From ca3c79200dac8f7e2de352a61d1c850e04ee08e6 Mon Sep 17 00:00:00 2001
From: Danilo Tuler <tuler@pobox.com>
Date: Thu, 14 Mar 2024 10:15:07 -0300
Subject: [PATCH] feat: support specification of private key file to claimer

---
 CHANGELOG.md                                 |  2 +-
 docs/config.md                               |  8 ++++++++
 internal/config/generate/Config.toml         |  9 +++++++++
 internal/config/get.go                       |  5 +++++
 offchain/authority-claimer/src/config/cli.rs | 14 +++++++++++++-
 5 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de920d38f..77d8bf6f7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Added verification to ensure CARTESI_BLOCKCHAIN_ID matches the id returned from the Ethereum node
-- Added support for CARTESI_AUTH_PRIVATE_KEY
+- Added support for CARTESI_AUTH_PRIVATE_KEY and CARTESI_AUTH_PRIVATE_KEY_FILE
 
 ## Changed
 
diff --git a/docs/config.md b/docs/config.md
index f98efe833..5f8979bba 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -57,6 +57,14 @@ Overrides `CARTESI_AUTH_AWS_KMS_*`.
 
 The node will use this private key to sign transactions.
 
+Overrides `CARTESI_AUTH_PRIVATE_KEY_FILE`, `CARTESI_AUTH_MNEMONIC`, `CARTESI_AUTH_MNEMONIC_FILE` and `CARTESI_AUTH_AWS_KMS_*`.
+
+* **Type:** `string`
+
+## `CARTESI_AUTH_PRIVATE_KEY_FILE`
+
+The node will use the private key contained in this file to sign transactions.
+
 Overrides `CARTESI_AUTH_MNEMONIC`, `CARTESI_AUTH_MNEMONIC_FILE` and `CARTESI_AUTH_AWS_KMS_*`.
 
 * **Type:** `string`
diff --git a/internal/config/generate/Config.toml b/internal/config/generate/Config.toml
index c71813108..212146fc6 100644
--- a/internal/config/generate/Config.toml
+++ b/internal/config/generate/Config.toml
@@ -177,6 +177,15 @@ redact = true
 description = """
 The node will use this private key to sign transactions.
 
+Overrides `CARTESI_AUTH_PRIVATE_KEY_FILE`, `CARTESI_AUTH_MNEMONIC`, `CARTESI_AUTH_MNEMONIC_FILE` and `CARTESI_AUTH_AWS_KMS_*`."""
+
+[auth.CARTESI_AUTH_PRIVATE_KEY_FILE]
+go-type = "string"
+export = false
+redact = true
+description = """
+The node will use the private key contained in this file to sign transactions.
+
 Overrides `CARTESI_AUTH_MNEMONIC`, `CARTESI_AUTH_MNEMONIC_FILE` and `CARTESI_AUTH_AWS_KMS_*`."""
 
 [auth.CARTESI_AUTH_AWS_KMS_KEY_ID]
diff --git a/internal/config/get.go b/internal/config/get.go
index ad19242e4..d5d9419bc 100644
--- a/internal/config/get.go
+++ b/internal/config/get.go
@@ -44,6 +44,11 @@ func getCartesiAuthPrivateKey() (string, bool) {
 	return v, ok
 }
 
+func getCartesiAuthPrivateKeyFile() (string, bool) {
+	v, ok := getOptional("CARTESI_AUTH_PRIVATE_KEY_FILE", "", false, true, toString)
+	return v, ok
+}
+
 func GetCartesiBlockchainBlockTimeout() int {
 	v := get("CARTESI_BLOCKCHAIN_BLOCK_TIMEOUT", "60", true, false, toInt)
 	return v
diff --git a/offchain/authority-claimer/src/config/cli.rs b/offchain/authority-claimer/src/config/cli.rs
index d1f07dc04..5df9c6ffd 100644
--- a/offchain/authority-claimer/src/config/cli.rs
+++ b/offchain/authority-claimer/src/config/cli.rs
@@ -91,10 +91,14 @@ impl TryFrom<AuthorityClaimerCLI> for AuthorityClaimerConfig {
 #[derive(Debug, Parser)]
 #[command(name = "tx_signing_config")]
 pub(crate) struct TxSigningCLIConfig {
-    /// Signer private key, overrides `tx_signing_mnemonic` , `tx_signing_mnemonic_file` and `tx_signing_aws_kms_*`
+    /// Signer private key, overrides `tx_signing_private_key_file`, `tx_signing_mnemonic` , `tx_signing_mnemonic_file` and `tx_signing_aws_kms_*`
     #[arg(long, env)]
     tx_signing_private_key: Option<String>,
 
+    /// Signer private key file, overrides `tx_signing_mnemonic` , `tx_signing_mnemonic_file` and `tx_signing_aws_kms_*`
+    #[arg(long, env)]
+    tx_signing_private_key_file: Option<String>,
+
     /// Signer mnemonic, overrides `tx_signing_mnemonic_file` and `tx_signing_aws_kms_*`
     #[arg(long, env)]
     tx_signing_mnemonic: Option<String>,
@@ -125,6 +129,14 @@ impl TryFrom<TxSigningCLIConfig> for TxSigningConfig {
             Ok(TxSigningConfig::PrivateKey {
                 private_key: Redacted::new(private_key),
             })
+        } else if let Some(path) = cli.tx_signing_private_key_file {
+            let private_key = fs::read_to_string(path.clone())
+                .context(MnemonicFileSnafu { path })?
+                .trim()
+                .to_string();
+            Ok(TxSigningConfig::PrivateKey {
+                private_key: Redacted::new(private_key),
+            })
         } else if let Some(mnemonic) = cli.tx_signing_mnemonic {
             Ok(TxSigningConfig::Mnemonic {
                 mnemonic: Redacted::new(mnemonic),