Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(client/keys): support display discreetly for keys export #18684

Merged
merged 9 commits into from
Dec 12, 2023

Conversation

Halimao
Copy link
Contributor

@Halimao Halimao commented Dec 11, 2023

Closes: #18668

@Halimao Halimao requested a review from a team as a code owner December 11, 2023 08:48
Copy link
Contributor

coderabbitai bot commented Dec 11, 2023

Walkthrough

The recent update focuses on enhancing the security and user experience of key handling within the client module. It introduces discreet display of sensitive information like private keys and mnemonics on alternate screens, with an option to disable this feature. Telemetry sinks have been activated, and the key export function now supports showing the unarmored hex private key discreetly, with a new --indiscreet flag to override the discreet behavior.

Changes

File(s) Change Summary
CHANGELOG.md Details added about improvements in key handling, discreet display options, and telemetry sinks activation.
client/keys/export.go Removed import, modified function arguments, added a new flag for indiscreet display, and updated private key printing logic.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on X ?


Tips

Chat with CodeRabbit Bot (@coderabbitai)

  • You can reply to a review comment from CodeRabbit.
  • You can also chat with CodeRabbit bot directly around the specific lines of code or files in the PR by tagging @coderabbitai in a new comment.
  • You can tag @coderabbitai in a PR comment and ask questions about the PR and the codebase.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between 8cfdabb and 142697d.
Files selected for processing (3)
  • CHANGELOG.md (1 hunks)
  • client/keys/export.go (3 hunks)
  • client/keys/export_test.go (3 hunks)
Additional comments: 10
CHANGELOG.md (1)
  • 56-62: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [15-1255]

The provided changelog covers a wide range of updates across multiple versions of the Cosmos SDK, with a particular emphasis on the Stargate release (v0.40.0 and above). This release introduces significant features, improvements, and breaking changes, including the migration to Protobuf for state serialization, the introduction of gRPC and gRPC Gateway based APIs, and changes to the x/ibc module reflecting IBC alpha updates.

Key points to note for the Stargate release:

  • Introduction of Protobuf-based state serialization.
  • New gRPC and gRPC Gateway based APIs for querying app & module data.
  • Changes to the x/ibc module from IBC alpha updates.
  • Removal of Amino JSON support in certain areas.
  • Introduction of the Capability module as per ADR 3.
  • Changes to client CLI commands and REST endpoints.

For detailed information on previous versions and migrations, refer to the previous releases section of the changelog.

client/keys/export.go (5)
  • 44-44: The function exportUnsafeUnarmored now takes client.Context as its first argument. Verify that all calls to this function have been updated accordingly.

  • 84-92: The new flagIndiscreet is introduced to control the discreet printing of private keys. Ensure that the implementation of this feature does not inadvertently leak sensitive information.

  • 9-13: The import github.com/cosmos/cosmos-sdk/crypto/keyring has been removed. Confirm that this does not affect other parts of the code that may rely on the keyring functionality.

  • 74-94: The unsafeExportPrivKeyHex function is used for exporting private keys in an unarmored format. Review the usage of this function to ensure it is secure and that there are adequate warnings and confirmations for the user.

  • 94-95: Review the unsafeExporter interface and its implementations to ensure they are secure and follow best practices for handling private key material.

client/keys/export_test.go (4)
  • 23-30: The addition of the expectedOutputContain field in the test case struct is a good approach to validate the output when the exact match is not required, which can be useful for testing outputs that include dynamic or non-deterministic data.

  • 53-66: The new test cases added appear to be comprehensive and well-structured, ensuring that the new functionality is tested under different conditions and with various flag combinations.

  • 69-74: The test case for the file keyring backend with the --indiscreet flag is a good addition to ensure that the new feature works as expected across different keyring backends.

  • 115-122: The error handling in the test cases is robust, correctly distinguishing between scenarios where an error is expected and those where the command should succeed. The additional checks for expectedOutput and expectedOutputContain are well-implemented.

client/keys/export.go Outdated Show resolved Hide resolved
Copy link
Member

@julienrbrt julienrbrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

client/keys/export.go Outdated Show resolved Hide resolved
client/keys/export.go Outdated Show resolved Hide resolved
client/keys/export.go Show resolved Hide resolved
@julienrbrt julienrbrt added this pull request to the merge queue Dec 12, 2023
Merged via the queue into cosmos:main with commit 043f8f4 Dec 12, 2023
54 of 57 checks passed
marcello33 added a commit to 0xPolygon/cosmos-sdk that referenced this pull request Dec 13, 2023
* feat: secp256k1 public key constant time (cosmos#18026)

Signed-off-by: bizk <[email protected]>

* chore: Fixed changelog duplicated items (cosmos#18628)

* adr: Un-Ordered Transaction Inclusion (cosmos#18553)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <[email protected]>

* docs: lint ADR-070 (cosmos#18634)

* fix(baseapp)!: postHandler should run regardless of result (cosmos#18627)

* docs: fix typos in adr-007-specialization-groups.md (cosmos#18635)

* chore: alphabetize labels (cosmos#18640)

* docs(x/circuit): add note on ante handler (cosmos#18637)

Co-authored-by: Aleksandr Bezobchuk <[email protected]>

* fix: telemetry metric label variable (cosmos#18643)

* chore: typos fix (cosmos#18642)

* refactor(store/v2): updates from integration (cosmos#18633)

* build(deps): Bump actions/setup-go from 4 to 5 (cosmos#18647)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

* feat(store/v2): snapshot manager (cosmos#18458)

* chore(client/v2): fix typos in the README.md (cosmos#18657)

* fix(baseapp):  protocompat.go gogoproto.Merge does not work with custom types (cosmos#18654)

Co-authored-by: unknown unknown <unknown@unknown>

* chore: fix several minor typos (cosmos#18660)

* chore(tools/confix/cmd): fix typo in view.go (cosmos#18659)

* refactor(x/staking): check duplicate addresses in StakeAuthorization's params (cosmos#18655)

* feat(accounts): use gogoproto API instead of protov2.  (cosmos#18653)

Co-authored-by: unknown unknown <unknown@unknown>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix(store/commitment/iavl): honor tree.Remove error firstly (cosmos#18651)

* build(deps): Bump actions/stale from 8 to 9 (cosmos#18656)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(docs): fix typos & wording in docs (cosmos#18667)

* chore: fix several typos.   (cosmos#18666)

* feat(telemetry): enable `statsd` and `dogstatsd` telemetry sinks (cosmos#18646)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <[email protected]>
Co-authored-by: marbar3778 <[email protected]>
Co-authored-by: Marko <[email protected]>

* feat(store/v2): add SetInitialVersion in SC (cosmos#18665)

* feat(client/keys): support display discreetly for `keys add` (cosmos#18663)

Co-authored-by: Julien Robert <[email protected]>

* ci: add misspell action (cosmos#18671)

* chore: typos fix by misspell-fixer (cosmos#18683)

Co-authored-by: github-merge-queue <[email protected]>
Co-authored-by: Julien Robert <[email protected]>

* chore: add v0.50.2 changelog to main (cosmos#18682)

* build(deps): Bump github.com/jhump/protoreflect from 1.15.3 to 1.15.4 in /tests (cosmos#18678)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refactor(bank): remove .String() calls  (cosmos#18175)

Co-authored-by: Facundo <[email protected]>

* ci: use codespell instead of misspell-fixer (cosmos#18686)

Co-authored-by: Marko <[email protected]>

* feat(gov): add proposal types and spam votes (cosmos#18532)

* feat(accounts): use account number as state prefix for account state (cosmos#18664)

Co-authored-by: unknown unknown <unknown@unknown>

* chore: typos fixes by cosmos-sdk bot (cosmos#18689)

Co-authored-by: github-merge-queue <[email protected]>
Co-authored-by: Julien Robert <[email protected]>
Co-authored-by: marbar3778 <[email protected]>

* feat(client/keys): support display discreetly for keys mnemonic (cosmos#18688)

* refactor: remove panic usage in keeper methods (cosmos#18636)

* ci: rename pr name in misspell job (cosmos#18693)

Co-authored-by: Marko <[email protected]>

* build(deps): Bump github.com/pelletier/go-toml/v2 from 2.1.0 to 2.1.1 in /tools/confix (cosmos#18702)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

* feat(client/keys): support display discreetly for keys export (cosmos#18684)

* feat(x/gov): better gov genesis validation (cosmos#18707)

---------

Signed-off-by: bizk <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Carlos Santiago Yanzon <[email protected]>
Co-authored-by: yihuang <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <[email protected]>
Co-authored-by: Facundo Medica <[email protected]>
Co-authored-by: Akaonetwo <[email protected]>
Co-authored-by: Marko <[email protected]>
Co-authored-by: Julien Robert <[email protected]>
Co-authored-by: dreamweaverxyz <[email protected]>
Co-authored-by: Pioua <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: cool-developer <[email protected]>
Co-authored-by: leonarddt05 <[email protected]>
Co-authored-by: testinginprod <[email protected]>
Co-authored-by: unknown unknown <unknown@unknown>
Co-authored-by: Sukey <[email protected]>
Co-authored-by: axie <[email protected]>
Co-authored-by: Luke Ma <[email protected]>
Co-authored-by: Emmanuel T Odeke <[email protected]>
Co-authored-by: 0xn4de <[email protected]>
Co-authored-by: hattizai <[email protected]>
Co-authored-by: Devon Bear <[email protected]>
Co-authored-by: Marko <[email protected]>
Co-authored-by: Halimao <[email protected]>
Co-authored-by: Cosmos SDK <[email protected]>
Co-authored-by: github-merge-queue <[email protected]>
Co-authored-by: Facundo <[email protected]>
Co-authored-by: Likhita Polavarapu <[email protected]>
@Halimao Halimao deleted the feat/keys-export-discreetly branch December 29, 2023 01:53
@marcello33 marcello33 mentioned this pull request Jan 22, 2024
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature]: Support display private key discreetly for keys export
3 participants