diff --git a/apps/firebase/env.mnemonic.alfajores.enc b/apps/firebase/env.mnemonic.alfajores.enc deleted file mode 100644 index 1ac9e78b8..000000000 Binary files a/apps/firebase/env.mnemonic.alfajores.enc and /dev/null differ diff --git a/apps/firebase/env.mnemonic.baklava.enc b/apps/firebase/env.mnemonic.baklava.enc deleted file mode 100644 index 79e6b20f6..000000000 Binary files a/apps/firebase/env.mnemonic.baklava.enc and /dev/null differ diff --git a/apps/firebase/env.mnemonic.enc b/apps/firebase/env.mnemonic.enc deleted file mode 100644 index 21636aa8b..000000000 Binary files a/apps/firebase/env.mnemonic.enc and /dev/null differ diff --git a/apps/firebase/env.mnemonic.rc1.enc b/apps/firebase/env.mnemonic.rc1.enc deleted file mode 100644 index e0da5e98e..000000000 Binary files a/apps/firebase/env.mnemonic.rc1.enc and /dev/null differ diff --git a/apps/firebase/package.json b/apps/firebase/package.json index 76733f983..ceef70ff4 100644 --- a/apps/firebase/package.json +++ b/apps/firebase/package.json @@ -15,8 +15,7 @@ "lint": "eslint -c ../../.eslintrc.js --ext .ts ./src", "transfer-funds": "ts-node scripts/transfer-funds.ts", "cli": "ts-node scripts/cli.ts", - "build:rules": "firebase-bolt database-rules.bolt", - "keys:encrypt": "bash scripts/key_placer.sh encrypt" + "build:rules": "firebase-bolt database-rules.bolt" }, "dependencies": { "@celo/connect": "^5.0.0", diff --git a/apps/firebase/scripts/key_placer.sh b/apps/firebase/scripts/key_placer.sh deleted file mode 100755 index d9460b2a1..000000000 --- a/apps/firebase/scripts/key_placer.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash - -echo "Processing encrypted files v2" - -# Set list of secret files to encrypt and decrypt. -files=( - ".env.mnemonic:celo-testnet" - ".env.mnemonic.alfajores:celo-testnet" - ".env.mnemonic.baklava:celo-testnet" - ".env.mnemonic.rc1:celo-testnet-production" -) - -if [[ -z "$1" ]]; then - echo "Encrypt or decrypt secret files using GCP keystore." - echo "usage: $0 < encrypt | decrypt >" - exit 1 -elif [[ $1 != "encrypt" ]] && [[ $1 != "decrypt" ]]; then - echo "invalid action $1. Choose 'encrypt' or 'decrypt'" - echo "usage: $0 < encrypt | decrypt >" - exit 1 -fi - -# this is to allow the script to be called from anywhere -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -cd $DIR -cd .. - -# place templates to be used (if they exist) in case the environment -# doesn't have access to decryption keys -if [[ $1 == "decrypt" ]]; then - for file_path_map in "${files[@]}"; do - file_path=${file_path_map%%:*} - template_file_path="$file_path.template" - - if test -f "$template_file_path" && ! test -f "$file_path"; then - cp "$template_file_path" "$file_path" - fi - done -fi - -command -v gcloud > /dev/null 2>&1 -if [[ $? -eq 1 ]]; then - echo "gcloud is not installed - skipping ${1}ion" - exit 0 -fi - -for file_path_map in "${files[@]}"; do - file_path=${file_path_map%%:*} - environment=${file_path_map#*:} - encrypted_file_path="$file_path.enc" - - # When decrypting ensure the encrypted file exists or skip. - if [[ $1 == "decrypt" ]] && ! test -f "$encrypted_file_path"; then - echo "$encrypted_file_path does not exist, cannot decrypt - skipping file" >&2 - continue - fi - - # When encrypting ensure the plaintext file exists. - if [[ $1 == "encrypt" ]]; then - if [[ ! -f "$file_path" ]]; then - echo "$file_path does not exist, cannot encrypt - skipping file" >&2 - continue - fi - fi - - # Encrypt or decrypt this file. - gcloud kms $1 --ciphertext-file=$encrypted_file_path --plaintext-file=$file_path --key=github-mnemonic-key --keyring=celo-keyring --location=global --project $environment - if [[ $? -eq 1 ]]; then - echo "Only cLabs employees with $environment access can $1 keys - skipping ${1}ion" - exit 0 - fi -done - -if [[ $1 == "decrypt" ]]; then - echo "Encrypted files decrypted" -elif [[ $1 == "encrypt" ]]; then - echo "Decrypted files encrypted" -fi - -exit 0