Document why we use a separate, specific file for the onchain key man…

…ager Using a new signer section is eclair.conf would be simpler but "leaks" because it becomes available everywhere in the code through the actor system's settings instead of being contained to where it is actually needed and could potentially be exposed through a bug that "exports" the configuration (through logs, ....) though this is highly unlikely.
ACINQ · Aug 17, 2023 · 728e38d · 728e38d
1 parent a8067c4
commit 728e38d
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/eclair-core/src/main/scala/fr/acinq/eclair/crypto/keymanager/LocalOnchainKeyManager.scala b/eclair-core/src/main/scala/fr/acinq/eclair/crypto/keymanager/LocalOnchainKeyManager.scala
@@ -17,7 +17,16 @@ import scala.util.Try
 object LocalOnchainKeyManager extends Logging {
   def descriptorChecksum(span: String): String = fr.acinq.bitcoin.Descriptor.checksum(span)
 
+  /**
+   * Load a configuration file and create an onchain key manager
+   *
+   * @param datadir   eclair data directory
+   * @param chainHash chain we're on
+   * @return a LocalOnchainKeyManager instance if a configuration file exists
+   */
   def load(datadir: File, chainHash: ByteVector32): Option[LocalOnchainKeyManager] = {
+    // we use a specific file instead of adding values to eclair's configuration file because it is available everywhere in the code through
+    // the actor system's settings and we'd like to restrict access to the onchain wallet seed
     val file = new File(datadir, "eclair-signer.conf")
     if (file.exists()) {
       val config = ConfigFactory.parseFile(file)