Skip to content

Commit f647ffc

Browse files
philipliuphilipliu
authored
Move secrets into a .env file (stellar#1683)
### Description This PR moves all secrets used in tests into environment variables. After this change, developers will need to set up a `.env` to run the Anchor Platform and its tests. The Github Actions workflows have also been modified to pull secrets from Github secrets. Due to a security limitation, workflows will only run successfully for PRs created from branches originating from this repository. In other words, PRs from forks will no longer build. I think this tradeoff is acceptable since there is no real benefit to using forks, and we don't have any external contributors. If this changes, we can reevaluate how to manage secrets. ### Context We shouldn't be hardcoding secrets in our codebase. ### Testing - `./gradlew test` ### Documentation README needs to be updated with instructions for filling out .env ### Known limitations PRs from forks will no longer build
1 parent 0f47af4 commit f647ffc

41 files changed

Lines changed: 197 additions & 82 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.env.example

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# TODO(ANCHOR-1016): Describe how to fill in these secrets
2+
3+
# Anchor Platform secrets
4+
SECRET_SEP10_SIGNING_SEED=
5+
6+
# Reference server secrets
7+
APP__PAYMENT_SIGNING_SEED=
8+
9+
# Wallet server secrets
10+
SECRET__KEY=
11+
12+
# Test secrets
13+
TEST_CLIENT_WALLET_SECRET=
14+
TEST_CLIENT_WALLET_EXTRA_SIGNER_1_SECRET=
15+
TEST_CLIENT_WALLET_EXTRA_SIGNER_2_SECRET=
16+
TEST_WITHDRAW_FUND_CLIENT_SECRET_1=
17+
TEST_WITHDRAW_FUND_CLIENT_SECRET_2=
18+
TEST_DEPOSIT_FUND_CLIENT_SECRET_1=
19+
TEST_DEPOSIT_FUND_CLIENT_SECRET_2=

.github/workflows/sub_essential_tests.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,20 @@ jobs:
88
essential_tests:
99
name: Run Essential Tests (Integration Tests, Faster End-2-End Tests, Unit Tests, and Stellar Validation Tools)
1010
runs-on: ubuntu-latest-8-cores
11+
env:
12+
# Anchor Platform secrets
13+
SECRET_SEP10_SIGNING_SEED: ${{ vars.SECRET_SEP10_SIGNING_SEED }}
14+
APP__PAYMENT_SIGNING_SEED: ${{ vars.APP__PAYMENT_SIGNING_SEED }}
15+
SECRET__KEY: ${{ vars.SECRET__KEY }}
16+
17+
# Test secrets
18+
TEST_CLIENT_WALLET_SECRET: ${{ vars.TEST_CLIENT_WALLET_SECRET }}
19+
TEST_CLIENT_WALLET_EXTRA_SIGNER_1_SECRET: ${{ vars.TEST_CLIENT_WALLET_EXTRA_SIGNER_1_SECRET }}
20+
TEST_CLIENT_WALLET_EXTRA_SIGNER_2_SECRET: ${{ vars.TEST_CLIENT_WALLET_EXTRA_SIGNER_2_SECRET }}
21+
TEST_WITHDRAW_FUND_CLIENT_SECRET_1: ${{ vars.TEST_WITHDRAW_FUND_CLIENT_SECRET_1 }}
22+
TEST_WITHDRAW_FUND_CLIENT_SECRET_2: ${{ vars.TEST_WITHDRAW_FUND_CLIENT_SECRET_2 }}
23+
TEST_DEPOSIT_FUND_CLIENT_SECRET_1: ${{ vars.TEST_DEPOSIT_FUND_CLIENT_SECRET_1 }}
24+
TEST_DEPOSIT_FUND_CLIENT_SECRET_2: ${{ vars.TEST_DEPOSIT_FUND_CLIENT_SECRET_2 }}
1125
steps:
1226
#############################################
1327
# Setup JDK 17

.github/workflows/sub_extended_tests.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,20 @@ jobs:
88
extended_tests:
99
name: Run Extended Tests
1010
runs-on: ubuntu-latest-16-cores
11+
env:
12+
# Anchor Platform secrets
13+
SECRET_SEP10_SIGNING_SEED: ${{ vars.SECRET_SEP10_SIGNING_SEED }}
14+
APP__PAYMENT_SIGNING_SEED: ${{ vars.APP__PAYMENT_SIGNING_SEED }}
15+
SECRET__KEY: ${{ vars.SECRET__KEY }}
16+
17+
# Test secrets
18+
TEST_CLIENT_WALLET_SECRET: ${{ vars.TEST_CLIENT_WALLET_SECRET }}
19+
TEST_CLIENT_WALLET_EXTRA_SIGNER_1_SECRET: ${{ vars.TEST_CLIENT_WALLET_EXTRA_SIGNER_1_SECRET }}
20+
TEST_CLIENT_WALLET_EXTRA_SIGNER_2_SECRET: ${{ vars.TEST_CLIENT_WALLET_EXTRA_SIGNER_2_SECRET }}
21+
TEST_WITHDRAW_FUND_CLIENT_SECRET_1: ${{ vars.TEST_WITHDRAW_FUND_CLIENT_SECRET_1 }}
22+
TEST_WITHDRAW_FUND_CLIENT_SECRET_2: ${{ vars.TEST_WITHDRAW_FUND_CLIENT_SECRET_2 }}
23+
TEST_DEPOSIT_FUND_CLIENT_SECRET_1: ${{ vars.TEST_DEPOSIT_FUND_CLIENT_SECRET_1 }}
24+
TEST_DEPOSIT_FUND_CLIENT_SECRET_2: ${{ vars.TEST_DEPOSIT_FUND_CLIENT_SECRET_2 }}
1125
steps:
1226
#############################################
1327
# Setup JDK 17

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,4 @@ target/
1010
*/generated/*
1111
*.tgz
1212
.vscode
13+
.env

.run/Custody Server_ custody.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@
44
<module name="anchor-platform.service-runner.main" />
55
<shortenClasspath name="ARGS_FILE" />
66
<extension name="net.ashald.envfile">
7-
<option name="IS_ENABLED" value="false" />
7+
<option name="IS_ENABLED" value="true" />
88
<option name="IS_SUBST" value="false" />
99
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1010
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1111
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1212
<ENTRIES>
1313
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
14+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1415
</ENTRIES>
1516
</extension>
1617
<method v="2">

.run/Event Processing Server_ default.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@
44
<module name="anchor-platform.service-runner.main" />
55
<shortenClasspath name="ARGS_FILE" />
66
<extension name="net.ashald.envfile">
7-
<option name="IS_ENABLED" value="false" />
7+
<option name="IS_ENABLED" value="true" />
88
<option name="IS_SUBST" value="false" />
99
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1010
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1111
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1212
<ENTRIES>
1313
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
14+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1415
</ENTRIES>
1516
</extension>
1617
<method v="2">

.run/Platform Server_ default.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@
44
<module name="anchor-platform.service-runner.main" />
55
<shortenClasspath name="ARGS_FILE" />
66
<extension name="net.ashald.envfile">
7-
<option name="IS_ENABLED" value="false" />
7+
<option name="IS_ENABLED" value="true" />
88
<option name="IS_SUBST" value="false" />
99
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1010
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1111
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1212
<ENTRIES>
1313
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
14+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1415
</ENTRIES>
1516
</extension>
1617
<method v="2">

.run/Reference Server_ default.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,14 @@
77
<module name="anchor-platform.service-runner.main" />
88
<shortenClasspath name="ARGS_FILE" />
99
<extension name="net.ashald.envfile">
10-
<option name="IS_ENABLED" value="false" />
10+
<option name="IS_ENABLED" value="true" />
1111
<option name="IS_SUBST" value="false" />
1212
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1313
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1414
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1515
<ENTRIES>
1616
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
17+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1718
</ENTRIES>
1819
</extension>
1920
<method v="2">

.run/Sep Server_ default.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@
44
<module name="anchor-platform.service-runner.main" />
55
<shortenClasspath name="ARGS_FILE" />
66
<extension name="net.ashald.envfile">
7-
<option name="IS_ENABLED" value="false" />
7+
<option name="IS_ENABLED" value="true" />
88
<option name="IS_SUBST" value="false" />
99
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1010
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1111
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1212
<ENTRIES>
1313
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
14+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1415
</ENTRIES>
1516
</extension>
1617
<method v="2">

.run/Stellar Observer_ default.run.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@
44
<module name="anchor-platform.service-runner.main" />
55
<shortenClasspath name="ARGS_FILE" />
66
<extension name="net.ashald.envfile">
7-
<option name="IS_ENABLED" value="false" />
7+
<option name="IS_ENABLED" value="true" />
88
<option name="IS_SUBST" value="false" />
99
<option name="IS_PATH_MACRO_SUPPORTED" value="false" />
1010
<option name="IS_IGNORE_MISSING_FILES" value="false" />
1111
<option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
1212
<ENTRIES>
1313
<ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
14+
<ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH=".env" />
1415
</ENTRIES>
1516
</extension>
1617
<method v="2">

0 commit comments

Comments
 (0)