27312dcf2a
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
CLI Tests / test-cli (push) Has been cancelled
Documentation Validation / validate-docs (push) Failing after 11s
Documentation Validation / validate-policies-strict (push) Successful in 4s
- Update CLI config to load from /etc/aitbc/blockchain.env - Update operational-features.md documentation - Update setup.sh to create/use blockchain.env - Update utility scripts (setup-credentials, migrate_secrets, generate_unique_node_ids, chain_regen_node, load-keystore-secrets) - Update workflow scripts (01_preflight_setup, hermes preflight setups) - Maintain backward compatibility for existing deployments
46 lines
1.5 KiB
Bash
Executable File
46 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# Load AITBC secrets from credentials directory
|
|
# This script is called by systemd services before main process starts
|
|
|
|
set -e
|
|
|
|
CREDENTIALS_DIR="/etc/aitbc/credentials"
|
|
RUN_DIR="/run/aitbc/secrets"
|
|
|
|
# Create runtime directory (tmpfs, cleared on reboot)
|
|
mkdir -p "$RUN_DIR"
|
|
chmod 700 "$RUN_DIR"
|
|
|
|
# Create .env file from credentials
|
|
ENV_FILE="$RUN_DIR/.env"
|
|
|
|
if [ -f "$CREDENTIALS_DIR/api_hash_secret" ]; then
|
|
echo "API_KEY_HASH_SECRET=$(cat $CREDENTIALS_DIR/api_hash_secret)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
if [ -f "$CREDENTIALS_DIR/proposer_id" ]; then
|
|
echo "proposer_id=$(cat $CREDENTIALS_DIR/proposer_id)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
if [ -f "$CREDENTIALS_DIR/keystore_password" ]; then
|
|
echo "KEYSTORE_PASSWORD=$(cat $CREDENTIALS_DIR/keystore_password)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
# Load PostgreSQL database passwords
|
|
for db_user in aitbc_user aitbc_marketplace aitbc_governance aitbc_trading aitbc_gpu aitbc_ai aitbc_mempool; do
|
|
if [ -f "$CREDENTIALS_DIR/postgres_${db_user}_password" ]; then
|
|
db_password=$(cat "$CREDENTIALS_DIR/postgres_${db_user}_password")
|
|
echo "POSTGRES_${db_user^^}_PASSWORD=$db_password" >> "$ENV_FILE"
|
|
fi
|
|
done
|
|
|
|
# Add non-sensitive config from main blockchain.env
|
|
if [ -f "/etc/aitbc/blockchain.env" ]; then
|
|
# Skip lines that are comments or contain migrated secrets
|
|
grep -v '^#' /etc/aitbc/blockchain.env | grep -v 'API_KEY_HASH_SECRET' | grep -v 'proposer_id' >> "$ENV_FILE" || true
|
|
fi
|
|
|
|
chmod 600 "$ENV_FILE"
|
|
|
|
echo "Secrets loaded to $ENV_FILE"
|