Add keystore export flag to VC

2026-03-21 22:04:44 +00:00 · 2022-08-25 15:47:18 +10:00
parent e8da2810ee
commit 1f8f12541b
3 changed files with 29 additions and 0 deletions
--- a/lighthouse/tests/validator_client.rs
+++ b/lighthouse/tests/validator_client.rs
@@ -311,6 +311,19 @@ fn http_allow_origin_all_flag() {
        .run()
        .with_config(|config| assert_eq!(config.http_api.allow_origin, Some("*".to_string())));
 }
+#[test]
+fn http_allow_keystore_export_default() {
+    CommandLineTest::new()
+        .run()
+        .with_config(|config| assert!(!config.http_api.allow_keystore_export));
+}
+#[test]
+fn http_allow_keystore_export_present() {
+    CommandLineTest::new()
+        .flag("http-allow-keystore-export", None)
+        .run()
+        .with_config(|config| assert!(config.http_api.allow_keystore_export));
+}

 // Tests for Metrics flags.
 #[test]
--- a/validator_client/src/cli.rs
+++ b/validator_client/src/cli.rs
@@ -188,6 +188,18 @@ pub fn cli_app<'a, 'b>() -> App<'a, 'b> {
                    address of this server (e.g., http://localhost:5062).")
                .takes_value(true),
        )
+        .arg(
+            Arg::with_name("http-allow-keystore-export")
+                .long("http-allow-keystore-export")
+                .value_name("ORIGIN")
+                .help("If present, allow access to the DELETE /lighthouse/keystores HTTP \
+                    API method, which allows exporting keystores and passwords to HTTP API \
+                    consumers who have access to the API token. This method is useful for \
+                    exporting validators, however it should be used with caution since it \
+                    exposes private key data to authorized users.")
+                .required(false)
+                .takes_value(false),
+        )
        /* Prometheus metrics HTTP server related arguments */
        .arg(
            Arg::with_name("metrics")
--- a/validator_client/src/config.rs
+++ b/validator_client/src/config.rs
@@ -255,6 +255,10 @@ impl Config {
            config.http_api.allow_origin = Some(allow_origin.to_string());
        }

+        if cli_args.is_present("http-allow-keystore-export") {
+            config.http_api.allow_keystore_export = true;
+        }
+
        /*
         * Prometheus metrics HTTP server
         */