From 1f8f12541b064054e8b9cd6563798b69d1e54f1d Mon Sep 17 00:00:00 2001
From: Paul Hauner <paul@paulhauner.com>
Date: Thu, 25 Aug 2022 15:47:18 +1000
Subject: [PATCH] Add keystore export flag to VC

---
 lighthouse/tests/validator_client.rs | 13 +++++++++++++
 validator_client/src/cli.rs          | 12 ++++++++++++
 validator_client/src/config.rs       |  4 ++++
 3 files changed, 29 insertions(+)

diff --git a/lighthouse/tests/validator_client.rs b/lighthouse/tests/validator_client.rs
index a9b76c2754..d56f3a2875 100644
--- a/lighthouse/tests/validator_client.rs
+++ b/lighthouse/tests/validator_client.rs
@@ -311,6 +311,19 @@ fn http_allow_origin_all_flag() {
         .run()
         .with_config(|config| assert_eq!(config.http_api.allow_origin, Some("*".to_string())));
 }
+#[test]
+fn http_allow_keystore_export_default() {
+    CommandLineTest::new()
+        .run()
+        .with_config(|config| assert!(!config.http_api.allow_keystore_export));
+}
+#[test]
+fn http_allow_keystore_export_present() {
+    CommandLineTest::new()
+        .flag("http-allow-keystore-export", None)
+        .run()
+        .with_config(|config| assert!(config.http_api.allow_keystore_export));
+}
 
 // Tests for Metrics flags.
 #[test]
diff --git a/validator_client/src/cli.rs b/validator_client/src/cli.rs
index 5c7205a4ae..916dc113b7 100644
--- a/validator_client/src/cli.rs
+++ b/validator_client/src/cli.rs
@@ -188,6 +188,18 @@ pub fn cli_app<'a, 'b>() -> App<'a, 'b> {
                     address of this server (e.g., http://localhost:5062).")
                 .takes_value(true),
         )
+        .arg(
+            Arg::with_name("http-allow-keystore-export")
+                .long("http-allow-keystore-export")
+                .value_name("ORIGIN")
+                .help("If present, allow access to the DELETE /lighthouse/keystores HTTP \
+                    API method, which allows exporting keystores and passwords to HTTP API \
+                    consumers who have access to the API token. This method is useful for \
+                    exporting validators, however it should be used with caution since it \
+                    exposes private key data to authorized users.")
+                .required(false)
+                .takes_value(false),
+        )
         /* Prometheus metrics HTTP server related arguments */
         .arg(
             Arg::with_name("metrics")
diff --git a/validator_client/src/config.rs b/validator_client/src/config.rs
index 22472f7512..fd10b2de1d 100644
--- a/validator_client/src/config.rs
+++ b/validator_client/src/config.rs
@@ -255,6 +255,10 @@ impl Config {
             config.http_api.allow_origin = Some(allow_origin.to_string());
         }
 
+        if cli_args.is_present("http-allow-keystore-export") {
+            config.http_api.allow_keystore_export = true;
+        }
+
         /*
          * Prometheus metrics HTTP server
          */