@marten-seemann Is there any transport that supports PSK which we could use? The PSK is important to our use-case in particular.

TCP and WebSocket support PSK. Would you mind describing your use case?

We're building an IPFS Operator to run in Kubernetes. One of our key features is orchestrating large-scale private networks, but we're using the libp2p circuit relay in order to allow individual IPFS nodes to be dialable by each other due to the amount of network abstractions that take place in a cloud environment.
The reason for this PR is so that we can initialize go-libp2p-relay-circuit with a PSK and be able to properly handle peer-to-peer circuits while maintaining privacy.

I'm not sure I understand how this helps maintain privacy. There's no such thing as unencrypted libp2p connections, so all connections are private anyway.
What PSK allows you is to conveniently separate your nodes from other libp2p / IPFS nodes, but at the heavy cost of double-encryption and limiting your transports to TCP and WebSocket.

@marten-seemann We're doing this so that enterprise users can create their own private IPFS networks that would run at scale but without advertising their CIDs to the global DHT. I think it would be fine if the transports are limited to TCP & WebSocket, but we haven't been able to try running it at scale yet to actually see what the drawbacks would be.

Thank you for the explanation. I think this should be part of a larger discussion around PSK, and I’ve opened libp2p/specs#489 for that.

There’s an issue for this PR from a while ago: #1249.
For some reason, GitHub doesn’t allow me to link it to this PR.