chore: update code after code review

.env-issuer.sample

@@ -18,11 +18,11 @@ ISSUER_API_AUTH_PASSWORD=password-issuer
 # KMS configuration
 # --------------------------------------------------------------------------------
 # Could be either [localstorage | vault] (BJJ) and [localstorage | vault | aws ] (ETH)
-ISSUER_KMS_BJJ_PLUGIN=vault
-ISSUER_KMS_ETH_PLUGIN=vault
+ISSUER_KMS_BJJ_PROVIDER=vault
+ISSUER_KMS_ETH_PROVIDER=vault
 
 # if the plugin is localstorage, you can specify the file path (default path is current directory)
-ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FILE_PATH=
+ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=
 
 # If the plugin is AWS for ETH keys you need to specify the key id and secret key
 ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXX

cmd/kms_priv_key_importer/readme.md

@@ -8,11 +8,11 @@ this tools needs the following environment variables to be set up:
 ```
 # Could be either [localstorage | vault] (BJJ) and [localstorage | vault] | aws (ETH)
 ISSUER_PUBLISH_KEY_PATH=pbkey
-ISSUER_KMS_ETH_PLUGIN=aws
+ISSUER_KMS_ETH_PROVIDER=aws
 
 # if the plugin is localstorage, you can specify the file path (default path is current directory)
 # Important!!!: this path must be the same as the one used by the issuer node (defined in .env-issuer file)
-ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FILE_PATH=
+ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=
 
 # If the plugin is AWS for ETH keys you need to specify the key id and secret key
 ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXX
@@ -65,12 +65,12 @@ To get the key id you have to take a look at the output (or logs) of the previou
 then you can import your private key using the following command:
 
 ```shell
-$ chmod +x kms_priv_key_importer
+$ chmod +x aws_kms_material_key_imporer.sh
 $ ./kms_priv_key_importer <privateETHKey> <key-id> <aws-profile>
 ```
 
 where:
-* `privateETHKey` is your private key in hex format (`ac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80`)
+* `privateETHKey` is your private key in hex format (`d3bdf6f80e510b2efed2d1dd2652f3ad5d433b8eeff0cb622d426d259576b551`)
 * `key-id` is the key id of the key created in AWS KMS (in this example `157a8b2a-e5e9-4414-b9c5-301ce828f6c5`)
 * `aws-profile` is the profile name in your `~/.aws/credentials` file
 * `aws-region` is the region where the key was created
@@ -83,7 +83,7 @@ In the root project folder run:
 ```shell
 docker build --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXXX \
   --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY=YYYY \
-  --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_REGION=eu-west-1 -t privadoid-kms-importer -f Dockerfile-kms-importer .
+  --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_REGION=eu-west-1 -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
 ```
 
 after the docker image is created run the following command (make sure you have the .env-issuer with your env vars):
@@ -108,6 +108,6 @@ you will see something like this:
 then import the material key
 
 ```shell
-sh ./aws_kms_material_key_importer.sh ac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 9bb5b78b-c288-44a7-b1d4-0543e0a6 privadoid
+sh ./aws_kms_material_key_importer.sh d3bdf6f80e510b2efed2d1dd2652f3ad5d433b8eeff0cb622d426d259576b551 9bb5b78b-c288-44a7-b1d4-0543e0a6 privadoid
 ```
 if you get `Key material successfully imported!!!` message, then your private key was successfully imported to AWS KMS.

cmd/platform/main.go

@@ -88,7 +88,7 @@ func main() {
 		CertPath:            cfg.KeyStore.CertPath,
 	}
 
-	keyStore, err := keyStoreConfig(cfg, ctx, vaultCfg)
+	keyStore, err := keyStoreConfig(ctx, cfg, vaultCfg)
 	if err != nil {
 		log.Error(ctx, "cannot initialize key store", "err", err)
 		return
@@ -208,10 +208,12 @@ func main() {
 }
 
 // keyStoreConfig initializes the key store
-func keyStoreConfig(cfg *config.Configuration, ctx context.Context, vaultCfg providers.Config) (*kms.KMS, error) {
-	var vaultCli *vault.Client
-	var vaultErr error
-	if cfg.KeyStore.BJJPlugin == config.Vault || cfg.KeyStore.ETHPlugin == config.Vault {
+func keyStoreConfig(ctx context.Context, cfg *config.Configuration, vaultCfg providers.Config) (*kms.KMS, error) {
+	var (
+		vaultCli *vault.Client
+		vaultErr error
+	)
+	if cfg.KeyStore.BJJProvider == config.Vault || cfg.KeyStore.ETHProvider == config.Vault {
 		log.Info(ctx, "using vault key provider")
 		vaultCli, vaultErr = providers.VaultClient(ctx, vaultCfg)
 		if vaultErr != nil {
@@ -225,12 +227,12 @@ func keyStoreConfig(cfg *config.Configuration, ctx context.Context, vaultCfg pro
 	}
 
 	kmsConfig := kms.Config{
-		BJJKeyProvider:           kms.ConfigProvider(cfg.KeyStore.BJJPlugin),
-		ETHKeyProvider:           kms.ConfigProvider(cfg.KeyStore.ETHPlugin),
+		BJJKeyProvider:           kms.ConfigProvider(cfg.KeyStore.BJJProvider),
+		ETHKeyProvider:           kms.ConfigProvider(cfg.KeyStore.ETHProvider),
 		AWSKMSAccessKey:          cfg.KeyStore.AWSAccessKey,
 		AWSKMSSecretKey:          cfg.KeyStore.AWSSecretKey,
 		AWSKMSRegion:             cfg.KeyStore.AWSRegion,
-		LocalStoragePath:         cfg.KeyStore.PluginLocalStorageFilePath,
+		LocalStoragePath:         cfg.KeyStore.ProviderLocalStorageFilePath,
 		Vault:                    vaultCli,
 		PluginIden3MountPath:     cfg.KeyStore.PluginIden3MountPath,
 		IssuerETHTransferKeyPath: cfg.Ethereum.TransferAccountKeyPath,

internal/config/config.go

@@ -151,21 +151,21 @@ type Circuit struct {
 
 // KeyStore defines the keystore
 type KeyStore struct {
-	Address                    string `tip:"Keystore address"`
-	Token                      string `tip:"Token"`
-	PluginIden3MountPath       string `tip:"PluginIden3MountPath"`
-	UserPassEnabled            bool   `tip:"UserPassEnabled"`
-	UserPassPassword           string `tip:"UserPassPassword"`
-	BJJPlugin                  string `tip:"BJJPlugin"`
-	ETHPlugin                  string `tip:"ETHPlugin"`
-	PluginLocalStorageFilePath string `tip:"PluginLocalStorageFilePath"`
-	AWSAccessKey               string `tip:"AWS Acces Key"`
-	AWSSecretKey               string `tip:"AWS Secret Key"`
-	AWSRegion                  string `tip:"AWS Region"`
-	VaultUserPassAuthEnabled   bool   `tip:"VaultUserPassAuthEnabled"`
-	VaultUserPassAuthPassword  string `tip:"VaultUserPassAuthPassword"`
-	TLSEnabled                 bool   `tip:"TLSEnabled"`
-	CertPath                   string `tip:"CertPath"`
+	Address                      string `tip:"Keystore address"`
+	Token                        string `tip:"Token"`
+	PluginIden3MountPath         string `tip:"PluginIden3MountPath"`
+	UserPassEnabled              bool   `tip:"UserPassEnabled"`
+	UserPassPassword             string `tip:"UserPassPassword"`
+	BJJProvider                  string `tip:"BJJProvider"`
+	ETHProvider                  string `tip:"ETHProvider"`
+	ProviderLocalStorageFilePath string `tip:"ProviderLocalStorageFilePath"`
+	AWSAccessKey                 string `tip:"AWS Acces Key"`
+	AWSSecretKey                 string `tip:"AWS Secret Key"`
+	AWSRegion                    string `tip:"AWS Region"`
+	VaultUserPassAuthEnabled     bool   `tip:"VaultUserPassAuthEnabled"`
+	VaultUserPassAuthPassword    string `tip:"VaultUserPassAuthPassword"`
+	TLSEnabled                   bool   `tip:"TLSEnabled"`
+	CertPath                     string `tip:"CertPath"`
 }
 
 // Log holds runtime configurations
@@ -436,9 +436,9 @@ func bindEnv() {
 
 	_ = viper.BindEnv("KeyStore.Address", "ISSUER_KEY_STORE_ADDRESS")
 	_ = viper.BindEnv("KeyStore.Token", "ISSUER_KEY_STORE_TOKEN")
-	_ = viper.BindEnv("KeyStore.BJJPlugin", "ISSUER_KMS_BJJ_PLUGIN")
-	_ = viper.BindEnv("KeyStore.ETHPlugin", "ISSUER_KMS_ETH_PLUGIN")
-	_ = viper.BindEnv("KeyStore.PluginLocalStorageFilePath", "ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FILE_PATH")
+	_ = viper.BindEnv("KeyStore.BJJProvider", "ISSUER_KMS_BJJ_PROVIDER")
+	_ = viper.BindEnv("KeyStore.ETHProvider", "ISSUER_KMS_ETH_PROVIDER")
+	_ = viper.BindEnv("KeyStore.ProviderLocalStorageFilePath", "ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH")
 	_ = viper.BindEnv("KeyStore.AWSAccessKey", "ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY")
 	_ = viper.BindEnv("KeyStore.AWSSecretKey", "ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY")
 	_ = viper.BindEnv("KeyStore.AWSRegion", "ISSUER_KMS_ETH_PLUGIN_AWS_REGION")
@@ -574,22 +574,22 @@ func checkEnvVars(ctx context.Context, cfg *Configuration) {
 		cfg.NetworkResolverPath = "./resolvers_settings.yaml"
 	}
 
-	if cfg.KeyStore.BJJPlugin == "" {
+	if cfg.KeyStore.BJJProvider == "" {
 		log.Info(ctx, "ISSUER_KMS_BJJ_PLUGIN value is missing, using default value: vault")
-		cfg.KeyStore.BJJPlugin = Vault
+		cfg.KeyStore.BJJProvider = Vault
 	}
 
-	if cfg.KeyStore.ETHPlugin == "" {
+	if cfg.KeyStore.ETHProvider == "" {
 		log.Info(ctx, "ISSUER_KMS_ETH_PLUGIN value is missing, using default value: vault")
-		cfg.KeyStore.ETHPlugin = Vault
+		cfg.KeyStore.ETHProvider = Vault
 	}
 
-	if (cfg.KeyStore.BJJPlugin == LocalStorage || cfg.KeyStore.ETHPlugin == LocalStorage) && cfg.KeyStore.PluginLocalStorageFilePath == "" {
+	if (cfg.KeyStore.BJJProvider == LocalStorage || cfg.KeyStore.ETHProvider == LocalStorage) && cfg.KeyStore.ProviderLocalStorageFilePath == "" {
 		log.Info(ctx, "ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FOLDER value is missing, using default value: ./localstoragekeys")
-		cfg.KeyStore.PluginLocalStorageFilePath = "./localstoragekeys"
+		cfg.KeyStore.ProviderLocalStorageFilePath = "./localstoragekeys"
 	}
 
-	if cfg.KeyStore.ETHPlugin == AWS {
+	if cfg.KeyStore.ETHProvider == AWS {
 		if cfg.KeyStore.AWSAccessKey == "" {
 			log.Error(ctx, "ISSUER_AWS_KEY_ID value is missing")
 		}

internal/providers/vault.go

@@ -77,7 +77,7 @@ func newVaultClientWithToken(cfg Config) (*vault.Client, error) {
 	if cfg.Address == "" {
 		return nil, errors.New("vault address is not specified")
 	}
-	if cfg.Address == "" {
+	if cfg.Token == "" {
 		return nil, errors.New("vault access token is not specified")
 	}