Skip to content

Commit

Permalink
docs: add storage docs
Browse files Browse the repository at this point in the history
  • Loading branch information
shrimalmadhur committed Nov 21, 2024
1 parent fb16e46 commit 70c2e90
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 11 deletions.
58 changes: 47 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,54 @@ go build -o bin/cerberus cmd/cerberus/main.go
```

### Usage options
| Options | Description | Default |
|----------------|---------------------------------------------|-----------------|
| keystore-dir | Directory to store encrypted keystore files | ./data/keystore |
| grpc-port | gRPC port for starting signer server | 50051 |
| log-format | format of the logs (text, json) | text |
| log-level | debug, info, warn, error | info |
| metrics-port | port to expose prometheus metrics | 9091 |
| tls-ca-cert | certificate to enable TLS connection | |
| tls-server-key | server key to enable TLS connection | |
| help | show help | |
| version | show version | |
```bash
cerberus --help

_
| |
___ ___ _ __ | |__ ___ _ __ _ _ ___
/ __| / _ \| '__|| '_ \ / _ \| '__|| | | |/ __|
| (__ | __/| | | |_) || __/| | | |_| |\__ \
\___| \___||_| |_.__/ \___||_| \__,_||___/
NAME:
cerberus - Remote BLS Signer
USAGE:
cerberus [global options] command [command options]
VERSION:
development
COMMANDS:
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--aws-access-key-id value AWS access key ID [$AWS_ACCESS_KEY_ID]
--aws-authentication-mode value AWS authentication mode - supported modes: environment, specified (default: "environment") [$AWS_AUTHENTICATION_MODE]
--aws-profile value AWS profile (default: "default") [$AWS_PROFILE]
--aws-region value AWS region (default: "us-east-2") [$AWS_REGION]
--aws-secret-access-key value AWS secret access key [$AWS_SECRET_ACCESS_KEY]
--grpc-port value Port for the gRPC server (default: "50051") [$GRPC_PORT]
--keystore-dir value Directory where the keystore files are stored (default: "./data/keystore") [$KEYSTORE_DIR]
--log-format value Log format - supported formats: text, json (default: "text") [$LOG_FORMAT]
--log-level value Log level - supported levels: debug, info, warn, error (default: "info") [$LOG_LEVEL]
--metrics-port value Port for the metrics server (default: "9091") [$METRICS_PORT]
--storage-type value Storage type - supported types: filesystem, aws-secret-manager (default: "filesystem") [$STORAGE_TYPE]
--tls-ca-cert value TLS CA certificate [$TLS_CA_CERT]
--tls-server-key value TLS server key [$TLS_SERVER_KEY]
--help, -h show help
--version, -v print the version
COPYRIGHT:
(c) 2024 EigenLab
```
### Storage Backend
We support the following storage backends for storing private keys:
1. [Filesystem](docs/filesystem.md)
2. [AWS Secret Manager](docs/aws_sercret_manager.md)
### Monitoring
The signer exposes prometheus metrics on the `/metrics` endpoint. You can scrape these metrics using a prometheus server.
Expand Down
2 changes: 2 additions & 0 deletions cmd/cerberus/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"fmt"
"log/slog"
"os"
"sort"

"github.com/Layr-Labs/cerberus/internal/configuration"
"github.com/Layr-Labs/cerberus/internal/server"
Expand Down Expand Up @@ -136,6 +137,7 @@ func main() {
awsAccessKeyIDFlag,
awsSecretAccessKeyFlag,
}
sort.Sort(cli.FlagsByName(app.Flags))

app.Action = start

Expand Down
26 changes: 26 additions & 0 deletions docs/aws_sercret_manager.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Using AWS Secret Manager as a backend for cerberus
You can use AWS Secret Manager as a backend for cerberus. To use AWS Secret Manager as a backend, you need to set the `STORAGE_TYPE` environment variable to `aws-secrets-manager`.
All the public keys are stored in `cerberus/<pub-key-hex>` format.

You have two options for authenticating with AWS Secret Manager:
### Environment variables
You will need to set the `AWS_AUTHENTICATION_MODE` environment variable to `environment`. This is the default mode. You will also need to set the `AWS_REGION`. If you are using a profile, you can set the `AWS_PROFILE` environment variable. If you are using the default profile, you do not need to set the `AWS_PROFILE` environment variable.

Example
```bash
cerberus \
--storage-type aws-secrets-manager \
--aws-region us-east-2 \
--aws-profile SomeProfile
```
### Specified
You will need to set the `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY` environment variables.

Example
```bash
cerberus \
--storage-type aws-secrets-manager \
--aws-region us-east-2 \
--aws-access-key-id SomeAccessKey \
--aws-secret-access-key SomeSecretKey
```
11 changes: 11 additions & 0 deletions docs/filesystem.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
## Using Filesystem as a backend for cerberus
You can use Filesystem as a backend for cerberus. To use Filesystem as a backend, you need to set the `STORAGE_TYPE` environment variable to `filesystem`.

You will need to setup the storage directory where the private keys will be stored. By default, the private keys are stored in the `./data/keystore` directory. You can change this by setting the `KEYSTORE_DIR` environment variable.

Example
```bash
cerberus \
--storage-type filesystem \
--keystore-dir /path/to/keystore
```

0 comments on commit 70c2e90

Please sign in to comment.