fix: Add creds decryption .env (#475)

* feat: Add creds encryption .env * Remove encrypted key import in swagger
cheqd · Jan 19, 2024 · d332764 · d332764
1 parent 0dd521e
commit d332764
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 20 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -60,6 +60,7 @@ jobs:
                 TESTNET_RPC_URL: ${{ vars.TESTNET_RPC_URL }}
                 VERIDA_NETWORK: ${{ vars.VERIDA_NETWORK }}
                 VERIDA_PRIVATE_KEY: ${{ secrets.VERIDA_PRIVATE_KEY }}
+                CREDS_DECRYPTION_SECRET: ${{ secrets.CREDS_DECRYPTION_SECRET }}
 
             - uses: actions/upload-artifact@v4
               if: always()

diff --git a/src/controllers/key.ts b/src/controllers/key.ts
@@ -127,7 +127,7 @@ export class KeyController {
 	 */
 	public async importKey(request: Request, response: Response) {
 		// Get parameters requeired for key importing
-		const { type, encrypted, ivHex, salt, alias, privateKeyHex } = request.body as ImportKeyRequestBody;
+		const { type, encrypted = false, ivHex, salt, alias, privateKeyHex } = request.body as ImportKeyRequestBody;
 		// Get strategy e.g. postgres or local
 		const identityServiceStrategySetup = new IdentityServiceStrategySetup(response.locals.customer.customerId);
 		let decryptedPrivateKeyHex = privateKeyHex;

diff --git a/src/helpers/helpers.ts b/src/helpers/helpers.ts
@@ -213,11 +213,11 @@ export async function deriveSymmetricKeyFromSecret(
 }
 
 export async function decryptPrivateKey(encryptedPrivateKeyHex: string, ivHex: string, salt: string) {
-	if (!process.env.ENCRYPTION_SECRET) {
+	if (!process.env.CREDS_DECRYPTION_SECRET) {
 		throw new Error('Missing encryption secret');
 	}
 	// derive key from passphrase
-	const derivedKey = await deriveSymmetricKeyFromSecret(process.env.ENCRYPTION_SECRET, salt);
+	const derivedKey = await deriveSymmetricKeyFromSecret(process.env.CREDS_DECRYPTION_SECRET, salt);
 
 	// unwrap encrypted key with iv
 	const encryptedKey = Buffer.from(encryptedPrivateKeyHex, 'hex');

diff --git a/src/static/swagger.json b/src/static/swagger.json
@@ -2650,16 +2650,6 @@
           },
           "privateKeyHex": {
             "type": "string"
-          },
-          "ivHex": {
-            "type": "string",
-            "required": false
-          },
-          "salt": {
-            "type": "string"
-          },
-          "encrypted": {
-            "type": "boolean"
           }
         }
       },

diff --git a/src/types/environment.d.ts b/src/types/environment.d.ts
@@ -51,6 +51,9 @@ declare global {
 			ENABLE_ACCOUNT_TOPUP: string | 'false';
 			FAUCET_URI: string;
 			TESTNET_MINIMUM_BALANCE: number;
+
+			// Creds
+			CREDS_DECRYPTION_SECRET: string;
 		}
 	}
 

diff --git a/src/types/swagger-types.ts b/src/types/swagger-types.ts
@@ -702,13 +702,6 @@
  *           enum: [ Ed25519, Secp256k1 ]
  *         privateKeyHex:
  *           type: string
- *         ivHex:
- *           type: string
- *           required: false
- *         salt:
- *           type: string
- *         encrypted:
- *           type: boolean
  *     KeyResult:
  *       type: object
  *       properties: