feat: add postgres db to store keys metadata (#24)

Author: shrimalmadhur

.env-example renamed to .env.example

@@ -2,3 +2,8 @@ CERBERUS_HOME=${HOME}/cerberus
 CERBERUS_KEYSTORE_DIR=${CERBERUS_HOME}/data/keystore
 CERBERUS_GRPC_PORT=50051
 CERBERUS_METRICS_PORT=9081
+
+DB_NAME=cerberus
+DB_USER=postgres
+DB_PASSWORD=postgres
+DB_PORT=5432

.gitignore

@@ -1,3 +1,3 @@
-.env
+**/.env
 data/
 bin/

Makefile

@@ -36,3 +36,8 @@ tests: ## runs all tests
 .PHONY: docker
 docker: ## runs docker build
 	docker build -t $(APP_NAME):latest .
+
+.PHONY: migrate
+migrate: ## runs database migrations
+	go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
+	migrate -path internal/database/migrations/ -database "postgres://user:password@localhost:5432/cerberus?sslmode=disable" --verbose up

README.md

@@ -1,6 +1,9 @@
 # Remote Signer Implementation of cerberus-api
 This is a remote signer which supports BLS signatures on the BN254 curve.
 
+## Disclaimer
+🚧 Cerberus is under active development and has not been audited. Cerberus is rapidly being upgraded, features may be added, removed or otherwise improved or modified and interfaces will have breaking changes. Cerberus should be used only for testing purposes and not in production. Cerberus is provided "as is" and Eigen Labs, Inc. does not guarantee its functionality or provide support for its use in production. 🚧
+
 <!-- TOC -->
 * [Remote Signer Implementation of cerberus-api](#remote-signer-implementation-of-cerberus-api)
     * [Installation](#installation)
@@ -62,19 +65,21 @@ GLOBAL OPTIONS:
    --aws-profile value              AWS profile (default: "default") [$AWS_PROFILE]
    --aws-region value               AWS region (default: "us-east-2") [$AWS_REGION]
    --aws-secret-access-key value    AWS secret access key [$AWS_SECRET_ACCESS_KEY]
+   --gcp-project-id value           Project ID for Google Cloud Platform [$GCP_PROJECT_ID]
    --grpc-port value                Port for the gRPC server (default: "50051") [$GRPC_PORT]
    --keystore-dir value             Directory where the keystore files are stored (default: "./data/keystore") [$KEYSTORE_DIR]
    --log-format value               Log format - supported formats: text, json (default: "text") [$LOG_FORMAT]
    --log-level value                Log level - supported levels: debug, info, warn, error (default: "info") [$LOG_LEVEL]
    --metrics-port value             Port for the metrics server (default: "9091") [$METRICS_PORT]
+   --postgres-database-url value    Postgres database URL (default: "postgres://user:password@localhost:5432/cerberus?sslmode=disable") [$POSTGRES_DATABASE_URL]
    --storage-type value             Storage type - supported types: filesystem, aws-secret-manager (default: "filesystem") [$STORAGE_TYPE]
    --tls-ca-cert value              TLS CA certificate [$TLS_CA_CERT]
    --tls-server-key value           TLS server key [$TLS_SERVER_KEY]
    --help, -h                       show help
    --version, -v                    print the version
 
 COPYRIGHT:
-   (c) 2024 EigenLab
+   (c) 2025 EigenLabs
 ```
 
 ### Storage Backend

cmd/cerberus/main.go

@@ -5,6 +5,7 @@ import (
 	"log/slog"
 	"os"
 	"sort"
+	"time"
 
 	"github.com/Layr-Labs/cerberus/internal/configuration"
 	"github.com/Layr-Labs/cerberus/internal/server"
@@ -108,6 +109,13 @@ var (
 		Usage:   "Project ID for Google Cloud Platform",
 		EnvVars: []string{"GCP_PROJECT_ID"},
 	}
+
+	postgresDatabaseURLFlag = &cli.StringFlag{
+		Name:    "postgres-database-url",
+		Usage:   "Postgres database URL",
+		Value:   "postgres://user:password@localhost:5432/cerberus?sslmode=disable",
+		EnvVars: []string{"POSTGRES_DATABASE_URL"},
+	}
 )
 
 func main() {
@@ -126,7 +134,7 @@ func main() {
 	app.Name = "cerberus"
 	app.Usage = "Remote BLS Signer"
 	app.Version = version
-	app.Copyright = "(c) 2024 EigenLabs"
+	app.Copyright = fmt.Sprintf("(c) %d Eigen Labs", time.Now().Year())
 
 	app.Flags = []cli.Flag{
 		keystoreDirFlag,
@@ -143,6 +151,7 @@ func main() {
 		awsAccessKeyIDFlag,
 		awsSecretAccessKeyFlag,
 		gcpProjectIDFlag,
+		postgresDatabaseURLFlag,
 	}
 	sort.Sort(cli.FlagsByName(app.Flags))
 
@@ -172,7 +181,7 @@ func start(c *cli.Context) error {
 	awsAccessKeyID := c.String(awsAccessKeyIDFlag.Name)
 	awsSecretAccessKey := c.String(awsSecretAccessKeyFlag.Name)
 	gcpProjectID := c.String(gcpProjectIDFlag.Name)
-
+	postgresDatabaseURL := c.String(postgresDatabaseURLFlag.Name)
 	cfg := &configuration.Configuration{
 		KeystoreDir:           keystoreDir,
 		GrpcPort:              grpcPort,
@@ -186,6 +195,7 @@ func start(c *cli.Context) error {
 		AWSAccessKeyID:        awsAccessKeyID,
 		AWSSecretAccessKey:    awsSecretAccessKey,
 		GCPProjectID:          gcpProjectID,
+		PostgresDatabaseURL:   postgresDatabaseURL,
 	}
 
 	if err := cfg.Validate(); err != nil {

docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3.8'
 services:
   cerberus:
     image: ghcr.io/layr-labs/cerberus:latest
@@ -9,8 +8,29 @@ services:
     environment:
       - "KEYSTORE_DIR=/keystore"
       - "METRICS_PORT=${CERBERUS_METRICS_PORT}"
+      - "POSTGRES_DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@localhost:5432/${DB_NAME}?sslmode=disable"
     volumes:
       - "${CERBERUS_KEYSTORE_DIR}:/keystore"
     env_file:
       - .env
     restart: unless-stopped
+    depends_on:
+      - db
+
+  db:
+    image: postgres:15
+    container_name: db
+    ports:
+      - "${DB_PORT}:${DB_PORT}"
+    environment:
+      - "POSTGRES_PASSWORD=${DB_PASSWORD}"
+      - "POSTGRES_USER=${DB_USER}"
+      - "POSTGRES_DB=${DB_NAME}"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    env_file:
+      - .env
+    restart: unless-stopped
+
+volumes:
+  postgres_data:

go.mod

@@ -1,25 +1,68 @@
 module github.com/Layr-Labs/cerberus
 
-go 1.21
+go 1.22.0
 
-toolchain go1.21.11
+toolchain go1.22.3
 
 require (
 	cloud.google.com/go/secretmanager v1.14.2
-	github.com/Layr-Labs/bn254-keystore-go v0.0.0-20241118175331-3ceaf682f032
-	github.com/Layr-Labs/cerberus-api v0.0.1
+	github.com/Layr-Labs/bn254-keystore-go v0.0.0-20250107020618-26bd412fae87
+	github.com/Layr-Labs/cerberus-api v0.0.2-0.20250107174124-05df6050f723
 	github.com/aws/aws-sdk-go-v2 v1.32.5
 	github.com/aws/aws-sdk-go-v2/config v1.28.5
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.46
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6
 	github.com/consensys/gnark-crypto v0.12.1
+	github.com/golang-migrate/migrate/v4 v4.18.1
 	github.com/prometheus/client_golang v1.20.3
 	github.com/stretchr/testify v1.10.0
+	github.com/testcontainers/testcontainers-go v0.34.0
 	github.com/urfave/cli/v2 v2.27.5
 	google.golang.org/api v0.203.0
 	google.golang.org/grpc v1.67.1
 )
 
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/docker v27.2.0+incompatible // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
+	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+)
+
 require (
 	cloud.google.com/go/auth v0.9.9 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
@@ -50,6 +93,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/lib/pq v1.10.9
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect