olas-operate-middleware 0.11.5__tar.gz → 0.12.0__tar.gz

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: olas-operate-middleware
-Version: 0.11.5
+Version: 0.12.0
 Summary: 
 License-File: LICENSE
 Author: David Vilela

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/cli.py

@@ -64,6 +64,7 @@ from operate.constants import (
     WALLET_RECOVERY_DIR,
     ZERO_ADDRESS,
 )
+from operate.keys import KeysManager
 from operate.ledger.profiles import (
     DEFAULT_EOA_TOPUPS,
     DEFAULT_NEW_SAFE_FUNDS,
@@ -143,7 +144,7 @@ def service_not_found_error(service_config_id: str) -> JSONResponse:
     )
 
 
-class OperateApp:
+class OperateApp:  # pylint: disable=too-many-instance-attributes
     """Operate app."""
 
     def __init__(
@@ -157,11 +158,13 @@ class OperateApp:
         self.setup()
         self._backup_operate_if_new_version()
 
-        services.manage.KeysManager(
+        self._password: t.Optional[str] = os.environ.get("OPERATE_USER_PASSWORD")
+        KeysManager._instances.clear()  # reset singleton instance
+        self._keys_manager: KeysManager = KeysManager(
             path=self._keys,
             logger=logger,
+            password=self._password,
         )
-        self._password: t.Optional[str] = os.environ.get("OPERATE_USER_PASSWORD")
         self.settings = Settings(path=self._path)
 
         self._wallet_manager = MasterWalletManager(
@@ -174,11 +177,11 @@ class OperateApp:
             logger=logger,
         )
 
-        mm = MigrationManager(self._path, logger)
-        mm.migrate_user_account()
-        mm.migrate_services(self.service_manager())
-        mm.migrate_wallets(self.wallet_manager)
-        mm.migrate_qs_configs()
+        self._migration_manager = MigrationManager(self._path, logger)
+        self._migration_manager.migrate_user_account()
+        self._migration_manager.migrate_services(self.service_manager())
+        self._migration_manager.migrate_wallets(self.wallet_manager)
+        self._migration_manager.migrate_qs_configs()
 
     @property
     def password(self) -> t.Optional[str]:
@@ -189,7 +192,9 @@ class OperateApp:
     def password(self, value: t.Optional[str]) -> None:
         """Set the password."""
         self._password = value
+        self._keys_manager.password = value
         self._wallet_manager.password = value
+        self._migration_manager.migrate_keys(self._keys_manager)
 
     def _backup_operate_if_new_version(self) -> None:
         """Backup .operate directory if this is a new version."""
@@ -256,6 +261,7 @@ class OperateApp:
         wallet_manager = self.wallet_manager
         wallet_manager.password = old_password
         wallet_manager.update_password(new_password)
+        self._keys_manager.update_password(new_password)
         self.user_account.update(old_password, new_password)
 
     def update_password_with_mnemonic(self, mnemonic: str, new_password: str) -> None:

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/keys.py

@@ -21,17 +21,17 @@
 
 import json
 import os
-import shutil
 import tempfile
 from dataclasses import dataclass
+from logging import Logger
 from pathlib import Path
-from typing import Any
+from typing import Any, Optional
 
 from aea_ledger_ethereum.ethereum import EthereumCrypto
 
 from operate.operate_types import LedgerType
 from operate.resource import LocalResource
-from operate.utils import SingletonMeta
+from operate.utils import SingletonMeta, unrecoverable_delete
 
 
 @dataclass
@@ -42,6 +42,15 @@ class Key(LocalResource):
     address: str
     private_key: str
 
+    def get_decrypted(self, password: str) -> dict:
+        """Get decrypted key json."""
+        return {
+            "ledger": self.ledger.value,
+            "address": self.address,
+            "private_key": "0x"
+            + EthereumCrypto.decrypt(self.private_key, password=password),
+        }
+
     @classmethod
     def load(cls, path: Path) -> "Key":
         """Load a service"""
@@ -61,13 +70,41 @@ class KeysManager(metaclass=SingletonMeta):
         if "path" not in kwargs:
             raise ValueError("Path must be provided for KeysManager")
 
-        self.path = kwargs["path"]
-        self.logger = kwargs["logger"]
+        self.path: Path = kwargs["path"]
+        self.logger: Logger = kwargs["logger"]
+        self.password: Optional[str] = kwargs.get("password")
         self.path.mkdir(exist_ok=True, parents=True)
 
+    def private_key_to_crypto(
+        self, private_key: str, password: Optional[str]
+    ) -> EthereumCrypto:
+        """Convert private key string to EthereumCrypto instance."""
+        with tempfile.NamedTemporaryFile(
+            dir=self.path,
+            mode="w",
+            suffix=".txt",
+            delete=False,  # Handle cleanup manually
+        ) as temp_file:
+            temp_file_name = temp_file.name
+            temp_file.write(private_key)
+            temp_file.flush()
+            temp_file.close()  # Close the file before reading
+
+            # Set proper file permissions (readable by owner only)
+            os.chmod(temp_file_name, 0o600)
+            crypto = EthereumCrypto(private_key_path=temp_file_name, password=password)
+
+            try:
+                unrecoverable_delete(
+                    Path(temp_file.name)
+                )  # Clean up the temporary file
+            except OSError as e:
+                self.logger.error(f"Failed to delete temp file {temp_file.name}: {e}")
+
+        return crypto
+
     def get(self, key: str) -> Key:
         """Get key object."""
-        KeysManager.migrate_format(self.path / key)
         return Key.from_json(  # type: ignore
             obj=json.loads(
                 (self.path / key).read_text(
@@ -91,46 +128,20 @@ class KeysManager(metaclass=SingletonMeta):
 
     def get_crypto_instance(self, address: str) -> EthereumCrypto:
         """Get EthereumCrypto instance for the given address."""
-        key: Key = Key.from_json(  # type: ignore
-            obj=json.loads(
-                (self.path / address).read_text(
-                    encoding="utf-8",
-                )
-            )
-        )
-        private_key = key.private_key
-        # Create temporary file with delete=False to handle it manually
-        with tempfile.NamedTemporaryFile(
-            dir=self.path,
-            mode="w",
-            suffix=".txt",
-            delete=False,  # Handle cleanup manually
-        ) as temp_file:
-            temp_file_name = temp_file.name
-            temp_file.write(private_key)
-            temp_file.flush()
-            temp_file.close()  # Close the file before reading
-
-            # Set proper file permissions (readable by owner only)
-            os.chmod(temp_file_name, 0o600)
-            crypto = EthereumCrypto(private_key_path=temp_file_name)
-
-            try:
-                with open(temp_file_name, "r+", encoding="utf-8") as f:
-                    f.seek(0)
-                    f.write("\0" * len(private_key))
-                    f.flush()
-                    f.close()
-                os.unlink(temp_file_name)  # Clean up the temporary file
-            except OSError as e:
-                self.logger.error(f"Failed to delete temp file {temp_file.name}: {e}")
-
-        return crypto
+        key: Key = self.get(address)
+        return self.private_key_to_crypto(key.private_key, self.password)
 
     def create(self) -> str:
         """Creates new key."""
         self.path.mkdir(exist_ok=True, parents=True)
-        crypto = EthereumCrypto()
+        crypto = EthereumCrypto(password=self.password)
+        key = Key(
+            ledger=LedgerType.ETHEREUM,
+            address=crypto.address,
+            private_key=crypto.encrypt(password=self.password)
+            if self.password is not None
+            else crypto.private_key,
+        )
         for path in (
             self.path / f"{crypto.address}.bak",
             self.path / crypto.address,
@@ -140,12 +151,8 @@ class KeysManager(metaclass=SingletonMeta):
 
             path.write_text(
                 json.dumps(
-                    Key(
-                        ledger=LedgerType.ETHEREUM,
-                        address=crypto.address,
-                        private_key=crypto.private_key,
-                    ).json,
-                    indent=4,
+                    key.json,
+                    indent=2,
                 ),
                 encoding="utf-8",
             )
@@ -156,25 +163,23 @@ class KeysManager(metaclass=SingletonMeta):
         """Delete key."""
         os.remove(self.path / key)
 
-    @classmethod
-    def migrate_format(cls, path: Path) -> bool:
-        """Migrate the JSON file format if needed."""
-        migrated = False
-        backup_path = path.with_suffix(".bak")
-        if not backup_path.is_file():
-            shutil.copyfile(path, backup_path)
-            migrated = True
-
-        with open(path, "r", encoding="utf-8") as file:
-            data = json.load(file)
-
-        old_to_new_ledgers = {0: "ethereum", 1: "solana"}
-        if data.get("ledger") in old_to_new_ledgers:
-            data["ledger"] = old_to_new_ledgers.get(data["ledger"])
-            migrated = True
-
-        if migrated:
-            with open(path, "w", encoding="utf-8") as file:
-                json.dump(data, file, indent=2)
-
-        return migrated
+    def update_password(self, new_password: str) -> None:
+        """Update password for all keys."""
+        for key_file in self.path.iterdir():
+            if not key_file.is_file() or key_file.suffix == ".bak":
+                continue
+
+            key = self.get(key_file.name)
+            crypto = self.get_crypto_instance(key_file.name)
+            encrypted_private_key = crypto.encrypt(password=new_password)
+            key.private_key = encrypted_private_key
+            key.path = self.path / key_file.name
+            key.store()
+
+            backup_path = self.path / f"{key.address}.bak"
+            backup_path.write_text(
+                json.dumps(key.json, indent=2),
+                encoding="utf-8",
+            )
+
+        self.password = new_password

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/migration.py

@@ -28,8 +28,11 @@ from pathlib import Path
 from time import time
 
 from aea_cli_ipfs.ipfs_utils import IPFSTool
+from aea_ledger_ethereum import EthereumCrypto
+from web3 import Web3
 
 from operate.constants import USER_JSON, ZERO_ADDRESS
+from operate.keys import KeysManager
 from operate.operate_types import Chain, LedgerType
 from operate.services.manage import ServiceManager
 from operate.services.service import (
@@ -38,7 +41,7 @@ from operate.services.service import (
     SERVICE_CONFIG_VERSION,
     Service,
 )
-from operate.utils import create_backup
+from operate.utils import create_backup, unrecoverable_delete
 from operate.wallet.master import LEDGER_TYPE_TO_WALLET_CLASS, MasterWalletManager
 
 
@@ -454,3 +457,65 @@ class MigrationManager:
             self.logger.info(
                 "[MIGRATION MANAGER] Migrated quickstart config: %s.", qs_config.name
             )
+
+    def migrate_keys(self, keys_manager: KeysManager) -> None:
+        """Migrate keys format if needed."""
+        self.logger.info("Migrating keys...")
+
+        for key_file in keys_manager.path.iterdir():
+            if (
+                not key_file.is_file()
+                or key_file.suffix == ".bak"
+                or not Web3.is_address(key_file.name)
+            ):
+                self.logger.warning(f"Skipping non-key file: {key_file}")
+                continue
+
+            migrated = False
+            backup_path = key_file.with_suffix(".bak")
+
+            try:
+                with open(key_file, "r", encoding="utf-8") as file:
+                    data = json.load(file)
+            except Exception as e:  # pylint: disable=broad-except
+                self.logger.error(
+                    f"Failed to read key file: {key_file}\n"
+                    f"Key file content:\n{key_file.read_text(encoding='utf-8')}\n"
+                    f"Exception {e}: {traceback.format_exc()}"
+                )
+                raise e
+
+            old_to_new_ledgers = {0: "ethereum", 1: "solana"}
+            if data.get("ledger") in old_to_new_ledgers:
+                data["ledger"] = old_to_new_ledgers.get(data["ledger"])
+                with open(key_file, "w", encoding="utf-8") as file:
+                    json.dump(data, file, indent=2)
+
+                migrated = True
+
+            private_key = data.get("private_key")
+            if (
+                private_key
+                and keys_manager.password is not None
+                and private_key.startswith("0x")
+            ):
+                crypto: EthereumCrypto = keys_manager.private_key_to_crypto(
+                    private_key=private_key,
+                    password=None,
+                )
+                encrypted_private_key = crypto.encrypt(password=keys_manager.password)
+                data["private_key"] = encrypted_private_key
+                if backup_path.exists():
+                    unrecoverable_delete(backup_path)
+
+                migrated = True
+
+            if migrated:
+                with open(key_file, "w", encoding="utf-8") as file:
+                    json.dump(data, file, indent=2)
+
+            if not backup_path.exists():
+                shutil.copyfile(key_file, backup_path)
+
+            if migrated:
+                self.logger.info(f"Key {key_file.name} has been migrated.")

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/quickstart/reset_password.py

@@ -22,10 +22,9 @@ from typing import TYPE_CHECKING
 
 from operate.account.user import UserAccount
 from operate.constants import USER_JSON
-from operate.operate_types import LedgerType
+from operate.keys import KeysManager
 from operate.quickstart.run_service import ask_confirm_password
 from operate.quickstart.utils import ask_or_get_from_env, print_section, print_title
-from operate.wallet.master import EthereumMasterWallet
 
 
 if TYPE_CHECKING:
@@ -66,10 +65,7 @@ def reset_password(operate: "OperateApp") -> None:
 
     print('Resetting password of "ethereum" wallet...')
     operate.password = old_password
-    operate.wallet_manager.password = old_password
-    wallet: EthereumMasterWallet = operate.wallet_manager.load(
-        ledger_type=LedgerType.ETHEREUM
-    )
-    wallet.update_password(new_password=new_password)
+    operate.wallet_manager.update_password(new_password=new_password)
+    KeysManager().update_password(new_password=new_password)
 
     print_section("Password reset done!")

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/resource.py

@@ -24,12 +24,13 @@ import json
 import os
 import platform
 import shutil
-import time
 import types
 import typing as t
 from dataclasses import asdict, is_dataclass
 from pathlib import Path
 
+from operate.utils import safe_file_operation
+
 
 # pylint: disable=too-many-return-statements,no-member
 
@@ -94,23 +95,6 @@ def deserialize(obj: t.Any, otype: t.Any) -> t.Any:
     return obj
 
 
-def _safe_file_operation(operation: t.Callable, *args: t.Any, **kwargs: t.Any) -> None:
-    """Safely perform file operation with retries on Windows."""
-    max_retries = 3 if platform.system() == "Windows" else 1
-
-    for attempt in range(max_retries):
-        try:
-            operation(*args, **kwargs)
-            return
-        except (PermissionError, FileNotFoundError, OSError) as e:
-            if attempt == max_retries - 1:
-                raise e
-
-            if platform.system() == "Windows":
-                # On Windows, wait a bit and retry
-                time.sleep(0.1)
-
-
 class LocalResource:
     """Initialize local resource."""
 
@@ -163,13 +147,13 @@ class LocalResource:
         bak0 = path.with_name(f"{path.name}.0.bak")
 
         if path.exists() and not bak0.exists():
-            _safe_file_operation(shutil.copy2, path, bak0)
+            safe_file_operation(shutil.copy2, path, bak0)
 
         tmp_path = path.parent / f".{path.name}.tmp"
 
         # Clean up any existing tmp file
         if tmp_path.exists():
-            _safe_file_operation(tmp_path.unlink)
+            safe_file_operation(tmp_path.unlink)
 
         tmp_path.write_text(
             json.dumps(
@@ -181,11 +165,11 @@ class LocalResource:
 
         # Atomic replace to avoid corruption
         try:
-            _safe_file_operation(os.replace, tmp_path, path)
+            safe_file_operation(os.replace, tmp_path, path)
         except (PermissionError, FileNotFoundError):
             # On Windows, if the replace fails, clean up and skip
             if platform.system() == "Windows":
-                _safe_file_operation(tmp_path.unlink)
+                safe_file_operation(tmp_path.unlink)
 
         self.load(self.path)  # Validate before making backup
 
@@ -195,7 +179,7 @@ class LocalResource:
             older = path.with_name(f"{path.name}.{i + 1}.bak")
             if newer.exists():
                 if older.exists():
-                    _safe_file_operation(older.unlink)
-                _safe_file_operation(newer.rename, older)
+                    safe_file_operation(older.unlink)
+                safe_file_operation(newer.rename, older)
 
-        _safe_file_operation(shutil.copy2, path, bak0)
+        safe_file_operation(shutil.copy2, path, bak0)

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/services/deployment_runner.py

@@ -56,7 +56,7 @@ class AbstractDeploymentRunner(ABC):
         self._work_directory = work_directory
 
     @abstractmethod
-    def start(self) -> None:
+    def start(self, password: str) -> None:
         """Start the deployment."""
 
     @abstractmethod
@@ -182,7 +182,7 @@ class BaseDeploymentRunner(AbstractDeploymentRunner, metaclass=ABCMeta):
         )
         return env
 
-    def _setup_agent(self) -> None:
+    def _setup_agent(self, password: str) -> None:
         """Setup agent."""
         working_dir = self._work_directory
         env = self._prepare_agent_env()
@@ -223,18 +223,37 @@ class BaseDeploymentRunner(AbstractDeploymentRunner, metaclass=ABCMeta):
             working_dir / "agent" / "ethereum_private_key.txt",
         )
 
-        self._run_aea_command("-s", "add-key", "ethereum", cwd=working_dir / "agent")
         self._run_aea_command(
-            "-s", "add-key", "ethereum", "--connection", cwd=working_dir / "agent"
+            "-s",
+            "add-key",
+            "--password",
+            password,
+            "ethereum",
+            cwd=working_dir / "agent",
+        )
+        self._run_aea_command(
+            "-s",
+            "add-key",
+            "--password",
+            password,
+            "ethereum",
+            "--connection",
+            cwd=working_dir / "agent",
         )
 
-        self._run_aea_command("-s", "issue-certificates", cwd=working_dir / "agent")
+        self._run_aea_command(
+            "-s",
+            "issue-certificates",
+            "--password",
+            password,
+            cwd=working_dir / "agent",
+        )
 
-    def start(self) -> None:
+    def start(self, password: str) -> None:
         """Start the deployment with retries."""
         for _ in range(self.START_TRIES):
             try:
-                self._start()
+                self._start(password=password)
                 return
             except Exception as e:  # pylint: disable=broad-except
                 self.logger.exception(f"Error on starting deployment: {e}")
@@ -242,11 +261,11 @@ class BaseDeploymentRunner(AbstractDeploymentRunner, metaclass=ABCMeta):
             f"Failed to start the deployment after {self.START_TRIES} attempts! Check logs"
         )
 
-    def _start(self) -> None:
+    def _start(self, password: str) -> None:
         """Start the deployment."""
-        self._setup_agent()
+        self._setup_agent(password=password)
         self._start_tendermint()
-        self._start_agent()
+        self._start_agent(password=password)
 
     def stop(self) -> None:
         """Stop the deployment."""
@@ -285,7 +304,7 @@ class BaseDeploymentRunner(AbstractDeploymentRunner, metaclass=ABCMeta):
         """Start tendermint  process."""
 
     @abstractmethod
-    def _start_agent(self) -> None:
+    def _start_agent(self, password: str) -> None:
         """Start aea process."""
 
     @property
@@ -318,7 +337,7 @@ class PyInstallerHostDeploymentRunner(BaseDeploymentRunner):
         """Return tendermint path."""
         return str(Path(os.path.dirname(sys.executable)) / "tendermint_bin")  # type: ignore # pylint: disable=protected-access
 
-    def _start_agent(self) -> None:
+    def _start_agent(self, password: str) -> None:
         """Start agent process."""
         working_dir = self._work_directory
         env = json.loads((working_dir / "agent.json").read_text(encoding="utf-8"))
@@ -326,13 +345,17 @@ class PyInstallerHostDeploymentRunner(BaseDeploymentRunner):
         env["PYTHONIOENCODING"] = "utf8"
         env = {**os.environ, **env}
 
-        process = self._start_agent_process(env=env, working_dir=working_dir)
+        process = self._start_agent_process(
+            env=env, working_dir=working_dir, password=password
+        )
         (working_dir / "agent.pid").write_text(
             data=str(process.pid),
             encoding="utf-8",
         )
 
-    def _start_agent_process(self, env: Dict, working_dir: Path) -> subprocess.Popen:
+    def _start_agent_process(
+        self, env: Dict, working_dir: Path, password: str
+    ) -> subprocess.Popen:
         """Start agent process."""
         raise NotImplementedError
 
@@ -364,7 +387,9 @@ class PyInstallerHostDeploymentRunner(BaseDeploymentRunner):
 class PyInstallerHostDeploymentRunnerMac(PyInstallerHostDeploymentRunner):
     """Mac deployment runner."""
 
-    def _start_agent_process(self, env: Dict, working_dir: Path) -> subprocess.Popen:
+    def _start_agent_process(
+        self, env: Dict, working_dir: Path, password: str
+    ) -> subprocess.Popen:
         """Start agent process."""
         agent_runner_log_file = self._open_agent_runner_log_file()
         process = subprocess.Popen(  # pylint: disable=consider-using-with,subprocess-popen-preexec-fn # nosec
@@ -372,6 +397,8 @@ class PyInstallerHostDeploymentRunnerMac(PyInstallerHostDeploymentRunner):
                 self._agent_runner_bin,
                 "-s",
                 "run",
+                "--password",
+                password,
             ],
             cwd=working_dir / "agent",
             stdout=agent_runner_log_file,
@@ -486,7 +513,9 @@ class PyInstallerHostDeploymentRunnerWindows(PyInstallerHostDeploymentRunner):
         """Return tendermint path."""
         return str(Path(os.path.dirname(sys.executable)) / "tendermint_win.exe")  # type: ignore # pylint: disable=protected-access
 
-    def _start_agent_process(self, env: Dict, working_dir: Path) -> subprocess.Popen:
+    def _start_agent_process(
+        self, env: Dict, working_dir: Path, password: str
+    ) -> subprocess.Popen:
         """Start agent process."""
         agent_runner_log_file = self._open_agent_runner_log_file()
         process = subprocess.Popen(  # pylint: disable=consider-using-with # nosec
@@ -494,6 +523,8 @@ class PyInstallerHostDeploymentRunnerWindows(PyInstallerHostDeploymentRunner):
                 self._agent_runner_bin,
                 "-s",
                 "run",
+                "--password",
+                password,
             ],  # TODO: Patch for Windows failing hash
             cwd=working_dir / "agent",
             stdout=agent_runner_log_file,
@@ -533,7 +564,7 @@ class HostPythonHostDeploymentRunner(BaseDeploymentRunner):
         """Return aea_bin path."""
         return str(self._venv_dir / "bin" / "aea")
 
-    def _start_agent(self) -> None:
+    def _start_agent(self, password: str) -> None:
         """Start agent process."""
         working_dir = self._work_directory
         env = json.loads((working_dir / "agent.json").read_text(encoding="utf-8"))
@@ -546,6 +577,8 @@ class HostPythonHostDeploymentRunner(BaseDeploymentRunner):
                 self._agent_runner_bin,
                 "-s",
                 "run",
+                "--password",
+                password,
             ],  # TODO: Patch for Windows failing hash
             cwd=str(working_dir / "agent"),
             env={**os.environ, **env},
@@ -613,14 +646,15 @@ class HostPythonHostDeploymentRunner(BaseDeploymentRunner):
                 # Install tendermint dependencies
                 "flask",
                 "requests",
+                "multiaddr==0.0.9",  # TODO: remove when pinned on open-aea
             ],
         )
 
-    def _setup_agent(self) -> None:
+    def _setup_agent(self, password: str) -> None:
         """Prepare agent."""
         multiprocessing.set_start_method("spawn")
         self._setup_venv()
-        super()._setup_agent()
+        super()._setup_agent(password=password)
         # Install agent dependencies
         self._run_cmd(
             args=[
@@ -707,7 +741,7 @@ class DeploymentManager:
             "Failed to perform test connection to ipfs to check network connection!"
         )
 
-    def run_deployment(self, build_dir: Path) -> None:
+    def run_deployment(self, build_dir: Path, password: str) -> None:
         """Run deployment."""
         if self._is_stopping:
             raise RuntimeError("deployment manager stopped")
@@ -721,7 +755,7 @@ class DeploymentManager:
         self._states[build_dir] = States.STARTING
         try:
             deployment_runner = self._get_deployment_runner(build_dir=build_dir)
-            deployment_runner.start()
+            deployment_runner.start(password=password)
             self.logger.info(f"Started deployment {build_dir}")
             self._states[build_dir] = States.STARTED
         except Exception:  # pylint: disable=broad-except
@@ -729,15 +763,15 @@ class DeploymentManager:
                 f"Starting deployment failed {build_dir}. so try to stop"
             )
             self._states[build_dir] = States.ERROR
-            self.stop_deployemnt(build_dir=build_dir, force=True)
+            self.stop_deployment(build_dir=build_dir, force=True)
 
         if self._is_stopping:
             self.logger.warning(
                 f"Deployment at {build_dir} started when it was  going to stop, so stop it"
             )
-            self.stop_deployemnt(build_dir=build_dir, force=True)
+            self.stop_deployment(build_dir=build_dir, force=True)
 
-    def stop_deployemnt(self, build_dir: Path, force: bool = False) -> None:
+    def stop_deployment(self, build_dir: Path, force: bool = False) -> None:
         """Stop the deployment."""
         if (
             self.get_state(build_dir=build_dir) in [States.STARTING, States.STOPPING]
@@ -760,14 +794,14 @@ class DeploymentManager:
 deployment_manager = DeploymentManager()
 
 
-def run_host_deployment(build_dir: Path) -> None:
+def run_host_deployment(build_dir: Path, password: str) -> None:
     """Run host deployment."""
-    deployment_manager.run_deployment(build_dir=build_dir)
+    deployment_manager.run_deployment(build_dir=build_dir, password=password)
 
 
 def stop_host_deployment(build_dir: Path) -> None:
     """Stop host deployment."""
-    deployment_manager.stop_deployemnt(build_dir=build_dir)
+    deployment_manager.stop_deployment(build_dir=build_dir)
 
 
 def stop_deployment_manager() -> None:

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/services/manage.py

@@ -2232,10 +2232,11 @@ class ServiceManager:
             use_kubernetes=use_kubernetes,
             force=True,
             chain=chain or service.home_chain,
+            password=self.wallet_manager.password,
         )
         if build_only:
             return deployment
-        deployment.start(use_docker=use_docker)
+        deployment.start(password=self.wallet_manager.password, use_docker=use_docker)
         return deployment
 
     def stop_service_locally(

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/services/service.py

@@ -97,6 +97,7 @@ from operate.operate_types import (
 from operate.resource import LocalResource
 from operate.services.deployment_runner import run_host_deployment, stop_host_deployment
 from operate.services.utils import tendermint
+from operate.utils import unrecoverable_delete
 from operate.utils.gnosis import get_asset_balance
 from operate.utils.ssl import create_ssl_certificate
 
@@ -394,7 +395,7 @@ class Deployment(LocalResource):
         if source_path.exists():
             shutil.copy(source_path, destination_path)
 
-    def _build_kubernetes(self, force: bool = True) -> None:
+    def _build_kubernetes(self, password: str, force: bool = True) -> None:
         """Build kubernetes deployment."""
         k8s_build = self.path / DEPLOYMENT_DIR / "abci_build_k8s"
         if k8s_build.exists() and force:
@@ -402,11 +403,23 @@ class Deployment(LocalResource):
         mkdirs(build_dir=k8s_build)
 
         service = Service.load(path=self.path)
+        keys_file = self.path / DEFAULT_KEYS_FILE
+        keys_file.write_text(
+            json.dumps(
+                [
+                    KeysManager().get(address).get_decrypted(password)
+                    for address in service.agent_addresses
+                ],
+                indent=4,
+            ),
+            encoding="utf-8",
+        )
         builder = ServiceBuilder.from_dir(
             path=service.package_absolute_path,
-            keys_file=self.path / DEFAULT_KEYS_FILE,
+            keys_file=keys_file,
             number_of_agents=len(service.agent_addresses),
         )
+        unrecoverable_delete(keys_file)
         builder.deplopyment_type = KubernetesGenerator.deployment_type
         (
             KubernetesGenerator(
@@ -424,6 +437,7 @@ class Deployment(LocalResource):
 
     def _build_docker(
         self,
+        password: str,
         force: bool = True,
         chain: t.Optional[str] = None,
     ) -> None:
@@ -448,7 +462,7 @@ class Deployment(LocalResource):
         keys_file.write_text(
             json.dumps(
                 [
-                    KeysManager().get(address).json
+                    KeysManager().get(address).get_decrypted(password)
                     for address in service.agent_addresses
                 ],
                 indent=4,
@@ -461,6 +475,7 @@ class Deployment(LocalResource):
                 keys_file=keys_file,
                 number_of_agents=len(service.agent_addresses),
             )
+            unrecoverable_delete(keys_file)
             builder.deplopyment_type = DockerComposeGenerator.deployment_type
             builder.try_update_abci_connection_params()
 
@@ -614,6 +629,7 @@ class Deployment(LocalResource):
 
     def build(
         self,
+        password: str,
         use_docker: bool = False,
         use_kubernetes: bool = False,
         force: bool = True,
@@ -649,9 +665,9 @@ class Deployment(LocalResource):
             )
             service.consume_env_variables()
             if use_docker:
-                self._build_docker(force=force, chain=chain)
+                self._build_docker(password=password, force=force, chain=chain)
             if use_kubernetes:
-                self._build_kubernetes(force=force)
+                self._build_kubernetes(password=password, force=force)
         else:
             ssl_key_path, ssl_cert_path = create_ssl_certificate(
                 ssl_dir=service.path / DEPLOYMENT_DIR / "ssl"
@@ -668,7 +684,7 @@ class Deployment(LocalResource):
         os.environ.clear()
         os.environ.update(original_env)
 
-    def start(self, use_docker: bool = False) -> None:
+    def start(self, password: str, use_docker: bool = False) -> None:
         """Start the service"""
         if self.status != DeploymentStatus.BUILT:
             raise NotAllowed(
@@ -686,7 +702,9 @@ class Deployment(LocalResource):
                     project_name=self.path.name,
                 )
             else:
-                run_host_deployment(build_dir=self.path / "deployment")
+                run_host_deployment(
+                    build_dir=self.path / "deployment", password=password
+                )
         except Exception:
             self.status = DeploymentStatus.BUILT
             self.store()

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/operate/utils/__init__.py

@@ -19,6 +19,8 @@
 
 """Helper utilities."""
 
+import os
+import platform
 import shutil
 import time
 import typing as t
@@ -107,3 +109,47 @@ def subtract_dicts(
         else:
             result[key] = max((va or 0) - (vb or 0), 0)  # type: ignore
     return result
+
+
+def safe_file_operation(operation: t.Callable, *args: t.Any, **kwargs: t.Any) -> None:
+    """Safely perform file operation with retries on Windows."""
+    max_retries = 3 if platform.system() == "Windows" else 1
+
+    for attempt in range(max_retries):
+        try:
+            operation(*args, **kwargs)
+            return
+        except (PermissionError, FileNotFoundError, OSError) as e:
+            if attempt == max_retries - 1:
+                raise e
+
+            if platform.system() == "Windows":
+                # On Windows, wait a bit and retry
+                time.sleep(0.1)
+
+
+def unrecoverable_delete(file_path: Path, passes: int = 3) -> None:
+    """Delete a file unrecoverably."""
+    if not file_path.exists():
+        return
+
+    if not file_path.is_file():
+        raise ValueError(f"{file_path} is not a file")
+
+    try:
+        file_size = os.path.getsize(file_path)
+
+        with open(file_path, "r+b") as f:
+            for _ in range(passes):
+                # Overwrite with random bytes
+                f.seek(0)
+                random_data = os.urandom(file_size)
+                f.write(random_data)
+                f.flush()  # Ensure data is written to disk
+
+        # Finally, delete the file
+        safe_file_operation(os.remove, file_path)
+    except PermissionError:
+        print(f"Permission denied to securely delete file '{file_path}'.")
+    except Exception as e:  # pylint: disable=broad-except
+        print(f"Error during secure deletion of '{file_path}': {e}")

{olas_operate_middleware-0.11.5 → olas_operate_middleware-0.12.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "olas-operate-middleware"
-version = "0.11.5"
+version = "0.12.0"
 description = ""
 authors = ["David Vilela <dvilelaf@gmail.com>", "Viraj Patel <vptl185@gmail.com>"]
 readme = "README.md"