ALL-2059 ADA required tatum api key fix. UX improvements of KMS. Para…

README.md

@@ -114,11 +114,54 @@ You can run KMS on the following operating systems:
 
 We recommend that you run KMS from the [Docker image](https://hub.docker.com/repository/docker/tatumio/tatum-kms) regardless of the operating system used.
 
-### Install KMS from npm
+### Environment variables
+Create file `.env` file with the  following parameters and replace the placeholders with your values:  
 ```
-npm i -g @tatumio/tatum-kms
+# required
+TATUM_API_KEY=XXXXX-YOUR-API-KEY
+# one of the following setups is required: password, VGS, Azure, or AWS
+# password setup
+TATUM_KMS_PASSWORD=XXXXPASSWORD
+# VGS setup
+TATUM_KMS_VGS_USERNAME=XXXXUSERNAME
+TATUM_KMS_VGS_PASSWORD=XXXXPASSWORDVGS
+TATUM_KMS_VGS_ALIAS=XXXVSGALIAS
+# Azure setup
+TATUM_KMS_AZURE_SECRETVERSION=XXVERSION
+TATUM_KMS_AZURE_SECRETNAME=XXSECRETNAME
+TATUM_KMS_AZURE_VAULTURL=XXXXVAULTURL
+# AWS setup
+TATUM_KMS_AWS_REGION=us-east-1
+TATUM_KMS_AWS_SECRET_NAME=YOUR_KMS_SECRET_NAME
+TATUM_KMS_AWS_ACCESS_KEY_ID=AKIAYWGKDBVRGMCASWIE
+TATUM_KMS_AWS_SECRET_ACCESS_KEY=ZxDq62BZGyGe2CzwnVjL/IH8NnJG5Fu0isN7wev9
+TATUM_KMS_AWS_SECRET_KEY=pwd
 ```
 
+### Install KMS from npm
+1. Install KMS globally:
+   ```
+   npm i -g @tatumio/tatum-kms
+   ```
+   or
+   ```
+   yarn global add @tatumio/tatum-kms
+   ```
+1. Use ```.env``` file to configure Tatum KMS   
+   1. via ```--env-file=/path/to/.env``` 
+      ```
+       tatum-kms --env-file=/path/to/.env getaddress 11111111-1111-1111-1111-111111111111 0
+      ```  
+   1. via environment variables directly
+      ```
+      TATUM_API_KEY=XXXXX-YOUR-API-KEY tatum-kms --help
+      ```
+   1. via predefined environment vars on global level
+      ```
+      export TATUM_API_KEY=XXXXX-YOUR-API-KEY  
+      tatum-kms --help
+      ```
+
 >**IMPORTANT!** NodeJS >=14 and npm@6 are required. KMS does **not** work on npm@7.
 
 ### Install KMS via Docker
@@ -130,28 +173,7 @@ npm i -g @tatumio/tatum-kms
     ```
     cd $HOME
     ```
-1. In the home directory, create a `.env` file with the following parameters and replace the placeholders with your values:
-    ```
-    # required
-    TATUM_API_KEY=XXXXX-YOUR-API-KEY
-    # one of the following setups is required: password, VGS, Azure, or AWS
-    # password setup
-    TATUM_KMS_PASSWORD=XXXXPASSWORD
-    # VGS setup
-    TATUM_KMS_VGS_USERNAME=XXXXUSERNAME
-    TATUM_KMS_VGS_PASSWORD=XXXXPASSWORDVGS
-    TATUM_KMS_VGS_ALIAS=XXXVSGALIAS
-    # Azure setup
-    TATUM_KMS_AZURE_SECRETVERSION=XXVERSION
-    TATUM_KMS_AZURE_SECRETNAME=XXSECRETNAME
-    TATUM_KMS_AZURE_VAULTURL=XXXXVAULTURL
-    # AWS setup
-    TATUM_KMS_AWS_REGION=us-east-1
-    TATUM_KMS_AWS_SECRET_NAME=YOUR_KMS_SECRET_NAME
-    TATUM_KMS_AWS_ACCESS_KEY_ID=AKIAYWGKDBVRGMCASWIE
-    TATUM_KMS_AWS_SECRET_ACCESS_KEY=ZxDq62BZGyGe2CzwnVjL/IH8NnJG5Fu0isN7wev9
-    TATUM_KMS_AWS_SECRET_KEY=pwd
-    ```
+1. Use pre-created ```.env``` file to configure Tatum KMS via ```--env-file .env```:
 1. Map the Docker volume to the local storage (your home folder).
 
     For more details, refer to the [Docker user documentation](https://docs.docker.com/storage/volumes/).
@@ -349,7 +371,19 @@ When KMS runs in [daemon mode](#run-kms-in-daemon-mode), use the following comma
         "chain": "BTC"
       }
     }   
-    ```     
+    ```  
+* `checkconfig` shows environment variables for Tatum KMS (for debugging).
+
+    ```
+    bash:$ tatum-kms checkconfig
+    Version                          : 6.4.0
+    Wallet file path                 : ~/.tatumrc/wallet.dat
+    Wallet exists                    : true
+    Wallet store type                : LOCAL
+    Env file                         : .env
+    TATUM_API_KEY                    : d2eb5c******************************
+    ...
+    ```    
 
 ## Common issues
 **Error message:**

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tatumio/tatum-kms",
-  "version": "6.4.0",
+  "version": "6.4.1",
   "description": "Tatum KMS - Key Management System for Tatum-powered apps.",
   "main": "dist/index.js",
   "engines": {

src/config.ts

@@ -17,66 +17,74 @@ export enum ConfigOption {
 }
 
 export class Config {
-  private _configOptions = {
+  private static _configOptions = {
     [ConfigOption.KMS_PASSWORD]: {
       environmentKey: 'TATUM_KMS_PASSWORD',
-      question: 'Enter password to access wallet store:',
+      question: 'Enter password to access wallet store (or set env var TATUM_KMS_PASSWORD):',
     },
     [ConfigOption.VGS_ALIAS]: {
       environmentKey: 'TATUM_KMS_VGS_ALIAS',
-      question: 'Enter alias to obtain from VGS Vault API:',
+      question: 'Enter alias to obtain from VGS Vault API (or set env var TATUM_KMS_VGS_ALIAS):',
     },
     [ConfigOption.TATUM_API_KEY]: {
-      environmentKey: 'TATUM_KMS_TATUM_API_KEY',
-      question: 'Enter alias to obtain from VGS Vault API:',
+      environmentKey: 'TATUM_API_KEY',
+      question: 'Enter Tatum Api Key (or set env var TATUM_API_KEY):',
     },
     [ConfigOption.VGS_USERNAME]: {
       environmentKey: 'TATUM_KMS_VGS_USERNAME',
-      question: 'Enter username to VGS Vault API:',
+      question: 'Enter username to VGS Vault API (or set env var TATUM_KMS_VGS_USERNAME):',
     },
     [ConfigOption.VGS_PASSWORD]: {
       environmentKey: 'TATUM_KMS_VGS_PASSWORD',
-      question: 'Enter password to VGS Vault API:',
+      question: 'Enter password to VGS Vault API (or set env var TATUM_KMS_VGS_PASSWORD):',
     },
     [ConfigOption.AZURE_SECRETVERSION]: {
-      environmentKey: 'TATUM_KMS_VGS_ALIAS',
-      question: 'Enter Secret version to obtain secret from Azure Vault API:',
+      environmentKey: 'TATUM_KMS_AZURE_SECRETVERSION',
+      question:
+        'Enter Secret version to obtain secret from Azure Vault API (or set env var TATUM_KMS_AZURE_SECRETVERSION):',
     },
     [ConfigOption.AZURE_SECRETNAME]: {
       environmentKey: 'TATUM_KMS_AZURE_SECRETNAME',
-      question: 'Enter Secret name to obtain from Azure Vault API:',
+      question: 'Enter Secret name to obtain from Azure Vault API (or set env var TATUM_KMS_AZURE_SECRETNAME):',
     },
     [ConfigOption.AZURE_VAULTURL]: {
       environmentKey: 'TATUM_KMS_AZURE_VAULTURL',
-      question: 'Enter Vault Base URL to obtain secret from Azure Vault API:',
+      question: 'Enter Vault Base URL to obtain secret from Azure Vault API (or set env var TATUM_KMS_AZURE_VAULTURL):',
     },
     [ConfigOption.AWS_REGION]: {
       environmentKey: 'TATUM_KMS_AWS_REGION',
-      question: 'Enter AWS Region to obtain secret from AWS Secrets Manager:',
+      question: 'Enter AWS Region to obtain secret from AWS Secrets Manager (or set env var TATUM_KMS_AWS_REGION):',
     },
     [ConfigOption.AWS_ACCESS_KEY_ID]: {
       environmentKey: 'TATUM_KMS_AWS_ACCESS_KEY_ID',
-      question: 'Enter AWS Access key ID to obtain secret from AWS Secrets Manager:',
+      question:
+        'Enter AWS Access key ID to obtain secret from AWS Secrets Manager (or set env var TATUM_KMS_AWS_ACCESS_KEY_ID):',
     },
     [ConfigOption.AWS_SECRET_ACCESS_KEY]: {
       environmentKey: 'TATUM_KMS_AWS_SECRET_ACCESS_KEY',
-      question: 'Enter AWS Secret access key to obtain secret from AWS Secrets Manager:',
+      question:
+        'Enter AWS Secret access key to obtain secret from AWS Secrets Manager (or set env var TATUM_KMS_AWS_SECRET_ACCESS_KEY):',
     },
     [ConfigOption.AWS_SECRET_NAME]: {
       environmentKey: 'TATUM_KMS_AWS_SECRET_NAME',
-      question: 'Enter AWS Secret name to obtain secret from AWS Secrets Manager:',
+      question:
+        'Enter AWS Secret name to obtain secret from AWS Secrets Manager (or set env var TATUM_KMS_AWS_SECRET_NAME):',
     },
     [ConfigOption.AWS_SECRET_KEY]: {
       environmentKey: 'TATUM_KMS_AWS_SECRET_KEY',
-      question: 'Enter AWS Secret key from you stored secret to obtain password from AWS Secrets Manager:',
+      question:
+        'Enter AWS Secret key from you stored secret to obtain password from AWS Secrets Manager (or set env var TATUM_KMS_AWS_SECRET_KEYa):',
     },
   }
 
-  public getValue(what: ConfigOption): string {
+  public static getValue(what: ConfigOption): string {
     const config = this._configOptions[what]
     if (process.env[config.environmentKey]) {
       return process.env[config.environmentKey] as string
     }
+    if (what === ConfigOption.TATUM_API_KEY) {
+      throw new Error('Required TATUM_API_KEY is not set. Please set it as env variable or pass it as argument.')
+    }
     return question(config.question, {
       hideEchoBack: true,
     })

src/index.ts

@@ -2,29 +2,29 @@
 import { Currency, generateWallet } from '@tatumio/tatum'
 import axios from 'axios'
 import dotenv from 'dotenv'
-import http from 'http'
-import https from 'https'
 import meow from 'meow'
-import { Config } from './config'
 import { PasswordType } from './interfaces'
 import {
+  checkConfig,
   exportWallets,
   generateManagedPrivateKeyBatch,
   getAddress,
   getPassword,
   getPrivateKey,
   getQuestion,
-  getTatumKey,
   getWallet,
   removeWallet,
+  setTatumKey,
   storePrivateKey,
   storeWallet,
 } from './management'
 import { processSignatures } from './signatures'
 import HttpAgent from 'agentkeepalive'
+import { existsSync } from 'fs'
+import * as process from 'process'
+import { homedir } from 'os'
 
 dotenv.config()
-const config = new Config()
 
 const axiosInstance = axios.create({
   httpAgent: new HttpAgent({
@@ -41,7 +41,7 @@ const axiosInstance = axios.create({
   }),
 })
 
-const { input: command, flags } = meow(
+const { input: command, flags, help } = meow(
   `
     Usage
         $ tatum-kms command
@@ -65,8 +65,9 @@ const { input: command, flags } = meow(
         --path                            Custom path to wallet store file.
         --period                          Period in seconds to check for new transactions to sign, defaults to 5 seconds. Daemon mode only.
         --chain                           Blockchains to check, separated by comma. Daemon mode only.
-	    --aws                             Using AWS Secrets Manager (https://aws.amazon.com/secrets-manager/) as a secure storage of the password which unlocks the wallet file.
-	    --vgs                             Using VGS (https://verygoodsecurity.com) as a secure storage of the password which unlocks the wallet file.
+        --env-file                        Path to .env file to set vars.
+	      --aws                             Using AWS Secrets Manager (https://aws.amazon.com/secrets-manager/) as a secure storage of the password which unlocks the wallet file.
+	      --vgs                             Using VGS (https://verygoodsecurity.com) as a secure storage of the password which unlocks the wallet file.
         --azure                           Using Azure Vault (https://azure.microsoft.com/en-us/services/key-vault/) as a secure storage of the password which unlocks the wallet file.
         --externalUrl                     Pass in external url to check valid transaction. This parameter is mandatory for mainnet (if testnet is false).  Daemon mode only.
 `,
@@ -102,6 +103,9 @@ const { input: command, flags } = meow(
         type: 'string',
         isRequired: (f, input) => input[0] === 'daemon' && !f.testnet,
       },
+      'env-file': {
+        type: 'string',
+      },
     },
   },
 )
@@ -120,13 +124,20 @@ const getPasswordType = (): PasswordType => {
 }
 
 const startup = async () => {
+  const envFilePath = (flags.envFile as string) ?? homedir() + '/.tatumrc/.env'
+  if (existsSync(envFilePath)) {
+    dotenv.config({ path: envFilePath })
+  }
+
+  setTatumKey(flags.apiKey as string)
+
   if (command.length === 0) {
+    console.log(help)
     return
   }
   switch (command[0]) {
     case 'daemon': {
       const pwd = await getPassword(getPasswordType(), axiosInstance)
-      getTatumKey(flags.apiKey as string)
       await processSignatures(
         pwd,
         flags.testnet,
@@ -191,6 +202,9 @@ const startup = async () => {
     case 'removewallet':
       await removeWallet(command[1], await getPassword(getPasswordType(), axiosInstance), flags.path)
       break
+    case 'checkconfig':
+      checkConfig(getPasswordType(), envFilePath, flags.path)
+      break
     default:
       console.error('Unsupported command. Use tatum-kms --help for details.')
       process.exit(-1)