feat: add google secret manager as backend (#15)

README.md

@@ -81,6 +81,7 @@ COPYRIGHT:
 We support the following storage backends for storing private keys:
 1. [Filesystem](docs/filesystem.md)
 2. [AWS Secret Manager](docs/aws_sercret_manager.md)
+3. [Google Secret Manager](docs/google_secret_manager.md)
 
 ### Monitoring
 The signer exposes prometheus metrics on the `/metrics` endpoint. You can scrape these metrics using a prometheus server.

cmd/cerberus/main.go

@@ -102,6 +102,12 @@ var (
 		Usage:   "AWS secret access key",
 		EnvVars: []string{"AWS_SECRET_ACCESS_KEY"},
 	}
+
+	gcpProjectIDFlag = &cli.StringFlag{
+		Name:    "gcp-project-id",
+		Usage:   "Project ID for Google Cloud Platform",
+		EnvVars: []string{"GCP_PROJECT_ID"},
+	}
 )
 
 func main() {
@@ -136,6 +142,7 @@ func main() {
 		awsAuthenticationModeFlag,
 		awsAccessKeyIDFlag,
 		awsSecretAccessKeyFlag,
+		gcpProjectIDFlag,
 	}
 	sort.Sort(cli.FlagsByName(app.Flags))
 
@@ -164,6 +171,7 @@ func start(c *cli.Context) error {
 	awsAuthenticationMode := c.String(awsAuthenticationModeFlag.Name)
 	awsAccessKeyID := c.String(awsAccessKeyIDFlag.Name)
 	awsSecretAccessKey := c.String(awsSecretAccessKeyFlag.Name)
+	gcpProjectID := c.String(gcpProjectIDFlag.Name)
 
 	cfg := &configuration.Configuration{
 		KeystoreDir:           keystoreDir,
@@ -177,6 +185,7 @@ func start(c *cli.Context) error {
 		AWSAuthenticationMode: configuration.AWSAuthenticationMode(awsAuthenticationMode),
 		AWSAccessKeyID:        awsAccessKeyID,
 		AWSSecretAccessKey:    awsSecretAccessKey,
+		GCPProjectID:          gcpProjectID,
 	}
 
 	if err := cfg.Validate(); err != nil {
@@ -193,7 +202,6 @@ func start(c *cli.Context) error {
 		handler := slog.NewTextHandler(os.Stdout, &slogOptions)
 		logger = slog.New(handler)
 	}
-	logger.Info("using configuration", "config", cfg)
 	logger.Info(fmt.Sprintf("Starting cerberus server version: %s", version))
 	server.Start(cfg, logger)
 	return nil

docs/google_secret_manager.md

@@ -0,0 +1,13 @@
+## Using Google Secret Manager as a backend for cerberus
+You can use Google Secret Manager as a backend for cerberus. To use Google Secret Manager as a backend, you need to set the `STORAGE_TYPE` environment variable to `google-secrets-manager`. 
+All the public keys are stored in `cerberus<pub-key-hex>` format. They will also have a label with key as `project` and value as `cerberus`.
+
+### Environment variables
+You will need to set the `GCP_PROJECT_ID` environment variable to `environment`. Make sure you have the necessary permissions to access the secrets.
+
+Example
+```bash
+cerberus \
+  --storage-type google-secrets-manager \
+  --gcp-project-id my-project
+```

go.mod

@@ -5,6 +5,7 @@ go 1.21
 toolchain go1.21.11
 
 require (
+	cloud.google.com/go/secretmanager v1.14.2
 	github.com/Layr-Labs/bn254-keystore-go v0.0.0-20241118175331-3ceaf682f032
 	github.com/Layr-Labs/cerberus-api v0.0.1
 	github.com/aws/aws-sdk-go-v2 v1.32.5
@@ -15,10 +16,15 @@ require (
 	github.com/prometheus/client_golang v1.20.3
 	github.com/stretchr/testify v1.10.0
 	github.com/urfave/cli/v2 v2.27.5
-	google.golang.org/grpc v1.64.1
+	google.golang.org/api v0.203.0
+	google.golang.org/grpc v1.67.1
 )
 
 require (
+	cloud.google.com/go/auth v0.9.9 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.2 // indirect
+	cloud.google.com/go/iam v1.2.1 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
@@ -35,6 +41,13 @@ require (
 	github.com/consensys/bavard v0.1.13 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
@@ -45,13 +58,23 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	rsc.io/tmplfunc v0.0.3 // indirect
 )