fix: Hide other sensitive cfg values (#194)

* fix: Hide other sensitive cfg values * fix: prettyPrintConfig hide values before marshalling * docs: add comment for why we are hiding password when marshalling * fix(makefile): run-memstore-server command missing new mandatory flags * fix: prettyPrintConfig was hiding wrong field. Change RPC->EthRpcUrl * refactor: way redis/s3 hides config details (use custom marshalling function) --------- Co-authored-by: Samuel Laferriere <samlaf92@gmail.com>
Layr-Labs · Nov 20, 2024 · 315910f · 315910f
1 parent 9f04e56
commit 315910f
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -21,7 +21,7 @@ docker-build:
 	@docker build -t ghcr.io/layr-labs/eigenda-proxy:dev .
 
 run-memstore-server:
-	./bin/eigenda-proxy --memstore.enabled
+	./bin/eigenda-proxy --memstore.enabled --eigenda.cert-verification-disabled --eigenda.eth-rpc http://localhost:8545 --eigenda.svc-manager-addr 0x123
 
 disperse-test-blob:
 	curl -X POST -d my-blob-content http://127.0.0.1:3100/put/

diff --git a/cmd/server/entrypoint.go b/cmd/server/entrypoint.go
@@ -73,17 +73,20 @@ func StartProxySvr(cliCtx *cli.Context) error {
 }
 
 // TODO: we should probably just change EdaClientConfig struct definition in eigenda-client
-// to have a `json:"-"` tag on the SignerPrivateKeyHex field, to prevent the privateKey from being marshaled at all
 func prettyPrintConfig(cliCtx *cli.Context, log log.Logger) error {
 	// we read a new config which we modify to hide private info in order to log the rest
 	cfg := server.ReadCLIConfig(cliCtx)
-	cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex = "HIDDEN"
-	cfg.EigenDAConfig.VerifierConfig.RPCURL = "HIDDEN"
+	if cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex != "" {
+		cfg.EigenDAConfig.EdaClientConfig.SignerPrivateKeyHex = "*****" // marshaling defined in client config
+	}
+	if cfg.EigenDAConfig.EdaClientConfig.EthRpcUrl != "" {
+		cfg.EigenDAConfig.EdaClientConfig.EthRpcUrl = "*****" // hiding as RPC providers typically use sensitive API keys within
+	}
 
 	configJSON, err := json.MarshalIndent(cfg, "", "  ")
 	if err != nil {
 		return fmt.Errorf("failed to marshal config: %w", err)
 	}
-	log.Info(fmt.Sprintf("Initializing EigenDA proxy server with config: %v", string(configJSON)))
+	log.Info(fmt.Sprintf("Initializing EigenDA proxy server with config (\"*****\" fields are hidden): %v", string(configJSON)))
 	return nil
 }
diff --git a/e2e/setup.go b/e2e/setup.go
@@ -133,7 +133,6 @@ func createRedisConfig(eigendaCfg server.Config) server.CLIConfig {
 		Password: "",
 		DB:       0,
 		Eviction: 10 * time.Minute,
-		Profile:  true,
 	}
 	return server.CLIConfig{
 		EigenDAConfig: eigendaCfg,

diff --git a/store/precomputed_key/redis/redis.go b/store/precomputed_key/redis/redis.go
@@ -2,6 +2,7 @@ package redis
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"time"
@@ -16,7 +17,19 @@ type Config struct {
 	Password string
 	DB       int
 	Eviction time.Duration
-	Profile  bool
+}
+
+// Custom MarshalJSON function to control what gets included in the JSON output.
+// TODO: Probably best would be to separate config from secrets everywhere.
+// Then we could just log the config and not worry about secrets.
+func (c Config) MarshalJSON() ([]byte, error) {
+	type Alias Config // Use an alias to avoid recursion with MarshalJSON
+	aux := (Alias)(c)
+	// Conditionally include a masked password if it is set
+	if aux.Password != "" {
+		aux.Password = "*****"
+	}
+	return json.Marshal(aux)
 }
 
 // Store ... Redis storage backend implementation

diff --git a/store/precomputed_key/s3/s3.go b/store/precomputed_key/s3/s3.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/hex"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -47,6 +48,19 @@ type Config struct {
 	Path            string
 }
 
+// Custom MarshalJSON function to control what gets included in the JSON output
+// TODO: Probably best would be to separate config from secrets everywhere.
+// Then we could just log the config and not worry about secrets.
+func (c Config) MarshalJSON() ([]byte, error) {
+	type Alias Config // Use an alias to avoid recursion with MarshalJSON
+	aux := (Alias)(c)
+	// Conditionally include a masked password if it is set
+	if aux.AccessKeySecret != "" {
+		aux.AccessKeySecret = "*****"
+	}
+	return json.Marshal(aux)
+}
+
 // Store ... S3 store
 // client safe for concurrent use: https://github.com/minio/minio-go/issues/598#issuecomment-569457863
 type Store struct {

diff --git a/verify/verifier.go b/verify/verifier.go
@@ -2,6 +2,7 @@ package verify
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"math/big"
 
@@ -28,6 +29,17 @@ type Config struct {
 	WaitForFinalization  bool
 }
 
+// Custom MarshalJSON function to control what gets included in the JSON output
+func (c Config) MarshalJSON() ([]byte, error) {
+	type Alias Config // Use an alias to avoid recursion with MarshalJSON
+	aux := (Alias)(c)
+	// Conditionally include a masked password if it is set
+	if aux.RPCURL != "" {
+		aux.RPCURL = "*****"
+	}
+	return json.Marshal(aux)
+}
+
 // TODO: right now verification and confirmation depth are tightly coupled. we should decouple them
 type Verifier struct {
 	// kzgVerifier is needed to commit blobs to the memstore