Skip to content

feat(composer)! avoid holding private key in env var#1074

Merged
Fraser999 merged 6 commits intomainfrom
fraser/composer-private-key
May 17, 2024
Merged

feat(composer)! avoid holding private key in env var#1074
Fraser999 merged 6 commits intomainfrom
fraser/composer-private-key

Conversation

@Fraser999
Copy link
Copy Markdown
Contributor

@Fraser999 Fraser999 commented May 15, 2024

Summary

This PR changes the configuration env vars for composer to not hold the contents of the private key for signing sequencer transactions.

Background

It's undesirable to have the contents of a private key in an env var.

Changes

Changed the existing env var to hold a path to a hex-encoded private key file.

Testing

Modified existing tests, and ran smoke test using local build of composer.

Breaking Changelist

  • Removed ASTRIA_COMPOSER_PRIVATE_KEY
  • Added ASTRIA_COMPOSER_PRIVATE_KEY_FILE

Related Issues

Closes #993.

@Fraser999 Fraser999 requested review from a team as code owners May 15, 2024 10:26
@Fraser999 Fraser999 requested review from SuperFluffy and aajimal May 15, 2024 10:26
@github-actions github-actions bot added composer pertaining to composer cd labels May 15, 2024
SuperFluffy
SuperFluffy reviewed May 15, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@SuperFluffy SuperFluffy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with the changes.

Can we also put the SigningKey behind a https://docs.rs/secrecy/0.8.0/secrecy/struct.Secret.html? So that we don't accidentally leak it if someone decides to debug-print executor or the submitfut? Right now SigningKey implements Debug and happily leaks its contents.

@joroshiba joroshiba added the docker-build used to trigger docker builds on PRs label May 15, 2024
@github-actions github-actions bot added conductor pertaining to the astria-conductor crate sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels May 17, 2024
@Fraser999
Copy link
Copy Markdown
Contributor Author

Fraser999 commented May 17, 2024

@SuperFluffy - as agreed, I put the signing key in a newtype in 3515ac0 and replaced all usages of the original type.

@Fraser999 Fraser999 mentioned this pull request May 17, 2024
Closed
SuperFluffy
SuperFluffy approved these changes May 17, 2024
View reviewed changes
@Fraser999 Fraser999 enabled auto-merge May 17, 2024 14:50
@Fraser999 Fraser999 added this pull request to the merge queue May 17, 2024
Merged via the queue into main with commit 8f261a4 May 17, 2024
@Fraser999 Fraser999 deleted the fraser/composer-private-key branch May 17, 2024 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@SuperFluffy SuperFluffy SuperFluffy approved these changes

@aajimal aajimal aajimal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cd composer pertaining to composer conductor pertaining to the astria-conductor crate docker-build used to trigger docker builds on PRs sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Replace ASTRIA_COMPOSER_PRIVATE_KEY env var with ASTRIA_COMPOSER_PRIVATE_KEY_FILE

4 participants

@Fraser999 @SuperFluffy @aajimal @joroshiba