Merge #2042

2042: Khalil/5893 secretsdb key soft enforcement r=kc1116 a=kc1116 This PR adds soft enforcement for encrypted secrets DB . - While attempting to read the secrets db encryption key if it is missing the node will exit - Encryption can be explicitly bypassed using **_--insecure-secrets-db_** (soft enforcement), this will be deprecated in the future when we make encryption a hard requirement Issue: https://github.com/dapperlabs/flow-go/issues/5893 Co-authored-by: Khalil Claybon <khalil.claybon@dapperlabs.com>
onflow · Mar 7, 2022 · 4d5c22c · 4d5c22c
2 parents 39e1366 + 29136d3
commit 4d5c22c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/cmd/node_builder.go b/cmd/node_builder.go
@@ -125,6 +125,7 @@ type BaseConfig struct {
 	datadir                         string
 	secretsdir                      string
 	secretsDBEnabled                bool
+	InsecureSecretsDB               bool
 	level                           string
 	metricsPort                     uint
 	BootstrapDir                    string

diff --git a/cmd/scaffold.go b/cmd/scaffold.go
@@ -149,6 +149,8 @@ func (fnb *FlowNodeBuilder) BaseFlags() {
 	fnb.flags.StringVar(&fnb.BaseConfig.DynamicStartupEpochPhase, "dynamic-startup-epoch-phase", "EpochPhaseSetup", "the target epoch phase for dynamic startup <EpochPhaseStaking|EpochPhaseSetup|EpochPhaseCommitted")
 	fnb.flags.StringVar(&fnb.BaseConfig.DynamicStartupEpoch, "dynamic-startup-epoch", "current", "the target epoch for dynamic-startup, use \"current\" to start node in the current epoch")
 	fnb.flags.DurationVar(&fnb.BaseConfig.DynamicStartupSleepInterval, "dynamic-startup-sleep-interval", time.Minute, "the interval in which the node will check if it can start")
+
+	fnb.flags.BoolVar(&fnb.BaseConfig.InsecureSecretsDB, "insecure-secrets-db", false, "allow the node to start up without an secrets DB encryption key")
 }
 
 func (fnb *FlowNodeBuilder) EnqueuePingService() {
@@ -538,15 +540,25 @@ func (fnb *FlowNodeBuilder) initSecretsDB() {
 	log := sutil.NewLogger(fnb.Logger)
 
 	opts := badger.DefaultOptions(fnb.BaseConfig.secretsdir).WithLogger(log)
-	// attempt to read an encryption key for the secrets DB from the canonical path
-	// TODO enforce encryption in an upcoming spork https://github.com/dapperlabs/flow-go/issues/5893
-	encryptionKey, err := loadSecretsEncryptionKey(fnb.BootstrapDir, fnb.NodeID)
-	if errors.Is(err, os.ErrNotExist) {
+
+	// NOTE: SN nodes need to explicitly set --insecure-secrets-db to true in order to
+	// disable secrets database encryption
+	if fnb.NodeRole == flow.RoleConsensus.String() && fnb.InsecureSecretsDB {
 		fnb.Logger.Warn().Msg("starting with secrets database encryption disabled")
-	} else if err != nil {
-		fnb.Logger.Fatal().Err(err).Msg("failed to read secrets db encryption key")
 	} else {
-		opts = opts.WithEncryptionKey(encryptionKey)
+		encryptionKey, err := loadSecretsEncryptionKey(fnb.BootstrapDir, fnb.NodeID)
+		if errors.Is(err, os.ErrNotExist) {
+			if fnb.NodeRole == flow.RoleConsensus.String() {
+				// missing key is a fatal error for SN nodes
+				fnb.Logger.Fatal().Err(err).Msg("secrets db encryption key not found")
+			} else {
+				fnb.Logger.Warn().Msg("starting with secrets database encryption disabled")
+			}
+		} else if err != nil {
+			fnb.Logger.Fatal().Err(err).Msg("failed to read secrets db encryption key")
+		} else {
+			opts = opts.WithEncryptionKey(encryptionKey)
+		}
 	}
 
 	secretsDB, err := bstorage.InitSecret(opts)