From 5f78208169856ff4d0752cbe635264664cf7e323 Mon Sep 17 00:00:00 2001
From: Mahmood1717 <91190009+Mahmood1717@users.noreply.github.com>
Date: Fri, 19 Jan 2024 20:14:53 +0300
Subject: [PATCH 1/4] Update README.md

add docker secrets to protect sensitive information like passwords and private keys in .env file
---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 7d21324..5d27b1f 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,11 @@ cp .env.example .env
 ```
 Update the `TODO` sections in the  `.env` file given in the root directory of the repository with your own details.:
 
+### Create Docker Secrets
+```bash
+echo "your_ecdsa_password" | docker secret create ecdsa_key_password -
+echo "your_bls_password" | docker secret create bls_key_password -
+```
 ### Create some local folders which are required by EigenDA
 ```bash
 mkdir -p $HOME/.eigenlayer/eigenda/logs

From 61b6c096a4b2ef1f5b3acc971a6fba3f19b63ef4 Mon Sep 17 00:00:00 2001
From: Mahmood1717 <91190009+Mahmood1717@users.noreply.github.com>
Date: Fri, 19 Jan 2024 20:18:13 +0300
Subject: [PATCH 2/4] Update .env.example

adding directory of docker secrets instead of password
---
 .env.example | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 3bff029..a72a879 100644
--- a/.env.example
+++ b/.env.example
@@ -89,5 +89,5 @@ NODE_PUBLIC_IP_PROVIDER=seeip
 
 # TODO: Operators need to add password to decrypt the above keys
 # If you have some special characters in password, make sure to use single quotes
-NODE_ECDSA_KEY_PASSWORD=''
-NODE_BLS_KEY_PASSWORD=''
\ No newline at end of file
+NODE_ECDSA_KEY_PASSWORD=/run/secrets/ecdsa_key_password
+NODE_BLS_KEY_PASSWORD=/run/secrets/bls_key_password

From 8cca952efc6f6d722e430b7960a643d55f92b362 Mon Sep 17 00:00:00 2001
From: Mahmood1717 <91190009+Mahmood1717@users.noreply.github.com>
Date: Fri, 19 Jan 2024 20:24:35 +0300
Subject: [PATCH 3/4] Update run.sh

add docker secrets functions
---
 run.sh | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/run.sh b/run.sh
index 6d2743e..219270a 100755
--- a/run.sh
+++ b/run.sh
@@ -8,6 +8,18 @@
 # which causes the password to be incorrect.
 # To test that try running `docker run --rm --env-file .env busybox /bin/sh -c 'echo $NODE_ECDSA_KEY_PASSWORD'`
 # This will output password with single quote. Not sure why this happens.
+# Function to read Docker secrets
+read_secret() {
+  secret_name=$1
+  secret_path="/run/secrets/$secret_name"
+  if [ -f "$secret_path" ]; then
+    cat "$secret_path"
+  else
+    echo "Error: Secret $secret_name not found."
+    exit 1
+  fi
+}
+
 optIn() {
   socket="$NODE_HOSTNAME":"${NODE_DISPERSAL_PORT}"\;"${NODE_RETRIEVAL_PORT}"
   echo "using socket: $socket"
@@ -16,9 +28,9 @@ optIn() {
   --volume "${NODE_ECDSA_KEY_FILE_HOST}":/app/operator_keys/ecdsa_key.json \
   --volume "${NODE_BLS_KEY_FILE_HOST}":/app/operator_keys/bls_key.json \
   --volume "${NODE_LOG_PATH_HOST}":/app/logs:rw \
+  --volume "ecdsa_key_password:/run/secrets/ecdsa_key_password:ro" \
+  --volume "bls_key_password:/run/secrets/bls_key_password:ro" \
   ghcr.io/layr-labs/eigenda/opr-nodeplugin:release-0.2.1 \
-  --ecdsa-key-password "$NODE_ECDSA_KEY_PASSWORD" \
-  --bls-key-password "$NODE_BLS_KEY_PASSWORD" \
   --operation opt-in \
   --socket "$socket"
 }
@@ -30,9 +42,9 @@ optOut() {
     --volume "${NODE_ECDSA_KEY_FILE_HOST}":/app/operator_keys/ecdsa_key.json \
     --volume "${NODE_BLS_KEY_FILE_HOST}":/app/operator_keys/bls_key.json \
     --volume "${NODE_LOG_PATH_HOST}":/app/logs:rw \
+    --volume "ecdsa_key_password:/run/secrets/ecdsa_key_password:ro" \
+    --volume "bls_key_password:/run/secrets/bls_key_password:ro" \
     ghcr.io/layr-labs/eigenda/opr-nodeplugin:release-0.2.1 \
-    --ecdsa-key-password "$NODE_ECDSA_KEY_PASSWORD" \
-    --bls-key-password "$NODE_BLS_KEY_PASSWORD" \
     --operation opt-out \
     --socket "$socket"
 }
@@ -43,4 +55,4 @@ elif [ "$1" = "opt-out" ]; then
   optOut
 else
   echo "Invalid command"
-fi
\ No newline at end of file
+fi

From 7b2d3d23a774d43158f88ed16c648d35cc3ae5a1 Mon Sep 17 00:00:00 2001
From: Mahmood1717 <91190009+Mahmood1717@users.noreply.github.com>
Date: Fri, 19 Jan 2024 20:29:40 +0300
Subject: [PATCH 4/4] Update docker-compose.yml

add secrets section to da-node
---
 docker-compose.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index cfc88b0..4755466 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,9 @@ services:
   da-node:
     env_file:
       - .env
+    secrets:
+      - ecdsa_key_password
+      - bls_key_password
     container_name: ${MAIN_SERVICE_NAME}
     image: ${MAIN_SERVICE_IMAGE}
     ports:
@@ -36,6 +39,11 @@ services:
       - "${NODE_LOG_PATH_HOST}:/app/logs:rw"
       - "${NODE_DB_PATH_HOST}:/data/operator/db:rw"
     restart: unless-stopped
+secrets:
+  ecdsa_key_password:
+    external: true
+  bls_key_password:
+    external: true
 networks:
   eigenda:
     name: ${NETWORK_NAME}