WIP: Allow users add seed phrase to be stored in secure storage

stellar · Jan 8, 2025 · e2543b1 · e2543b1
1 parent 666b4b0
commit e2543b1
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 30 deletions.
diff --git a/cmd/soroban-cli/src/commands/keys/add.rs b/cmd/soroban-cli/src/commands/keys/add.rs
@@ -31,7 +31,7 @@ pub struct Cmd {
 impl Cmd {
     pub fn run(&self, global_args: &global::Args) -> Result<(), Error> {
         let print = Print::new(global_args.quiet);
-        let secret = self.secrets.read_secret()?;
+        let secret = self.secrets.read_secret(&self.name)?;
         let path = self.config_locator.write_identity(&self.name, &secret)?;
         print.checkln(format!("Key saved with alias {:?} in {path:?}", self.name));
         Ok(())

diff --git a/cmd/soroban-cli/src/commands/keys/generate.rs b/cmd/soroban-cli/src/commands/keys/generate.rs
@@ -121,7 +121,7 @@ impl Cmd {
     fn secret(&self, print: &Print) -> Result<Secret, Error> {
         let seed_phrase = self.seed_phrase()?;
         if self.secure_store {
-            let secret = SecureStore::secret(print, self.name.clone(), seed_phrase)?;
+            let secret = SecureStore::secret(print, &self.name, seed_phrase)?;
             return Ok(secret)
         }
 

diff --git a/cmd/soroban-cli/src/config/secret.rs b/cmd/soroban-cli/src/config/secret.rs
@@ -6,9 +6,7 @@ use sep5::SeedPhrase;
 use stellar_strkey::ed25519::{PrivateKey, PublicKey};
 
 use crate::{
-    print::Print,
-    signer::{self, keyring, LocalKey, SecureStoreEntry, Signer, SignerKind},
-    utils,
+    print::Print, secure_store::{self, SecureStore}, signer::{self, keyring, LocalKey, SecureStoreEntry, Signer, SignerKind}, utils, config::address::KeyName
 };
 
 #[derive(thiserror::Error, Debug)]
@@ -31,6 +29,8 @@ pub enum Error {
     Keyring(#[from] keyring::Error),
     #[error("Secure Store does not reveal secret key")]
     SecureStoreDoesNotRevealSecretKey,
+    #[error("Getting key from secure store failed")] // Todo: update this
+    SecureStore,
 }
 
 #[derive(Debug, clap::Args, Clone)]
@@ -44,37 +44,29 @@ pub struct Args {
     pub seed_phrase: bool,
 
     /// Add using a key saved in a secure store entry. Requires the entry name to be provided with `--entry_name`
-    #[arg(
-        long,
-        requires = "entry_name",
-        conflicts_with = "seed_phrase",
-        conflicts_with = "secret_key"
-    )]
+    #[arg(long)]
     pub secure_store: bool,
-
-    /// Name of the secure store entry, to be used with `--secure_store`
-    #[arg(long, requires = "secure_store")]
-    pub entry_name: Option<String>,
 }
 
 impl Args {
-    pub fn read_secret(&self) -> Result<Secret, Error> {
+    pub fn read_secret(&self, name: &KeyName) -> Result<Secret, Error> {
         if let Ok(secret_key) = std::env::var("SOROBAN_SECRET_KEY") {
-            Ok(Secret::SecretKey { secret_key })
-        } else if self.secure_store {
-            let entry_name_with_prefix = format!(
-                "{}{}-{}",
-                keyring::SECURE_STORE_ENTRY_PREFIX,
-                keyring::SECURE_STORE_ENTRY_SERVICE,
-                self.entry_name.as_ref().unwrap()
-            );
+            return Ok(Secret::SecretKey { secret_key });
+        };
 
-            Ok(Secret::SecureStore {
-                entry_name: entry_name_with_prefix,
-            })
+        println!("Type a secret key or 12/24 word seed phrase:");
+        let secret_key = read_password()?;
+
+        if self.secure_store {
+            // TODO: if secret_key is a private key, this will return error for now
+            // its possible that we can store it as a private key still, and everything still works, so make that update and double check
+            // this will then just return an error if the user tries to fetch a seed phrase from this key
+
+
+            let seed_phrase: SeedPhrase = secret_key.parse()?;
+            let print = &Print::new(false);
+            SecureStore::secret(print, name, seed_phrase).map_err(|_| Error::SecureStore)
         } else {
-            println!("Type a secret key or 12/24 word seed phrase:");
-            let secret_key = read_password()?;
             secret_key
                 .parse()
                 .map_err(|_| Error::InvalidSecretOrSeedPhrase)

diff --git a/cmd/soroban-cli/src/secure_store.rs b/cmd/soroban-cli/src/secure_store.rs
@@ -1,4 +1,5 @@
 use sep5::SeedPhrase;
+use stellar_strkey::ed25519::PrivateKey;
 
 use crate::{
     config::{address::KeyName, locator, secret::{self, Secret}}, print::Print, signer::keyring::{self, StellarEntry}
@@ -16,10 +17,16 @@ pub enum Error{
 
     #[error(transparent)]
     Keyring(#[from] keyring::Error),
+
+    #[error("Storing an existing private key in Secure Store is not supported")]
+    DoesNotSupportPrivateKey,
+
+    #[error(transparent)]
+    SeedPhrase(#[from] sep5::Error)
 }
 
 impl SecureStore {
-    pub fn secret(print: &Print, entry_name: KeyName, seed_phrase: SeedPhrase) -> Result<Secret, Error> {
+    pub fn secret(print: &Print, entry_name: &KeyName, seed_phrase: SeedPhrase) -> Result<Secret, Error> {
         let entry_name_with_prefix = format!(
             "{}{}-{}",
             keyring::SECURE_STORE_ENTRY_PREFIX,