From 98d44037a9553f4f8b73a7b87a4f01f7ed9e6ce5 Mon Sep 17 00:00:00 2001
From: Matjaz Verbole <verbole@gmail.com>
Date: Mon, 7 Oct 2024 09:12:34 +0200
Subject: [PATCH] Move Across Relayer secrets from AWS Secrets Manager to S3
 bucket (#75)

### What was the problem?

This PR resolves #LISK-1148.

### How was it solved?

- [x] Environment files for mainnet and testnet were created inside S3
bucket
- [x] Scripts were modified to pull data from S3 instead of AWS Secrets

### How was it tested?

Start the containers locally with the docker dev scripts
Run: `curl --fail http://localhost:3000/healthz` and check container
health with `docker ps`
---
 .gitignore                                 |  5 +++-
 scripts/lisk/docker/dev/setEnvVariables.sh | 27 +++++-----------------
 scripts/lisk/docker/setEnvVariables.sh     | 27 +++++-----------------
 3 files changed, 16 insertions(+), 43 deletions(-)

diff --git a/.gitignore b/.gitignore
index f9c809f2c..7b7bd81f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 # dotfiles are ignored by default and must be added explicitly. Use
 # `git add -f <dotfile>` add a dotfile. Only do this for public files.
-.env
+*.env*
 .secret
 
 node_modules
@@ -16,3 +16,6 @@ dist
 
 # Debugging files
 *.log
+
+# Exclude .env.example
+!.env.example
diff --git a/scripts/lisk/docker/dev/setEnvVariables.sh b/scripts/lisk/docker/dev/setEnvVariables.sh
index 31bc6d2af..ffac482ae 100644
--- a/scripts/lisk/docker/dev/setEnvVariables.sh
+++ b/scripts/lisk/docker/dev/setEnvVariables.sh
@@ -1,29 +1,14 @@
 #!/bin/bash
 set -eu
 
-# Set env var from secrets
-# secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:mainnet/lisk-across-relayer/aws-CSi7ka
-secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:sepolia/across-relayer-dev/aws-7CIqpl
-RELAYER_CONFIG=`aws --region eu-west-3 secretsmanager get-secret-value --secret-id ${secret_id} | jq --raw-output .SecretString | jq -r .`
-
 echo "Setting environment variables within the current shell on the host"
 
-export AWS_REGION=`echo $RELAYER_CONFIG | jq -r ."AWS_REGION"`
-
-export AWS_ECR_REGISTRY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REGISTRY"`
-
-export AWS_ECR_REPOSITORY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REPOSITORY"`
-
-export ACROSS_RELAYER_IMAGE_TAG=`echo $RELAYER_CONFIG | jq -r ."ACROSS_RELAYER_IMAGE_TAG"`
-
-export NETWORK=`echo $RELAYER_CONFIG | jq -r ."NETWORK"`
-
-export RELAYER_1_API_SERVER_HOST=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_HOST"`
-
-export REBALANCER_API_SERVER_HOST=`echo $RELAYER_CONFIG | jq -r ."REBALANCER_API_SERVER_HOST"`
-
-export RELAYER_1_API_SERVER_PORT=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_PORT"`
+# Retreive env vars from S3 bucket and source them
+source_env_file_name=across-relayer-dev.env
+env_file_name=.${source_env_file_name}
 
-export REBALANCER_API_SERVER_PORT=`echo $RELAYER_CONFIG | jq -r ."REBALANCER_API_SERVER_PORT"`
+aws s3 cp s3://lisk-envs/$source_env_file_name ${env_file_name}
+source ${env_file_name}
+rm -f ${env_file_name}
 
 echo "Finished setting all the environment variables within the current shell on the host"
diff --git a/scripts/lisk/docker/setEnvVariables.sh b/scripts/lisk/docker/setEnvVariables.sh
index c55a3041f..2629e9992 100644
--- a/scripts/lisk/docker/setEnvVariables.sh
+++ b/scripts/lisk/docker/setEnvVariables.sh
@@ -1,29 +1,14 @@
 #!/bin/bash
 set -eu
 
-# Set env var from secrets
-secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:mainnet/lisk-across-relayer/aws-CSi7ka
-# secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:sepolia/across-relayer-dev/aws-7CIqpl
-RELAYER_CONFIG=`aws --region eu-west-3 secretsmanager get-secret-value --secret-id ${secret_id} | jq --raw-output .SecretString | jq -r .`
-
 echo "Setting environment variables within the current shell on the host"
 
-export AWS_REGION=`echo $RELAYER_CONFIG | jq -r ."AWS_REGION"`
-
-export AWS_ECR_REGISTRY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REGISTRY"`
-
-export AWS_ECR_REPOSITORY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REPOSITORY"`
-
-export ACROSS_RELAYER_IMAGE_TAG=`echo $RELAYER_CONFIG | jq -r ."ACROSS_RELAYER_IMAGE_TAG"`
-
-export NETWORK=`echo $RELAYER_CONFIG | jq -r ."NETWORK"`
-
-export RELAYER_1_API_SERVER_HOST=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_HOST"`
-
-export REBALANCER_API_SERVER_HOST=`echo $RELAYER_CONFIG | jq -r ."REBALANCER_API_SERVER_HOST"`
-
-export RELAYER_1_API_SERVER_PORT=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_PORT"`
+# Retreive env vars from S3 bucket and source them
+source_env_file_name=across-relayer-mainnet.env
+env_file_name=.${source_env_file_name}
 
-export REBALANCER_API_SERVER_PORT=`echo $RELAYER_CONFIG | jq -r ."REBALANCER_API_SERVER_PORT"`
+aws s3 cp s3://lisk-envs/$source_env_file_name ${env_file_name}
+source ${env_file_name}
+rm -f ${env_file_name}
 
 echo "Finished setting all the environment variables within the current shell on the host"