BitGo · alextse-bg · Oct 27, 2025 · Oct 23, 2025
@@ -96,14 +96,6 @@ parser.addArgument(['--externalSignerUrl'], {
   help: 'URL which specifies the external signing API.',
 });
 
-parser.addArgument(['--enclavedExpressUrl'], {
-  help: 'URL to an Express instance in a secure environment.',
-});
-
-parser.addArgument(['--enclavedExpressSSLCert'], {
-  help: 'Path to the SSL certificate file for communicating with enclavedExpressUrl.',
-});
-
 parser.addArgument(['--signerMode'], {
   action: 'storeConst',
   constant: true,

@@ -38,7 +38,6 @@ import type { ParamsDictionary } from 'express-serve-static-core';
 import * as _ from 'lodash';
 import * as url from 'url';
 import * as superagent from 'superagent';
-import { handlePingEnclavedExpress } from './enclavedExpressRoutes';
 
 // RequestTracer should be extracted into a separate npm package (along with
 // the rest of the BitGoJS HTTP request machinery)
@@ -1752,11 +1751,6 @@ export function setupSigningRoutes(app: express.Application, config: Config): vo
   );
 }
 
-export function setupEnclavedExpressRoutes(app: express.Application, config: Config): void {
-  // Keep the ping endpoint for health checks
-  app.get('/ping/enclavedExpress', parseBody, prepareBitGo(config), promiseWrapper(handlePingEnclavedExpress));
-}
-
 export function setupLightningSignerNodeRoutes(app: express.Application, config: Config): void {
   app.post(
     '/api/v2/:coin/wallet/:id/signermacaroon',

@@ -1,6 +1,5 @@
 import { EnvironmentName, V1Network } from 'bitgo';
 import { isNil, isNumber } from 'lodash';
-import { readFileSync, existsSync } from 'fs';
 import 'dotenv/config';
 
 import { args } from './args';
@@ -39,8 +38,6 @@ export interface Config {
   customBitcoinNetwork?: V1Network;
   authVersion: number;
   externalSignerUrl?: string;
-  enclavedExpressUrl?: string;
-  enclavedExpressSSLCert?: string;
   signerMode?: boolean;
   signerFileSystemPath?: string;
   lightningSignerFileSystemPath?: string;
@@ -67,8 +64,6 @@ export const ArgConfig = (args): Partial<Config> => ({
   customBitcoinNetwork: args.custombitcoinnetwork,
   authVersion: args.authVersion,
   externalSignerUrl: args.externalSignerUrl,
-  enclavedExpressUrl: args.enclavedExpressUrl,
-  enclavedExpressSSLCert: args.enclavedExpressSSLCert,
   signerMode: args.signerMode,
   signerFileSystemPath: args.signerFileSystemPath,
   lightningSignerFileSystemPath: args.lightningSignerFileSystemPath,
@@ -95,8 +90,6 @@ export const EnvConfig = (): Partial<Config> => ({
   customBitcoinNetwork: readEnvVar('BITGO_CUSTOM_BITCOIN_NETWORK') as V1Network,
   authVersion: Number(readEnvVar('BITGO_AUTH_VERSION')),
   externalSignerUrl: readEnvVar('BITGO_EXTERNAL_SIGNER_URL'),
-  enclavedExpressUrl: readEnvVar('BITGO_ENCLAVED_EXPRESS_URL'),
-  enclavedExpressSSLCert: readEnvVar('BITGO_ENCLAVED_EXPRESS_SSL_CERT'),
   signerMode: readEnvVar('BITGO_SIGNER_MODE') ? true : undefined,
   signerFileSystemPath: readEnvVar('BITGO_SIGNER_FILE_SYSTEM_PATH'),
   lightningSignerFileSystemPath: readEnvVar('BITGO_LIGHTNING_SIGNER_FILE_SYSTEM_PATH'),
@@ -117,8 +110,6 @@ export const DefaultConfig: Config = {
   disableEnvCheck: true,
   timeout: 305 * 1000,
   authVersion: 2,
-  enclavedExpressUrl: undefined,
-  enclavedExpressSSLCert: undefined,
 };
 
 /**
@@ -156,8 +147,6 @@ function mergeConfigs(...configs: Partial<Config>[]): Config {
   const disableSSL = get('disableSSL') || false;
   let customRootUri = get('customRootUri');
   let externalSignerUrl = get('externalSignerUrl');
-  let enclavedExpressUrl = get('enclavedExpressUrl');
-  let enclavedExpressSSLCert: string | undefined;
 
   if (disableSSL !== true) {
     if (customRootUri) {
@@ -166,24 +155,6 @@ function mergeConfigs(...configs: Partial<Config>[]): Config {
     if (externalSignerUrl) {
       externalSignerUrl = forceSecureUrl(externalSignerUrl);
     }
-    if (enclavedExpressUrl) {
-      enclavedExpressUrl = forceSecureUrl(enclavedExpressUrl);
-      console.log('Using secure enclaved express URL:', enclavedExpressUrl);
-    }
-    const enclavedExpressSSLCertValue = get('enclavedExpressSSLCert');
-    if (enclavedExpressSSLCertValue) {
-      try {
-        // First try to read it as a file path
-        enclavedExpressSSLCert = existsSync(enclavedExpressSSLCertValue)
-          ? readFileSync(enclavedExpressSSLCertValue, { encoding: 'utf8' })
-          : enclavedExpressSSLCertValue; // If not a file, use the value directly
-        if (existsSync(enclavedExpressSSLCertValue)) {
-          console.log('Successfully loaded SSL cert from:', enclavedExpressSSLCertValue);
-        }
-      } catch (e) {
-        console.error(`Failed to process enclaved express SSL cert: ${enclavedExpressSSLCertValue}`, e);
-      }
-    }
   }
 
   return {
@@ -205,8 +176,6 @@ function mergeConfigs(...configs: Partial<Config>[]): Config {
     customBitcoinNetwork: get('customBitcoinNetwork'),
     authVersion: get('authVersion'),
     externalSignerUrl,
-    enclavedExpressUrl,
-    enclavedExpressSSLCert,
     signerMode: get('signerMode'),
     signerFileSystemPath: get('signerFileSystemPath'),
     lightningSignerFileSystemPath: get('lightningSignerFileSystemPath'),
@@ -215,8 +184,8 @@ function mergeConfigs(...configs: Partial<Config>[]): Config {
   };
 }
 
-export function config(): Config {
+export const config = () => {
   const arg = ArgConfig(args());
   const env = EnvConfig();
   return mergeConfigs(env, arg);
-}
+};
@@ -117,16 +117,7 @@ function createHttpServer(app: express.Application): http.Server {
  */
 export function startup(config: Config, baseUri: string): () => void {
   return function () {
-    const {
-      env,
-      ipc,
-      customRootUri,
-      customBitcoinNetwork,
-      signerMode,
-      lightningSignerFileSystemPath,
-      enclavedExpressUrl,
-      enclavedExpressSSLCert,
-    } = config;
+    const { env, ipc, customRootUri, customBitcoinNetwork, signerMode, lightningSignerFileSystemPath } = config;
     /* eslint-disable no-console */
     console.log('BitGo-Express running');
     console.log(`Environment: ${env}`);
@@ -147,12 +138,6 @@ export function startup(config: Config, baseUri: string): () => void {
     if (lightningSignerFileSystemPath) {
       console.log(`Lightning signer file system path: ${lightningSignerFileSystemPath}`);
     }
-    if (enclavedExpressUrl) {
-      console.log(`Enclaved Express URL: ${enclavedExpressUrl}`);
-      if (enclavedExpressSSLCert) {
-        console.log('Enclaved Express SSL certificate configured');
-      }
-    }
     /* eslint-enable no-console */
   };
 }
@@ -287,8 +272,6 @@ function checkPreconditions(config: Config) {
 export function setupRoutes(app: express.Application, config: Config): void {
   if (config.signerMode) {
     clientRoutes.setupSigningRoutes(app, config);
-  } else if (config.enclavedExpressUrl && config.enclavedExpressSSLCert) {
-    clientRoutes.setupEnclavedExpressRoutes(app, config);
   } else {
     if (config.lightningSignerFileSystemPath) {
       clientRoutes.setupLightningSignerNodeRoutes(app, config);

@@ -123,8 +123,6 @@ describe('Config:', () => {
       BITGO_CUSTOM_ROOT_URI: 'envcustomRootUri',
       BITGO_CUSTOM_BITCOIN_NETWORK: 'envcustomBitcoinNetwork',
       BITGO_EXTERNAL_SIGNER_URL: 'envexternalSignerUrl',
-      BITGO_ENCLAVED_EXPRESS_URL: 'envenclavedExpressUrl',
-      BITGO_ENCLAVED_EXPRESS_SSL_CERT: 'envenclavedExpressSSLCert',
       BITGO_SIGNER_MODE: 'envsignerMode',
       BITGO_SIGNER_FILE_SYSTEM_PATH: 'envsignerFileSystemPath',
       BITGO_LIGHTNING_SIGNER_FILE_SYSTEM_PATH: 'envlightningSignerFileSystemPath',
@@ -181,8 +179,6 @@ describe('Config:', () => {
       customBitcoinNetwork: 'argcustomBitcoinNetwork',
       authVersion: 2,
       externalSignerUrl: 'https://argexternalSignerUrl',
-      enclavedExpressUrl: 'https://argenclavedExpressUrl',
-      enclavedExpressSSLCert: 'argenclavedExpressSSLCert',
       signerMode: 'argsignerMode',
       signerFileSystemPath: 'argsignerFileSystemPath',
       lightningSignerFileSystemPath: 'arglightningSignerFileSystemPath',