make keyring secret file path configurable

cli/config.go

@@ -43,30 +43,31 @@ var configPaths = []string{
 
 // configFlags is a mapping of cli flag names to config keys to bind.
 var configFlags = map[string]string{
-	"log-level":          "log.level",
-	"log-output":         "log.output",
-	"log-format":         "log.format",
-	"log-stacktrace":     "log.stacktrace",
-	"log-source":         "log.source",
-	"log-overrides":      "log.overrides",
-	"no-log-color":       "log.colordisabled",
-	"url":                "api.address",
-	"max-txn-retries":    "datastore.maxtxnretries",
-	"store":              "datastore.store",
-	"valuelogfilesize":   "datastore.badger.valuelogfilesize",
-	"peers":              "net.peers",
-	"p2paddr":            "net.p2paddresses",
-	"no-p2p":             "net.p2pdisabled",
-	"allowed-origins":    "api.allowed-origins",
-	"pubkeypath":         "api.pubkeypath",
-	"privkeypath":        "api.privkeypath",
-	"keyring-namespace":  "keyring.namespace",
-	"keyring-backend":    "keyring.backend",
-	"keyring-path":       "keyring.path",
-	"no-keyring":         "keyring.disabled",
-	"no-encryption-key":  "keyring.noencryptionkey",
-	"source-hub-address": "acp.sourceHub.address",
-	"development":        "development",
+	"log-level":           "log.level",
+	"log-output":          "log.output",
+	"log-format":          "log.format",
+	"log-stacktrace":      "log.stacktrace",
+	"log-source":          "log.source",
+	"log-overrides":       "log.overrides",
+	"no-log-color":        "log.colordisabled",
+	"url":                 "api.address",
+	"max-txn-retries":     "datastore.maxtxnretries",
+	"store":               "datastore.store",
+	"valuelogfilesize":    "datastore.badger.valuelogfilesize",
+	"peers":               "net.peers",
+	"p2paddr":             "net.p2paddresses",
+	"no-p2p":              "net.p2pdisabled",
+	"allowed-origins":     "api.allowed-origins",
+	"pubkeypath":          "api.pubkeypath",
+	"privkeypath":         "api.privkeypath",
+	"keyring-namespace":   "keyring.namespace",
+	"keyring-backend":     "keyring.backend",
+	"keyring-path":        "keyring.path",
+	"no-keyring":          "keyring.disabled",
+	"no-encryption-key":   "keyring.noencryptionkey",
+	"keyring-secret-file": "keyring.secretfile",
+	"source-hub-address":  "acp.sourceHub.address",
+	"development":         "development",
 }
 
 // configDefaults contains default values for config entries.
@@ -87,6 +88,7 @@ var configDefaults = map[string]any{
 	"keyring.disabled":                  false,
 	"keyring.namespace":                 "defradb",
 	"keyring.path":                      "keys",
+	"keyring.secretfile":                ".env",
 	"log.caller":                        false,
 	"log.colordisabled":                 false,
 	"log.format":                        "text",
@@ -98,9 +100,6 @@ var configDefaults = map[string]any{
 
 // defaultConfig returns a new config with default values.
 func defaultConfig() *viper.Viper {
-	// load environment variables from .env file if one exists
-	_ = godotenv.Load()
-
 	cfg := viper.New()
 
 	cfg.AutomaticEnv()
@@ -164,6 +163,9 @@ func loadConfig(rootdir string, flags *pflag.FlagSet) (*viper.Viper, error) {
 		}
 	}
 
+	// load environment variables from .env file if one exists
+	_ = godotenv.Load(cfg.GetString("keyring.secretfile"))
+
 	// set logging config
 	corelog.SetConfig(corelog.Config{
 		Level:            cfg.GetString("log.level"),

cli/root.go

@@ -92,6 +92,10 @@ Start a DefraDB node, interact with a local or remote node, and much more.
 		cfg.GetString(configFlags["keyring-path"]),
 		"Path to store encrypted keys when using the file backend",
 	)
+	cmd.PersistentFlags().String(
+		"keyring-secret-file",
+		cfg.GetString(configFlags["keyring-secret-file"]),
+		"Path to the file containing the keyring secret")
 	cmd.PersistentFlags().Bool(
 		"no-keyring",
 		cfg.GetBool(configFlags["no-keyring"]),

cli/start.go

@@ -100,8 +100,6 @@ func MakeStartCommand() *cobra.Command {
 				if err != nil {
 					return err
 				}
-<<<<<<< HEAD
-=======
 				// load the required peer key or generate one if it doesn't exist
 				peerKey, err := kr.Get(peerKeyName)
 				if err != nil && errors.Is(err, keyring.ErrNotFound) {
@@ -134,7 +132,6 @@ func MakeStartCommand() *cobra.Command {
 				} else if err != nil && !errors.Is(err, keyring.ErrNotFound) {
 					return err
 				}
->>>>>>> 2cdf9388 (make keyring non-interactive)
 				opts = append(opts, node.WithBadgerEncryptionKey(encryptionKey))
 				// setup the sourcehub transaction signer
 				sourceHubKeyName := cfg.GetString("acp.sourceHub.KeyName")

docs/website/references/cli/defradb.md

@@ -12,21 +12,22 @@ Start a DefraDB node, interact with a local or remote node, and much more.
 ### Options
 
 ```
-  -h, --help                        help for defradb
-      --keyring-backend string      Keyring backend to use. Options are file or system (default "file")
-      --keyring-namespace string    Service name to use when using the system backend (default "defradb")
-      --keyring-path string         Path to store encrypted keys when using the file backend (default "keys")
-      --log-format string           Log format to use. Options are text or json (default "text")
-      --log-level string            Log level to use. Options are debug, info, error, fatal (default "info")
-      --log-output string           Log output path. Options are stderr or stdout. (default "stderr")
-      --log-overrides string        Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
-      --log-source                  Include source location in logs
-      --log-stacktrace              Include stacktrace in error and fatal logs
-      --no-keyring                  Disable the keyring and generate ephemeral keys
-      --no-log-color                Disable colored log output
-      --rootdir string              Directory for persistent data (default: $HOME/.defradb)
-      --source-hub-address string   The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
-      --url string                  URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
+  -h, --help                         help for defradb
+      --keyring-backend string       Keyring backend to use. Options are file or system (default "file")
+      --keyring-namespace string     Service name to use when using the system backend (default "defradb")
+      --keyring-path string          Path to store encrypted keys when using the file backend (default "keys")
+      --keyring-secret-file string   Path to the file containing the keyring secret (default ".env")
+      --log-format string            Log format to use. Options are text or json (default "text")
+      --log-level string             Log level to use. Options are debug, info, error, fatal (default "info")
+      --log-output string            Log output path. Options are stderr or stdout. (default "stderr")
+      --log-overrides string         Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
+      --log-source                   Include source location in logs
+      --log-stacktrace               Include stacktrace in error and fatal logs
+      --no-keyring                   Disable the keyring and generate ephemeral keys
+      --no-log-color                 Disable colored log output
+      --rootdir string               Directory for persistent data (default: $HOME/.defradb)
+      --source-hub-address string    The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
+      --url string                   URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
 ```
 
 ### SEE ALSO

docs/website/references/cli/defradb_client.md

@@ -18,20 +18,21 @@ Execute queries, add schema types, obtain node info, etc.
 ### Options inherited from parent commands
 
 ```
-      --keyring-backend string      Keyring backend to use. Options are file or system (default "file")
-      --keyring-namespace string    Service name to use when using the system backend (default "defradb")
-      --keyring-path string         Path to store encrypted keys when using the file backend (default "keys")
-      --log-format string           Log format to use. Options are text or json (default "text")
-      --log-level string            Log level to use. Options are debug, info, error, fatal (default "info")
-      --log-output string           Log output path. Options are stderr or stdout. (default "stderr")
-      --log-overrides string        Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
-      --log-source                  Include source location in logs
-      --log-stacktrace              Include stacktrace in error and fatal logs
-      --no-keyring                  Disable the keyring and generate ephemeral keys
-      --no-log-color                Disable colored log output
-      --rootdir string              Directory for persistent data (default: $HOME/.defradb)
-      --source-hub-address string   The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
-      --url string                  URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
+      --keyring-backend string       Keyring backend to use. Options are file or system (default "file")
+      --keyring-namespace string     Service name to use when using the system backend (default "defradb")
+      --keyring-path string          Path to store encrypted keys when using the file backend (default "keys")
+      --keyring-secret-file string   Path to the file containing the keyring secret (default ".env")
+      --log-format string            Log format to use. Options are text or json (default "text")
+      --log-level string             Log level to use. Options are debug, info, error, fatal (default "info")
+      --log-output string            Log output path. Options are stderr or stdout. (default "stderr")
+      --log-overrides string         Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
+      --log-source                   Include source location in logs
+      --log-stacktrace               Include stacktrace in error and fatal logs
+      --no-keyring                   Disable the keyring and generate ephemeral keys
+      --no-log-color                 Disable colored log output
+      --rootdir string               Directory for persistent data (default: $HOME/.defradb)
+      --source-hub-address string    The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
+      --url string                   URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
 ```
 
 ### SEE ALSO

docs/website/references/cli/defradb_client_acp.md

@@ -19,22 +19,23 @@ Learn more about [ACP](/acp/README.md)
 ### Options inherited from parent commands
 
 ```
-  -i, --identity string             Hex formatted private key used to authenticate with ACP
-      --keyring-backend string      Keyring backend to use. Options are file or system (default "file")
-      --keyring-namespace string    Service name to use when using the system backend (default "defradb")
-      --keyring-path string         Path to store encrypted keys when using the file backend (default "keys")
-      --log-format string           Log format to use. Options are text or json (default "text")
-      --log-level string            Log level to use. Options are debug, info, error, fatal (default "info")
-      --log-output string           Log output path. Options are stderr or stdout. (default "stderr")
-      --log-overrides string        Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
-      --log-source                  Include source location in logs
-      --log-stacktrace              Include stacktrace in error and fatal logs
-      --no-keyring                  Disable the keyring and generate ephemeral keys
-      --no-log-color                Disable colored log output
-      --rootdir string              Directory for persistent data (default: $HOME/.defradb)
-      --source-hub-address string   The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
-      --tx uint                     Transaction ID
-      --url string                  URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
+  -i, --identity string              Hex formatted private key used to authenticate with ACP
+      --keyring-backend string       Keyring backend to use. Options are file or system (default "file")
+      --keyring-namespace string     Service name to use when using the system backend (default "defradb")
+      --keyring-path string          Path to store encrypted keys when using the file backend (default "keys")
+      --keyring-secret-file string   Path to the file containing the keyring secret (default ".env")
+      --log-format string            Log format to use. Options are text or json (default "text")
+      --log-level string             Log level to use. Options are debug, info, error, fatal (default "info")
+      --log-output string            Log output path. Options are stderr or stdout. (default "stderr")
+      --log-overrides string         Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
+      --log-source                   Include source location in logs
+      --log-stacktrace               Include stacktrace in error and fatal logs
+      --no-keyring                   Disable the keyring and generate ephemeral keys
+      --no-log-color                 Disable colored log output
+      --rootdir string               Directory for persistent data (default: $HOME/.defradb)
+      --source-hub-address string    The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
+      --tx uint                      Transaction ID
+      --url string                   URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
 ```
 
 ### SEE ALSO

docs/website/references/cli/defradb_client_acp_policy.md

@@ -15,22 +15,23 @@ Interact with the acp policy features of DefraDB instance
 ### Options inherited from parent commands
 
 ```
-  -i, --identity string             Hex formatted private key used to authenticate with ACP
-      --keyring-backend string      Keyring backend to use. Options are file or system (default "file")
-      --keyring-namespace string    Service name to use when using the system backend (default "defradb")
-      --keyring-path string         Path to store encrypted keys when using the file backend (default "keys")
-      --log-format string           Log format to use. Options are text or json (default "text")
-      --log-level string            Log level to use. Options are debug, info, error, fatal (default "info")
-      --log-output string           Log output path. Options are stderr or stdout. (default "stderr")
-      --log-overrides string        Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
-      --log-source                  Include source location in logs
-      --log-stacktrace              Include stacktrace in error and fatal logs
-      --no-keyring                  Disable the keyring and generate ephemeral keys
-      --no-log-color                Disable colored log output
-      --rootdir string              Directory for persistent data (default: $HOME/.defradb)
-      --source-hub-address string   The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
-      --tx uint                     Transaction ID
-      --url string                  URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
+  -i, --identity string              Hex formatted private key used to authenticate with ACP
+      --keyring-backend string       Keyring backend to use. Options are file or system (default "file")
+      --keyring-namespace string     Service name to use when using the system backend (default "defradb")
+      --keyring-path string          Path to store encrypted keys when using the file backend (default "keys")
+      --keyring-secret-file string   Path to the file containing the keyring secret (default ".env")
+      --log-format string            Log format to use. Options are text or json (default "text")
+      --log-level string             Log level to use. Options are debug, info, error, fatal (default "info")
+      --log-output string            Log output path. Options are stderr or stdout. (default "stderr")
+      --log-overrides string         Logger config overrides. Format <name>,<key>=<val>,...;<name>,...
+      --log-source                   Include source location in logs
+      --log-stacktrace               Include stacktrace in error and fatal logs
+      --no-keyring                   Disable the keyring and generate ephemeral keys
+      --no-log-color                 Disable colored log output
+      --rootdir string               Directory for persistent data (default: $HOME/.defradb)
+      --source-hub-address string    The SourceHub address authorized by the client to make SourceHub transactions on behalf of the actor
+      --tx uint                      Transaction ID
+      --url string                   URL of HTTP endpoint to listen on or connect to (default "127.0.0.1:9181")
 ```
 
 ### SEE ALSO