feat: remove automatic key file fetch from decryption script

adg-flare · adg-flare · commit 25376ee0d19e · 2026-01-05T14:41:38.000Z
diff --git a/scripts/web2/README.md b/scripts/web2/README.md
@@ -1,6 +1,6 @@
-# Ignite API Key Decryption example
+# Ignite Proxy API Key Decryption example
 
-This is a sample script demonstrating how to decrypt your Ignite proxy API key using your provider's signing policy private key.
+This is a sample script demonstrating how to obtain your Ignite proxy API key.
 
 ## Setup
 
@@ -14,25 +14,30 @@ Create a `.env.decrypt` file in `scripts/web2/` with:
 
 ```bash
 PRIVATE_KEY=0x...
-KEYS_URL=https://api.ignitemarket.xyz/proxy-api-keys
 ```
 
 - `PRIVATE_KEY`: your provider's signing policy private key in hex format.
-- `KEYS_URL`: endpoint with published API keys, defaults to: `https://api.ignitemarket.xyz/proxy-api-keys`.
 
-## Usage
+## Step 1: Fetch encrypted keys list
 
-From the project root, run:
+From `scripts/web2/`, run:
+
+```bash
+curl -s "https://api.ignitemarket.xyz/proxy-api-keys" -o ignite-api-keys.json
+```
+
+## Step 2: Decrypt your API key
+
+From `scripts/web2/`, run:
 
 ```bash
-cd scripts/web2
 npx ts-node decrypt-ignite-key.ts
 ```
 
-The script will:
+This will:
 
-1. Load `PRIVATE_KEY` (and optionally `KEYS_URL`) from `.env.decrypt`.
-2. Derive your signing policy address from `PRIVATE_KEY`.
-3. Fetch encrypted API keys from `KEYS_URL`.
-4. Find the entry matching your address.
-5. Decrypt the API key and print it to stdout.
+1. Load `PRIVATE_KEY` from `.env.decrypt`.
+2. Read the full keys JSON file (`ignite-api-keys.json`).
+3. Filter find entry matching your signing policy address derived from `PRIVATE_KEY`.
+4. Decrypt the API key.
+5. Print the decrypted API key to stdout.
diff --git a/scripts/web2/decrypt-ignite-key.ts b/scripts/web2/decrypt-ignite-key.ts
@@ -1,26 +1,24 @@
 #!/usr/bin/env ts-node
 import 'dotenv/config';
-import axios from 'axios';
 import { ethers } from 'ethers';
 import { createDecipheriv, createECDH, hkdfSync } from 'crypto';
 import { config as loadEnv } from 'dotenv';
+import { readFileSync } from 'fs';
 import { resolve } from 'path';
 
 // Load dedicated env file for decryption, next to this script
 loadEnv({ path: resolve(__dirname, '.env.decrypt') });
 
-const KEYS_URL =
-  process.env.KEYS_URL || 'https://api.ignitemarket.xyz/proxy-api-keys';
 const ENV_KEY = 'PRIVATE_KEY';
+const INPUT_FILE = 'ignite-api-keys.json';
 
 const ECDH_SALT = Buffer.from('key-publish-ecdh-salt-v1');
 const ECDH_INFO_PREFIX = Buffer.from('key-publish-api-key:v1:');
 const AES_NONCE_SIZE = 12;
 const AUTH_TAG_SIZE = 16;
 
 interface EncryptedKeyRecord {
-  signing_address?: string;
-  identity_address?: string;
+  signing_policy_address: string;
   encrypted_API_key: string;
 }
 
@@ -107,26 +105,27 @@ function decryptIgniteKey(
   }
 }
 
-async function fetchEncryptedKeys(): Promise<EncryptedKeyRecord[]> {
-  const resp = await axios.get(KEYS_URL, { timeout: 10_000 });
-  const data = resp.data;
-  if (!data || typeof data !== 'object' || !Array.isArray(data.data)) {
-    throw new Error('API response is not in the expected format.');
+function loadAllKeysFromFile(): EncryptedKeyRecord[] {
+  const filePath = resolve(__dirname, INPUT_FILE);
+  const raw = readFileSync(filePath, { encoding: 'utf8' });
+  const parsed = JSON.parse(raw) as any;
+
+  if (!parsed || typeof parsed !== 'object' || !Array.isArray(parsed.data)) {
+    throw new Error(
+      `Input file ${INPUT_FILE} does not contain a 'data' array.`,
+    );
   }
-  return data.data as EncryptedKeyRecord[];
+
+  return parsed.data as EncryptedKeyRecord[];
 }
 
-function findEncryptedKeyForAddress(
+function findRecordForAddress(
   records: EncryptedKeyRecord[],
   myAddress: string,
 ): string | undefined {
   const target = myAddress.toLowerCase();
   for (const item of records) {
-    const addr = (
-      item.signing_address ||
-      item.identity_address ||
-      ''
-    ).toString();
+    const addr = item.signing_policy_address?.toString();
     if (addr && addr.toLowerCase() === target) {
       return item.encrypted_API_key;
     }
@@ -140,15 +139,15 @@ async function main(): Promise<void> {
     const wallet = new ethers.Wallet(privateKeyHex);
     const myAddress = wallet.address;
 
-    console.log(`Derived signing policy address: ${myAddress}`);
+    console.log(`Decrypting key for signing policy address: ${myAddress}`);
+    console.log(`Reading keys from file: ${INPUT_FILE}`);
 
-    const records = await fetchEncryptedKeys();
-    const encryptedKey = findEncryptedKeyForAddress(records, myAddress);
+    const records = loadAllKeysFromFile();
+    const encryptedKey = findRecordForAddress(records, myAddress);
 
     if (!encryptedKey) {
       throw new Error(`No encrypted key found for address ${myAddress}.`);
     }
-    console.log('Found encrypted key. Decrypting...');
 
     const apiKey = decryptIgniteKey(privateKeyHex, myAddress, encryptedKey);
 
