merge from master

.circleci/config.yml

@@ -26,7 +26,7 @@ reference:
 defaults: &defaults
   working_directory: ~/app
   docker:
-    - image: us.gcr.io/celo-testnet/circleci-node12:1.0.0
+    - image: us.gcr.io/celo-testnet/circleci-node12:1.1.0
   environment:
     # To avoid ENOMEM problem when running node
     NODE_OPTIONS: '--max-old-space-size=4096'
@@ -727,7 +727,7 @@ jobs:
   test-typescript-npm-package-install:
     working_directory: ~/app
     docker:
-      - image: us.gcr.io/celo-testnet/circleci-node12:1.0.0
+      - image: us.gcr.io/celo-testnet/circleci-node12:1.1.0
     steps:
       - run:
           name: Check if the test should run
@@ -740,7 +740,7 @@ jobs:
   test-utils-npm-package-install:
     working_directory: ~/app
     docker:
-      - image: us.gcr.io/celo-testnet/circleci-node12:1.0.0
+      - image: us.gcr.io/celo-testnet/circleci-node12:1.1.0
     steps:
       - run:
           name: Check if the test should run
@@ -753,7 +753,7 @@ jobs:
   test-contractkit-npm-package-install:
     working_directory: ~/app
     docker:
-      - image: us.gcr.io/celo-testnet/circleci-node12:1.0.0
+      - image: us.gcr.io/celo-testnet/circleci-node12:1.1.0
     steps:
       - run:
           name: Check if the test should run
@@ -769,7 +769,7 @@ jobs:
   test-celocli-npm-package-install:
     working_directory: ~/app
     docker:
-      - image: us.gcr.io/celo-testnet/circleci-node12:1.0.0
+      - image: us.gcr.io/celo-testnet/circleci-node12:1.1.0
     steps:
       - run:
           name: Check if the test should run
@@ -782,21 +782,24 @@ jobs:
           name: Minor test of celocli
           command: ./node_modules/.bin/celocli account:new # Small test
 
-  phone-number-privacy-test:
+  odis-test:
     <<: *defaults
     steps:
       - attach_workspace:
           at: ~/app
       - run:
           name: Check if the test should run
           command: |
-            ./scripts/ci_check_if_test_should_run_v2.sh @celo/phone-number-privacy-signer,@celo/phone-number-privacy-combiner
+            ./scripts/ci_check_if_test_should_run_v2.sh @celo/phone-number-privacy-signer,@celo/phone-number-privacy-combiner,@celo/phone-number-privacy-common
+      - run:
+          name: Run Tests for common package
+          command: yarn --cwd=packages/phone-number-privacy/common test:coverage
       - run:
           name: Run Tests for combiner
-          command: yarn --cwd=packages/phone-number-privacy/combiner test
+          command: yarn --cwd=packages/phone-number-privacy/combiner test:coverage
       - run:
           name: Run Tests for signer
-          command: yarn --cwd=packages/phone-number-privacy/signer test
+          command: yarn --cwd=packages/phone-number-privacy/signer test:coverage
 
   certora-test:
     working_directory: ~/app
@@ -979,7 +982,7 @@ workflows:
           requires:
             - lint-checks
             - contractkit-test
-      - phone-number-privacy-test:
+      - odis-test:
           requires:
             - lint-checks
       - flakey-test-summary:
@@ -999,7 +1002,7 @@ workflows:
             - end-to-end-geth-sync-test
             - end-to-end-geth-validator-order-test
             - end-to-end-cip35-eth-compatibility-test
-            - phone-number-privacy-test
+            - odis-test
   npm-install-testing-cron-workflow:
     triggers:
       - schedule:

.env

@@ -207,6 +207,9 @@ CONTEXTS=azure-odis0-centralus,azure-odis1-centralus,azure-odis2-centralus
 ODIS_SIGNER_DOCKER_IMAGE_REPOSITORY=us.gcr.io/celo-testnet/celo-monorepo
 ODIS_SIGNER_DOCKER_IMAGE_TAG=oblivious-decentralized-identifier-service-1.1.10
 ODIS_SIGNER_BLOCKCHAIN_PROVIDER=https://alfajores-forno.celo-testnet.org
+ODIS_SIGNER_DOMAINS_API_ENABLED=true
+ODIS_SIGNER_PNP_API_ENABLED=true
+ODIS_SIGNER_LEGACY_PNP_API_ENABLED=true
 
 # ODIS signer 0 Azure info
 AZURE_ODIS0_CENTRALUS_AZURE_SUBSCRIPTION_ID=97e2b592-255b-4f92-bce0-127257163c36
@@ -225,6 +228,10 @@ AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_DB_USERNAME=pgpnp@staging-pgpnp-centralus
 # ODIS signer 0 Key Vault
 AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_NAME=staging-pgpnp-cus
 AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy0
+AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains0
+AZURE_ODIS0_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer 0 Network
 AZURE_ODIS0_CENTRALUS_ODIS_NETWORK=staging
@@ -256,6 +263,10 @@ AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_DB_USERNAME=pgpnp@staging-pgpnp1-centralus
 # ODIS Signer 1 Key Vault
 AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_NAME=staging-pgpnp-cus
 AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share1
+AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy1
+AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains1
+AZURE_ODIS1_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS Signer 1 Prometheus config
 AZURE_ODIS1_CENTRALUS_PROM_SCRAPE_JOB_NAME=scrape-odis
@@ -283,6 +294,10 @@ AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_DB_USERNAME=pgpnp@staging-pgpnp2-centralus
 # ODIS Signer 2 Key Vault
 AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_NAME=staging-pgpnp-cus
 AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share2
+AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy2
+AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains2
+AZURE_ODIS2_CENTRALUS_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS Signer 2 Prometheus config
 AZURE_ODIS2_CENTRALUS_PROM_SCRAPE_JOB_NAME=scrape-odis

.env.alfajores

@@ -54,10 +54,10 @@ AZURE_ORACLE_CENTRALUS_FULL_NODES_WS_PORT="8546"
 
 # Temporarily point to celo-org repository to consume patched image.
 GETH_NODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth"
-GETH_NODE_DOCKER_IMAGE_TAG="1.6.0"
+GETH_NODE_DOCKER_IMAGE_TAG="1.7.0"
 
 GETH_BOOTNODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth-all"
-GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.6.0"
+GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.7.0"
 
 # Enable pprof and prometheus scrape labels
 GETH_ENABLE_METRICS=true
@@ -124,7 +124,7 @@ FAUCET_CUSD_WEI=60000000000000000000000
 VALIDATORS=10
 VALIDATOR_PROXY_COUNTS=10:0
 
-TX_NODES=10
+TX_NODES=4
 # Nodes whose RPC ports are only internally exposed
 PRIVATE_TX_NODES=2
 STATIC_IPS_FOR_GETH_NODES=true
@@ -180,6 +180,10 @@ AZURE_ODIS_EASTUS_1_ODIS_SIGNER_DB_USERNAME=cLabs@pgpnp-alfajores-db1v2
 # ODIS signer 1 Key Vault
 AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_NAME=pgpnp-alfajores-kv1
 AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_EASTUS_1_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer 1 Network
 AZURE_ODIS_EASTUS_1_ODIS_NETWORK=alfajores
@@ -210,6 +214,10 @@ AZURE_ODIS_EASTUS_2_ODIS_SIGNER_DB_USERNAME=clabs@pgpnp-alfajores-db2v2
 # ODIS signer 2 Key Vault
 AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_NAME=pgpnp-alfajores-kv2
 AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_EASTUS_2_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer 2 Network
 AZURE_ODIS_EASTUS_2_ODIS_NETWORK=alfajores
@@ -240,6 +248,10 @@ AZURE_ODIS_EASTUS_3_ODIS_SIGNER_DB_USERNAME=cLabs@pgpnp-alfajores-db3v2
 # ODIS signer 3 Key Vault
 AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_NAME=pgpnp-alfajores-kv3
 AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_SECRET_NAME=domains
+AZURE_ODIS_EASTUS_3_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer 3 Network
 AZURE_ODIS_EASTUS_3_ODIS_NETWORK=alfajores

.env.baklava

@@ -25,10 +25,10 @@ CELOSTATS_BANNED_ADDRESSES=""
 CELOSTATS_RESERVED_ADDRESSES=""
 
 GETH_NODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth"
-GETH_NODE_DOCKER_IMAGE_TAG="1.6.0"
+GETH_NODE_DOCKER_IMAGE_TAG="1.7.0"
 
 GETH_BOOTNODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth-all"
-GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.6.0"
+GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.7.0"
 
 CELOTOOL_DOCKER_IMAGE_REPOSITORY="gcr.io/celo-testnet/celo-monorepo"
 CELOTOOL_DOCKER_IMAGE_TAG="celotool-4257fe61f91e935681f3a91bb4dcb44c8dd6df47"

.env.rc1

@@ -34,12 +34,12 @@ CELOSTATS_RESERVED_ADDRESSES=""
 GETH_NODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth"
 # When upgrading change this to latest commit hash from the master of the geth repo
 # `geth $ git show | head -n 1`
-GETH_NODE_DOCKER_IMAGE_TAG="1.5.6"
+GETH_NODE_DOCKER_IMAGE_TAG="1.7.0"
 
 GETH_BOOTNODE_DOCKER_IMAGE_REPOSITORY="us.gcr.io/celo-org/geth-all"
 # When upgrading change this to latest commit hash from the master of the geth repo
 # `geth $ git show | head -n 1`
-GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.5.5"
+GETH_BOOTNODE_DOCKER_IMAGE_TAG="1.7.0"
 
 CELOTOOL_DOCKER_IMAGE_REPOSITORY="gcr.io/celo-testnet/celo-monorepo"
 CELOTOOL_DOCKER_IMAGE_TAG="celotool-4257fe61f91e935681f3a91bb4dcb44c8dd6df47"
@@ -357,6 +357,10 @@ AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_DB_USERNAME=clabs@mainnet-pgpnp-db-westus2
 # ODIS signer WESTUS2 A Key Vault
 AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_NAME=mainnet-pgpnp-westus2
 AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_WESTUS2_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer WESTUS2 A Network
 AZURE_ODIS_WESTUS2_A_ODIS_NETWORK=mainnet
@@ -387,6 +391,10 @@ AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_DB_USERNAME=cLabs@mainnet-pgpnp-westeurope
 # ODIS signer WESTEUROPE A Key Vault
 AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_NAME=mainnet-pgpnp-westeurope
 AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_WESTEUROPE_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer WESTEUROPE A Network
 AZURE_ODIS_WESTEUROPE_A_ODIS_NETWORK=mainnet
@@ -417,6 +425,10 @@ AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_DB_USERNAME=clabs@mainnet-pgpnp-db-eastasia
 # ODIS signer EASTASIA A Key Vault
 AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_NAME=mainnet-pgpnp-eastasia
 AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_EASTASIA_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer EASTASIA A Network
 AZURE_ODIS_EASTASIA_A_ODIS_NETWORK=mainnet
@@ -447,6 +459,10 @@ AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_DB_USERNAME=clabs@mainnet-pgpnp-db-brazilso
 # ODIS signer BRAZILSOUTH A Key Vault
 AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_NAME=mainnet-pgpnp-brazil
 AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME=bls-share
+AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE=phoneNumberPrivacy
+AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION=1
+AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE=domains
+AZURE_ODIS_BRAZILSOUTH_A_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION=1
 
 # ODIS signer BRAZILSOUTH A Network
 AZURE_ODIS_BRAZILSOUTH_A_ODIS_NETWORK=mainnet

.vscode/extensions.json

@@ -13,7 +13,8 @@
     "pkief.material-icon-theme",
     "davidanson.vscode-markdownlint",
     "mikestead.dotenv",
-    "coenraads.bracket-pair-colorizer-2"
+    "coenraads.bracket-pair-colorizer-2",
+    "markis.code-coverage"
   ],
   // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
   "unwantedRecommendations": []

dependency-graph.json

@@ -102,6 +102,7 @@
       "@celo/flake-tracker",
       "@celo/identity",
       "@celo/phone-number-privacy-common",
+      "@celo/phone-number-privacy-signer",
       "@celo/utils"
     ]
   },

dockerfiles/circleci/circleci-node12/Dockerfile

@@ -1,4 +1,4 @@
-FROM circleci/node:12
+FROM circleci/node:12.22
 
 RUN sudo apt-get update -y
 RUN sudo apt-get install lsb-release libudev-dev libusb-dev libusb-1.0-0 rsync -y

package.json

@@ -124,7 +124,7 @@
     "react-native-flipper": "^0.70.0",
     "react-native-ntp-client": "^1.0.0",
     "set-value": "^3.0.2",
-    "sha3": "1.2.3",
+    "sha3": "1.2.6",
     "tar": "4.4.15",
     "ua-parser-js": "0.7.28",
     "underscore": "^1.12.1",

packages/attestation-service/package.json

@@ -56,7 +56,6 @@
     "pg-hstore": "2.3.3",
     "prom-client": "11.2.0",
     "sequelize": "5.21.5",
-    "sqlite3": "4.0.9",
     "ts-mockito": "^2.6.1",
     "twilio": "^3.57.0",
     "web3": "1.3.6",
@@ -73,11 +72,12 @@
     "@types/node-fetch": "2.5.12",
     "nodemon": "1.19.1",
     "sequelize-cli": "^5.5.1",
+    "sqlite3": "4.0.9",
     "ts-node": "8.3.0",
     "webpack": "4.39.1",
     "webpack-cli": "3.3.6"
   },
   "engines": {
     "node": ">=8.13.0"
   }
-}
+}

packages/celotool/src/lib/env-utils.ts

@@ -119,6 +119,9 @@ export enum envVar {
   ODIS_SIGNER_DOCKER_IMAGE_REPOSITORY = 'ODIS_SIGNER_DOCKER_IMAGE_REPOSITORY',
   ODIS_SIGNER_DOCKER_IMAGE_TAG = 'ODIS_SIGNER_DOCKER_IMAGE_TAG',
   ODIS_SIGNER_BLOCKCHAIN_PROVIDER = 'ODIS_SIGNER_BLOCKCHAIN_PROVIDER',
+  ODIS_SIGNER_DOMAINS_API_ENABLED = 'ODIS_SIGNER_DOMAINS_API_ENABLED',
+  ODIS_SIGNER_PNP_API_ENABLED = 'ODIS_SIGNER_PNP_API_ENABLED',
+  ODIS_SIGNER_LEGACY_PNP_API_ENABLED = 'ODIS_SIGNER_LEGACY_PNP_API_ENABLED',
   ORACLE_DOCKER_IMAGE_REPOSITORY = 'ORACLE_DOCKER_IMAGE_REPOSITORY',
   ORACLE_DOCKER_IMAGE_TAG = 'ORACLE_DOCKER_IMAGE_TAG',
   ORACLE_UNUSED_ORACLE_ADDRESSES = 'ORACLE_UNUSED_ORACLE_ADDRESSES',
@@ -176,6 +179,7 @@ export enum envVar {
  * Dynamic env vars are env var names that can be dynamically constructed
  * using templates.
  */
+
 export enum DynamicEnvVar {
   AWS_CLUSTER_REGION = '{{ context }}_AWS_KUBERNETES_CLUSTER_REGION',
   AWS_RESOURCE_GROUP_TAG = '{{ context }}_AWS_KUBERNETES_RESOURCE_GROUP',
@@ -217,6 +221,13 @@ export enum DynamicEnvVar {
   ODIS_SIGNER_BLOCKCHAIN_API_KEY = '{{ context }}_ODIS_SIGNER_BLOCKCHAIN_API_KEY',
   ODIS_SIGNER_AZURE_KEYVAULT_NAME = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_NAME',
   ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME',
+  ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE',
+  ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION',
+  ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE',
+  ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION = '{{ context }}_ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION',
+  ODIS_SIGNER_DOMAINS_API_ENABLED = '{{ context }}_ODIS_SIGNER_DOMAINS_API_ENABLED',
+  ODIS_SIGNER_PHONE_NUMBER_PRIVACY_API_ENABLED = '{{ context }}_ODIS_SIGNER_PNP_API_ENABLED',
+  ODIS_SIGNER_LEGACY_PHONE_NUMBER_PRIVACY_API_ENABLED = '{{ context }}_ODIS_SIGNER_LEGACY_PNP_API_ENABLED',
   ODIS_SIGNER_DB_HOST = '{{ context }}_ODIS_SIGNER_DB_HOST',
   ODIS_SIGNER_DB_PORT = '{{ context }}_ODIS_SIGNER_DB_PORT',
   ODIS_SIGNER_DB_USERNAME = '{{ context }}_ODIS_SIGNER_DB_USERNAME',

packages/celotool/src/lib/odis.ts

@@ -19,6 +19,10 @@ const helmChartPath = '../helm-charts/odis'
 interface ODISSignerKeyVaultConfig {
   vaultName: string
   secretName: string
+  pnpKeyNameBase: string
+  pnpKeyLatestVersion: string
+  domainsKeyNameBase: string
+  domainsKeyLatestVersion: string
 }
 
 /**
@@ -59,6 +63,10 @@ const contextODISSignerKeyVaultConfigDynamicEnvVars: {
 } = {
   vaultName: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_NAME,
   secretName: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_SECRET_NAME,
+  pnpKeyNameBase: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_NAME_BASE,
+  pnpKeyLatestVersion: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_PNP_KEY_LATEST_VERSION,
+  domainsKeyNameBase: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_NAME_BASE,
+  domainsKeyLatestVersion: DynamicEnvVar.ODIS_SIGNER_AZURE_KEYVAULT_DOMAINS_KEY_LATEST_VERSION,
 }
 
 /**
@@ -159,6 +167,13 @@ async function helmParameters(celoEnv: string, context: string) {
     `--set db.password='${databaseConfig.password}'`,
     `--set keystore.vaultName=${keyVaultConfig.vaultName}`,
     `--set keystore.secretName=${keyVaultConfig.secretName}`,
+    `--set keystore.pnpKeyNameBase=${keyVaultConfig.pnpKeyNameBase}`,
+    `--set keystore.domainsKeyNameBase=${keyVaultConfig.domainsKeyNameBase}`,
+    `--set keystore.pnpKeyLatestVersion=${keyVaultConfig.pnpKeyLatestVersion}`,
+    `--set keystore.domainsKeyLatestVersion=${keyVaultConfig.domainsKeyLatestVersion}`,
+    `--set api.pnpAPIEnabled=${fetchEnv(envVar.ODIS_SIGNER_PNP_API_ENABLED)}`,
+    `--set api.legacyPnpAPIEnabled=${fetchEnv(envVar.ODIS_SIGNER_LEGACY_PNP_API_ENABLED)}`,
+    `--set api.domainsAPIEnabled=${fetchEnv(envVar.ODIS_SIGNER_DOMAINS_API_ENABLED)}`,
     `--set blockchainProvider=${fetchEnv(envVar.ODIS_SIGNER_BLOCKCHAIN_PROVIDER)}`,
     `--set blockchainApiKey=${blockchainConfig.blockchainApiKey}`,
     `--set log.level=${loggingConfig.level}`,

packages/helm-charts/odis/templates/signer-deployment.yaml

@@ -47,6 +47,13 @@ spec:
 {{ include "common.env-var" (dict "name" "DB_USERNAME" "dict" .Values.db "value_name" "username") | indent 12 }}
 {{ include "common.env-var" (dict "name" "KEYSTORE_AZURE_VAULT_NAME" "dict" .Values.keystore "value_name" "vaultName") | indent 12 }}
 {{ include "common.env-var" (dict "name" "KEYSTORE_AZURE_SECRET_NAME" "dict" .Values.keystore "value_name" "secretName") | indent 12 }}
+{{ include "common.env-var" (dict "name" "PHONE_NUMBER_PRIVACY_KEY_NAME_BASE" "dict" .Values.keystore "value_name" "pnpKeyNameBase") | indent 12 }}
+{{ include "common.env-var" (dict "name" "DOMAINS_KEY_NAME_BASE" "dict" .Values.keystore "value_name" "domainsKeyNameBase") | indent 12 }}
+{{ include "common.env-var" (dict "name" "PHONE_NUMBER_PRIVACY_LATEST_KEY_VERSION" "dict" .Values.keystore "value_name" "pnpKeyLatestVersion") | indent 12 }}
+{{ include "common.env-var" (dict "name" "DOMAINS_LATEST_KEY_VERSION" "dict" .Values.keystore "value_name" "domainsKeyLatestVersion") | indent 12 }}
+{{ include "common.env-var" (dict "name" "DOMAINS_API_ENABLED" "dict" .Values.api "value_name" "domainsAPIEnabled") | indent 12 }}
+{{ include "common.env-var" (dict "name" "PHONE_NUMBER_PRIVACY_API_ENABLED" "dict" .Values.api "value_name" "pnpAPIEnabled") | indent 12 }}
+{{ include "common.env-var" (dict "name" "LEGACY_PHONE_NUMBER_PRIVACY_API_ENABLED" "dict" .Values.api "value_name" "legacyPnpAPIEnabled") | indent 12 }}
             - name: DB_PASSWORD
               valueFrom:
                 secretKeyRef: