dsd-module-keystore

==========
Module Source code requirements:
==========

//add asm-config.json to the root of module
{
"asmSigPubKey": "0x818..9303f",
"asmSigPrvKey": "0x1205c..aa",
"id": 1, //id of module in ASM system
"encPubKey": "0x046525fb..cef"
"unlockerUrl": "..." //optional
}

//add ./init/initsecret.json
{
"k2encrypted": "05..52",
"initsecret": {
"encPrvKey": "0x7f..b0",
"symPwd": "12..r",
"moduleSpecificKeys": {
..
}
}
}


//include in source code:

var asmConfig = require("./asm-config.json");

const args = require('yargs').argv;
const unlockerUrl = args.unlockrpcaddr ? args.unlockrpcaddr : asmConfig.unlockerUrl;

const ModuleKeystore = require("../dsd-module-keystore/keystore");
const moduleKeystore = new ModuleKeystore("./", asmConfig, unlockerUrl ? unlockerUrl : 'http://localhost:5440');

var SECRET_OPTs = {};
var secretCfg;

moduleKeystore.getSecretCfg(SECRET_OPTs).then(scfg => { secretCfg = scfg; });

//on some module's API call:
async function handle_acceptsecret(opts) {
let data = require("./init/initsecret.json");

try {
SECRET_OPTs= { ...SECRET_OPTs, ...data };

let isAccepted = await moduleKeystore.getSecretCfg(SECRET_OPTs);
...

} catch (dataErr) {
...
}
}

==========
Module Installation instruction:
==========
DSD Admin (DA)
Module's Owner (MO)

1. Admin actions:

DA: 1- Generate Asm keys (dsd-common-lib/ npm run keys) for the module and place it to the module's cfg
DA: 2- Build docker image of the module
DA: 3- Launch unlocker (or ensure it is running)
DA: 4- Call unlocker.admin_addModule(...)

2. Module's Owner actions:

MO: 1- Install docker container with the Module
MO: 2- create:
- symPwd (just random password),
- generate encryption keys pair unlocker.generateEncKeyPair() (or locally via dsd-common-lib)
- specific for module: e.g. for vault: create GS-account and get its credentials

MO: 3- Call unlocker.generateModuleK2(...) and get K2encrypted
MO: 4- Create file <module>/init/initsecret.json with such structure:
{
"k2encrypted": "9f...710",
"encPrvKey": "0x7f...cb0",
"symPwd": "12...pqr",
"moduleSpecificKeys": {
"type": "service_account",
"project_id": "dsd-phase1",
"private_key_id": "39...e2",
...
}
}

MO: 5- Call Module (GET/POST module_url/acceptsecret) to apply secret initializaton
MO: 6- Delete file <module>/init/initsecret.json

3. That's it!