Create secrets script

.deploy/.gitignore

@@ -0,0 +1,2 @@
+*.secrets.json
+!example.secrets.json

.deploy/copy-secrets.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+# Set working directory to script location
+cd "$(dirname "$0")" || exit 1
+
+# Source file path (in current directory)
+SOURCE="example.secrets.json"
+
+# Color codes
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# List of target files
+TARGETS=("cn1" "cn2" "cn3" "agg")
+
+# Check if source file exists
+if [ ! -f "$SOURCE" ]; then
+    echo "Error: Source file $SOURCE not found!"
+    exit 1
+fi
+
+# Copy file to each target, skipping if exists
+for target in "${TARGETS[@]}"; do
+    if [ -f "${target}.secrets.json" ]; then
+        echo "Skipping ${target}.secrets.json - file already exists"
+    else
+        cp "$SOURCE" "${target}.secrets.json"
+        echo "Created ${target}.secrets.json"
+    fi
+done
+
+echo "Copy operation completed!"
+
+# Check for unchanged files
+echo -e "\nChecking for unchanged secret files..."
+UNCHANGED_FILES=()
+
+for target in "${TARGETS[@]}"; do
+    if [ -f "${target}.secrets.json" ]; then
+        if cmp -s "$SOURCE" "${target}.secrets.json"; then
+            UNCHANGED_FILES+=("${target}.secrets.json")
+        fi
+    fi
+done
+
+# Display warning if unchanged files found
+if [ ${#UNCHANGED_FILES[@]} -gt 0 ]; then
+    echo -e "${RED}WARNING: The following files are identical to example.secrets.json:${NC}"
+    for file in "${UNCHANGED_FILES[@]}"; do
+        echo -e "${YELLOW}==> ${NC}${file}${YELLOW} <==${NC}"
+    done
+    echo -e "${RED}These files should be modified before use in production!${NC}"
+fi

docker-compose.yml → .deploy/docker-compose.yml

@@ -2,10 +2,11 @@ services:
   cn1:
     image: ghcr.io/gnosisguild/ciphernode:latest
     volumes:
-      - ./configs/cn1.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - ./.deploy/cn1.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
       - cn1-data:/home/ciphernode/.local/share/enclave
     secrets:
-      - secrets.json
+      - source: secrets_cn1
+        target: secrets.json
     environment:
       RUST_LOG: "info"
       AGGREGATOR: "false"
@@ -14,8 +15,14 @@ services:
         published: 9091
         protocol: udp
         mode: host
-    deploy:
+   deploy:
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: stop-first
+        failure_action: rollback
+      restart_policy:
+        condition: any
     networks:
       - global-network
 
@@ -25,10 +32,11 @@ services:
     depends_on:
       - cn1
     volumes:
-      - ./configs/cn2.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - ./.deploy/cn2.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
       - cn2-data:/home/ciphernode/.local/share/enclave
     secrets:
-      - secrets.json
+      - source: secrets_cn2
+        target: secrets.json
     environment:
       RUST_LOG: "info"
       AGGREGATOR: "false"
@@ -37,8 +45,14 @@ services:
         published: 9092
         protocol: udp
         mode: host
-    deploy:
+   deploy:
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: stop-first
+        failure_action: rollback
+      restart_policy:
+        condition: any
     networks:
       - global-network
 
@@ -47,10 +61,11 @@ services:
     depends_on:
       - cn1
     volumes:
-      - ./configs/cn3.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - ./.deploy/cn3.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
       - cn3-data:/home/ciphernode/.local/share/enclave
     secrets:
-      - secrets.json
+      - source: secrets_cn3
+        target: secrets.json
     environment:
       RUST_LOG: "info"
       AGGREGATOR: "false"
@@ -59,8 +74,14 @@ services:
         published: 9093
         protocol: udp
         mode: host
-    deploy:
+   deploy:
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: stop-first
+        failure_action: rollback
+      restart_policy:
+        condition: any
     networks:
       - global-network
 
@@ -70,10 +91,11 @@ services:
     depends_on:
       - cn1
     volumes:
-      - ./configs/agg.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - ./.deploy/agg.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
       - agg-data:/home/ciphernode/.local/share/enclave
     secrets:
-      - secrets.json
+      - source: secrets_agg
+        target: secrets.json
     environment:
       RUST_LOG: "info"
       AGGREGATOR: "true"
@@ -82,15 +104,27 @@ services:
         published: 9094
         protocol: udp
         mode: host
-    deploy:
+   deploy:
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: stop-first
+        failure_action: rollback
+      restart_policy:
+        condition: any
     networks:
       - global-network
 
 secrets:
-  secrets.json:
-    file: ./configs/secrets.json
-
+  secrets_cn1:
+    file: .deploy/cn1.secrets.json
+  secrets_cn2:
+    file: .deploy/cn2.secrets.json
+  secrets_cn3:
+    file: .deploy/cn3.secrets.json
+  secrets_agg:
+    file: .deploy/agg.secrets.json   
+
 volumes:
   cn1-data:
   cn2-data:

.deploy/example.secrets.json

@@ -0,0 +1,4 @@
+{
+  "password": "changeme",
+  "private_key": "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+}

.deploy/swarm_deployment.md

@@ -0,0 +1,31 @@
+
+# Secrets Setup Script
+
+To deploy with swarm we need to set up the secrets file for our cluster.
+
+## Run
+```bash
+./.deploy/copy-secrets.sh
+```
+
+## What it does
+- Copies `example.secrets.json` to create `cn1/2/3` and `agg.secrets.json` files
+- Skips existing files
+- Warns with yellow arrows (==>) if any files are identical to the example
+
+## Example output
+```bash
+Created cn1.secrets.json
+Skipping cn2.secrets.json - file already exists
+
+==> cn1.secrets.json <== # Yellow arrows indicate files that need customization
+```
+
+Remember to modify any highlighted files before use.
+
+# Run docker swarm
+
+```
+docker stack deploy -c .deploy/docker-compose.yml p2p-stack
+```
+