a directory of containers with human-readable names, descriptions, and tags, making it easy to organize and collaborate on container operations.
However, Orbit Wallet currently does not support asset container management workflows, and teams managing assets must rely on dfx-orbit CLI, which provides the capabilities necessary for secure and policy-driven asset updates.
Introducing the dfx-orbit command line interface (CLI)
dfx-orbit CLI was initially developed to meet the governance needs of OISY, a browser-based wallet primarily aimed at retail users. OISY was the first client of the CLI, which is designed to seamlessly integrate with the dfx workflow, extending the governance features of Orbit to advanced operations not yet available in the asset containers and Orbit wallet interface.
Getting started with dfx-orbit
dfx-orbit CLI allows developers to:
Connect their local dfx identity to Orbit;
Manage Orbit stations and associate them with containers;
Perform secure container operations with Orbit, such as upgrades, asset uploads, etc.
The CLI is easy to install and integrates seamlessly with existing development setups, ensuring that teams already using dfx can smoothly transition into the onboarding process.
How dfx-orbit works
dfx-orbit CLI extends the familiar dfx workflow to include Orbit governance features. Here are examples of how teams can securely manage containers:
1. Set up Orbit governance
Add Orbit Station as your container's controller;
Configure user permissions and approval policies within Orbit.
2. Execute secure container operations
Use dfx-orbit request commands to propose operations such as upgrades or asset uploads;
Reviewers can use dfx-orbit verify to validate these requests, ensuring all changes comply with governance requirements.
3. Publish updates
Once approved, updates are automatically applied, ensuring operations are secure and compliant with policies.
For example, to upgrade a container:
This ensures that upgrades are not only secure but also adhere to all established approval workflows.
Key features of container governance
Catalog external containers using Orbit Wallet: Orbit Wallet provides an intuitive interface for managing external containers, allowing teams to create detailed catalogs with names, descriptions, and tags for better organization and collaboration.
Controller management using Orbit Station: Teams can securely delegate control of containers to Orbit Station, ensuring that all operations are governed by approved policies, enhancing security by eliminating single-user dependencies.
Asset container management using dfx-orbit CLI: The CLI supports advanced operations for asset containers, including permission management, asset uploads, and verification. These workflows are not yet supported by Orbit Wallet, making the CLI the preferred tool for asset management.
Collaborative container upgrades: With Orbit, container upgrades are a secure and transparent process. Developers can request upgrades through the CLI, while reviewers can validate and approve these changes.
Audit logs: Every operation performed through Orbit is recorded, providing teams with accountability and transparency through an audit trail.
Orbit runs
How Orbit's tools work together for secure and flexible container management:
Catalog external containers using Orbit Wallet: Teams use Orbit Wallet to maintain an organized directory of external containers, containing metadata such as names, descriptions, and tags;
Perform advanced operations using dfx-orbit CLI: The CLI handles asset container-specific workflows, such as requesting asset uploads, verifying permissions, and managing upgrades through policy execution;
Implement collaborative governance: Both tools can seamlessly integrate with Orbit Station, ensuring that all operations are managed under secure approval workflows and detailed logging.
What this means for developers
For developers, Orbit provides an integrated solution for managing and governing containers. Orbit Wallet simplifies the cataloging of external containers, while dfx-orbit CLI offers powerful tools for asset container operations, ensuring teams can maintain their workflows while benefiting from Orbit's security and governance features.
What this means for organizations
With Orbit's secure collaboration framework, organizations can confidently scale their container management. Orbit Wallet facilitates visibility and organization of external containers for the entire team, while the CLI ensures that advanced asset management workflows are policy-driven and secure.
These tools enable organizations to delegate responsibilities, reduce risks, and maintain operational transparency.
Future Foundations
Orbit Wallet provides external container management, while dfx-orbit CLI offers the depth needed for advanced workflows such as asset management. Together, they form a comprehensive toolkit for secure container management.
As Orbit evolves, additional features such as enhanced reporting and expanded integrations will further solidify its position as the preferred platform for managing containers on the Internet Computer.
Orbit ensures the secure management of containers from day one, allowing teams to confidently collaborate on managing their containers by combining the usability of Orbit Wallet with the advanced capabilities of dfx-orbit CLI.
To explore these tools, visit the Orbit wallet or try Orbit CLI now:
orbit.global
github.com/dfinity/orbit/tree/main/tools/dfx-orbit
IC content you care about
Technical progress | Project information | Global events
Follow the IC Binance channel
Stay updated