feat: add generate_stronghold option

agent_application/docker/docker-compose.yml

@@ -38,9 +38,9 @@ services:
       UNICORE__LOG_FORMAT: text
       UNICORE__EVENT_STORE__TYPE: postgres
       UNICORE__EVENT_STORE__CONNECTION_STRING: postgresql://demo_user:demo_pass@cqrs-postgres-db:5432/demo
-      UNICORE__URL: http://192.168.1.234:3033
+      UNICORE__URL: ${UNICORE__URL}
 
-      UNICORE__SECRET_MANAGER__STRONGHOLD_PATH: "/app/res/stronghold"
+      UNICORE__SECRET_MANAGER__STRONGHOLD_PATH: "/app/res/stronghold-test"
       UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD: "secure_password"
 
       # Uncomment the following lines to use the DID method `did:iota:rms`
@@ -49,7 +49,7 @@ services:
       # UNICORE__SECRET_MANAGER__ISSUER_FRAGMENT: "bQKQRzaop7CgEvqVq8UlgLGsdF-R-hnLFkKFZqW2VN0"
     volumes:
       - ../../agent_application/example-config.yaml:/app/agent_application/example-config.yaml
-      - ../../agent_secret_manager/tests/res/test.stronghold:/app/res/stronghold
+      # - ../../agent_secret_manager/tests/res/test.stronghold:/app/res/stronghold
       - ../../agent_verification/presentation_definitions:/app/agent_verification/presentation_definitions
       # TODO: Remove this. This is a workaround that ensures that the `agent_verification/presentation_definitions`
       # folder can be accessed by the agent from the `fn authorization_requests` endpoint.

agent_application/example-config.yaml

@@ -70,10 +70,12 @@ credential_configurations:
 
 # Key configuration (temporary)
 secret_manager:
-  stronghold_path: "/tmp/local.stronghold"
+  # Set this to `true` in order to generate a new stronghold file if it does not exist yet.
+  generate_stronghold: true
+  # stronghold_path: "/tmp/local.stronghold"
   # stronghold_password: "" <== Should be injected through the env variable `UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD`
   # stronghold_password_file: ""
-  issuer_eddsa_key_id: "ed25519-0"
-  issuer_es256_key_id: "es256-0"
+  # issuer_eddsa_key_id: "ed25519-0"
+  # issuer_es256_key_id: "es256-0"
   # issuer_did: "did:iota:rms:0x0000000000000000000000000000000000000000000000000000000000000000"
   # issuer_fragment: "key-0"

agent_secret_manager/src/lib.rs

@@ -1,11 +1,13 @@
 use agent_shared::config::{config, SecretManagerConfig};
 use did_manager::SecretManager;
+use log::info;
 
 pub mod subject;
 
 // TODO: find better solution for this
 pub async fn secret_manager() -> SecretManager {
     let SecretManagerConfig {
+        generate_stronghold,
         stronghold_path: snapshot_path,
         stronghold_password: password,
         issuer_eddsa_key_id,
@@ -14,30 +16,21 @@ pub async fn secret_manager() -> SecretManager {
         issuer_fragment,
     } = config().secret_manager.clone();
 
-    match (
-        snapshot_path,
-        password,
-        issuer_eddsa_key_id,
-        issuer_es256_key_id,
-        issuer_did,
-        issuer_fragment,
-    ) {
-        (snapshot_path, password, issuer_eddsa_key_id, issuer_es256_key_id, issuer_did, issuer_fragment)
-            if issuer_eddsa_key_id.is_some() || issuer_es256_key_id.is_some() =>
-        {
-            SecretManager::load(
-                snapshot_path,
-                password,
-                issuer_eddsa_key_id,
-                issuer_es256_key_id,
-                None,
-                issuer_did,
-                issuer_fragment,
-            )
-            .await
-            .unwrap()
-        }
-        (snapshot_path, password, None, None, _, _) => SecretManager::generate(snapshot_path, password).await.unwrap(),
-        _ => panic!(),
+    if generate_stronghold {
+        info!("Generating new secret manager");
+        SecretManager::generate(snapshot_path, password).await.unwrap()
+    } else {
+        info!("Loading secret manager from Stronghold snapshot");
+        SecretManager::load(
+            snapshot_path,
+            password,
+            issuer_eddsa_key_id,
+            issuer_es256_key_id,
+            None,
+            issuer_did,
+            issuer_fragment,
+        )
+        .await
+        .unwrap()
     }
 }

agent_shared/src/config.rs

@@ -8,7 +8,7 @@ use std::{
     collections::HashMap,
     sync::{RwLock, RwLockReadGuard},
 };
-use tracing::info;
+use tracing::{debug, info};
 use url::Url;
 
 #[derive(Debug, Deserialize, Clone)]
@@ -59,6 +59,8 @@ pub struct EventStorePostgresConfig {
 
 #[derive(Debug, Deserialize, Clone)]
 pub struct SecretManagerConfig {
+    #[serde(default)]
+    pub generate_stronghold: bool,
     pub stronghold_path: String,
     pub stronghold_password: String,
     pub issuer_eddsa_key_id: Option<String>,
@@ -201,6 +203,8 @@ pub static CONFIG: Lazy<RwLock<ApplicationConfiguration>> =
 impl ApplicationConfiguration {
     pub fn new() -> Result<Self, ConfigError> {
         dotenvy::dotenv().ok();
+        // TODO: these cannot be logged because `tracing_subscriber` is not initialized yet at this point since it does
+        // not know the log format yet.
         info!("Environment variables loaded.");
         info!("Loading application configuration ...");
 
@@ -219,7 +223,13 @@ impl ApplicationConfiguration {
                 .build()?
         };
 
-        config.try_deserialize()
+        config.try_deserialize().inspect(|config: &ApplicationConfiguration| {
+            // TODO: this won't be logged either because `tracing_subscriber` is not initialized yet at this point. To
+            // fix this we can consider obtaining the `log_format` from the config file prior to loading the complete
+            // configuration.
+            info!("Configuration loaded successfully");
+            debug!("{:#?}", config);
+        })
     }
 
     pub fn set_preferred_did_method(&mut self, preferred_did_method: SupportedDidMethod) {