diff --git a/agent_application/docker/docker-compose.yml b/agent_application/docker/docker-compose.yml index 04abab0c..53b4e012 100644 --- a/agent_application/docker/docker-compose.yml +++ b/agent_application/docker/docker-compose.yml @@ -38,9 +38,9 @@ services: UNICORE__LOG_FORMAT: text UNICORE__EVENT_STORE__TYPE: postgres UNICORE__EVENT_STORE__CONNECTION_STRING: postgresql://demo_user:demo_pass@cqrs-postgres-db:5432/demo - UNICORE__URL: http://192.168.1.234:3033 + UNICORE__URL: ${UNICORE__URL} - UNICORE__SECRET_MANAGER__STRONGHOLD_PATH: "/app/res/stronghold" + UNICORE__SECRET_MANAGER__STRONGHOLD_PATH: "/app/res/stronghold-test" UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD: "secure_password" # Uncomment the following lines to use the DID method `did:iota:rms` @@ -49,7 +49,7 @@ services: # UNICORE__SECRET_MANAGER__ISSUER_FRAGMENT: "bQKQRzaop7CgEvqVq8UlgLGsdF-R-hnLFkKFZqW2VN0" volumes: - ../../agent_application/example-config.yaml:/app/agent_application/example-config.yaml - - ../../agent_secret_manager/tests/res/test.stronghold:/app/res/stronghold + # - ../../agent_secret_manager/tests/res/test.stronghold:/app/res/stronghold - ../../agent_verification/presentation_definitions:/app/agent_verification/presentation_definitions # TODO: Remove this. This is a workaround that ensures that the `agent_verification/presentation_definitions` # folder can be accessed by the agent from the `fn authorization_requests` endpoint. diff --git a/agent_application/example-config.yaml b/agent_application/example-config.yaml index e2ccbb52..e9393722 100644 --- a/agent_application/example-config.yaml +++ b/agent_application/example-config.yaml @@ -70,10 +70,12 @@ credential_configurations: # Key configuration (temporary) secret_manager: - stronghold_path: "/tmp/local.stronghold" + # Set this to `true` in order to generate a new stronghold file if it does not exist yet. + generate_stronghold: true + # stronghold_path: "/tmp/local.stronghold" # stronghold_password: "" <== Should be injected through the env variable `UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD` # stronghold_password_file: "" - issuer_eddsa_key_id: "ed25519-0" - issuer_es256_key_id: "es256-0" + # issuer_eddsa_key_id: "ed25519-0" + # issuer_es256_key_id: "es256-0" # issuer_did: "did:iota:rms:0x0000000000000000000000000000000000000000000000000000000000000000" # issuer_fragment: "key-0" diff --git a/agent_secret_manager/src/lib.rs b/agent_secret_manager/src/lib.rs index fdff1944..e0b2b946 100644 --- a/agent_secret_manager/src/lib.rs +++ b/agent_secret_manager/src/lib.rs @@ -1,11 +1,13 @@ use agent_shared::config::{config, SecretManagerConfig}; use did_manager::SecretManager; +use log::info; pub mod subject; // TODO: find better solution for this pub async fn secret_manager() -> SecretManager { let SecretManagerConfig { + generate_stronghold, stronghold_path: snapshot_path, stronghold_password: password, issuer_eddsa_key_id, @@ -14,30 +16,21 @@ pub async fn secret_manager() -> SecretManager { issuer_fragment, } = config().secret_manager.clone(); - match ( - snapshot_path, - password, - issuer_eddsa_key_id, - issuer_es256_key_id, - issuer_did, - issuer_fragment, - ) { - (snapshot_path, password, issuer_eddsa_key_id, issuer_es256_key_id, issuer_did, issuer_fragment) - if issuer_eddsa_key_id.is_some() || issuer_es256_key_id.is_some() => - { - SecretManager::load( - snapshot_path, - password, - issuer_eddsa_key_id, - issuer_es256_key_id, - None, - issuer_did, - issuer_fragment, - ) - .await - .unwrap() - } - (snapshot_path, password, None, None, _, _) => SecretManager::generate(snapshot_path, password).await.unwrap(), - _ => panic!(), + if generate_stronghold { + info!("Generating new secret manager"); + SecretManager::generate(snapshot_path, password).await.unwrap() + } else { + info!("Loading secret manager from Stronghold snapshot"); + SecretManager::load( + snapshot_path, + password, + issuer_eddsa_key_id, + issuer_es256_key_id, + None, + issuer_did, + issuer_fragment, + ) + .await + .unwrap() } } diff --git a/agent_secret_manager/tests/res/temp.stronghold b/agent_secret_manager/tests/res/temp.stronghold deleted file mode 100644 index 0ea2706d..00000000 Binary files a/agent_secret_manager/tests/res/temp.stronghold and /dev/null differ diff --git a/agent_shared/src/config.rs b/agent_shared/src/config.rs index c0c93b2c..292dea34 100644 --- a/agent_shared/src/config.rs +++ b/agent_shared/src/config.rs @@ -8,7 +8,7 @@ use std::{ collections::HashMap, sync::{RwLock, RwLockReadGuard}, }; -use tracing::info; +use tracing::{debug, info}; use url::Url; #[derive(Debug, Deserialize, Clone)] @@ -59,6 +59,8 @@ pub struct EventStorePostgresConfig { #[derive(Debug, Deserialize, Clone)] pub struct SecretManagerConfig { + #[serde(default)] + pub generate_stronghold: bool, pub stronghold_path: String, pub stronghold_password: String, pub issuer_eddsa_key_id: Option, @@ -201,6 +203,8 @@ pub static CONFIG: Lazy> = impl ApplicationConfiguration { pub fn new() -> Result { dotenvy::dotenv().ok(); + // TODO: these cannot be logged because `tracing_subscriber` is not initialized yet at this point since it does + // not know the log format yet. info!("Environment variables loaded."); info!("Loading application configuration ..."); @@ -219,7 +223,13 @@ impl ApplicationConfiguration { .build()? }; - config.try_deserialize() + config.try_deserialize().inspect(|config: &ApplicationConfiguration| { + // TODO: this won't be logged either because `tracing_subscriber` is not initialized yet at this point. To + // fix this we can consider obtaining the `log_format` from the config file prior to loading the complete + // configuration. + info!("Configuration loaded successfully"); + debug!("{:#?}", config); + }) } pub fn set_preferred_did_method(&mut self, preferred_did_method: SupportedDidMethod) {