Update env encryption

2025-01-29 16:51:16 +05:30 · 2025-01-29 16:51:16 +05:30 · a1993f88d0
commit a1993f88d0
parent ebe3813b76
4 changed files with 20 additions and 7 deletions
--- a/packages/backend/src/entity/Deployer.ts
+++ b/packages/backend/src/entity/Deployer.ts
@ -15,8 +15,8 @@ export class Deployer {
  @Column('varchar')
  baseDomain!: string;

-  @Column('varchar')
-  publicKey!: string;
+  @Column('varchar', { nullable: true})
+  publicKey!: string | null;

  @Column('varchar', { nullable: true })
  minimumPayment!: string | null;
--- a/packages/backend/src/entity/Deployment.ts
+++ b/packages/backend/src/entity/Deployment.ts
@ -36,7 +36,9 @@ export interface ApplicationDeploymentRequest {
  application: string;
  lrn?: string;
  auction?: string;
-  config: string;
+  config: {
+    ref: string;
+  };
  meta: string;
  payment?: string;
 }
--- a/packages/backend/src/registry.ts
+++ b/packages/backend/src/registry.ts
@ -272,13 +272,24 @@ export class Registry {
      "config": { "env": data.environmentVariables },
    }

-    const serialized = yaml.dump(config)
+    const binaryKey = Buffer.from(data.publicKey, 'base64');

-    const publicKey = await openpgp.readKey({ armoredKey: data.publicKey });
+    // Convert binary to ASCII-armored format
+    const publicKeyArmored = `-----BEGIN PGP PUBLIC KEY BLOCK-----\n\n` +
+      binaryKey.toString('base64').match(/.{1,64}/g)?.join('\n') +
+      `\n\n-----END PGP PUBLIC KEY BLOCK-----`;

+    // Read the public key
+    const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
+
+    // Serialize the config (convert to YAML)
+    const serialized = JSON.stringify(config, null, 2); // Use YAML if needed
+
+    // Encrypt the config
    const encrypted = await openpgp.encrypt({
      message: await openpgp.createMessage({ text: serialized }),
-      encryptionKeys: publicKey
+      encryptionKeys: publicKey,
+      format: 'binary' // Equivalent to armor=False
    });

    // To get the hash after uploading encrypted env
--- a/packages/backend/test/publish-deploy-records.ts
+++ b/packages/backend/test/publish-deploy-records.ts
@ -10,7 +10,7 @@ import { Deployment, DeploymentStatus, Environment } from '../src/entity/Deploym
 const log = debug('snowball:publish-deploy-records');

 async function main() {
-  const { registryConfig, database, misc } = await getConfig();
+  const { registryConfig, database } = await getConfig();

  const registry = new Registry(
    registryConfig.gqlEndpoint,