switch from --secret=<hex> to --secret-file=<filename> (#740)

* switch from `--secret=<hex>` to `--secret-file=<filename>`.
Secret can still be specified via the DRAND_SHARE_SECERT env var

cmd/drand-cli/cli.go

@@ -158,9 +158,7 @@ var forceFlag = &cli.BoolFlag{
 // decide to redo the setup, it works in practice well enough.
 // XXX Add a manual check when the group is created so the user manually ACK.
 var secretFlag = &cli.StringFlag{
-	Name:     "secret",
-	EnvVars:  []string{"DRAND_SHARE_SECRET"},
-	Required: true,
+	Name: "secret-file",
 	Usage: "Specify the secret to use when doing the share so the leader knows you are an eligible potential participant." +
 		" must be at least 32 characters.",
 }

cmd/drand-cli/control.go

@@ -3,6 +3,7 @@ package drand
 import (
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"strings"
 	"sync/atomic"
@@ -31,12 +32,30 @@ type shareArgs struct {
 	conf      *core.Config
 }
 
+func (s *shareArgs) loadSecret(c *cli.Context) error {
+	secret := os.Getenv("DRAND_SHARE_SECRET")
+	if c.IsSet(secretFlag.Name) {
+		bytes, err := ioutil.ReadFile(c.String(secretFlag.Name))
+		if err != nil {
+			return err
+		}
+		secret = string(bytes)
+	}
+	if secret == "" {
+		return fmt.Errorf("no secret specified for share")
+	}
+	if len(secret) < minimumShareSecretLength {
+		return fmt.Errorf("secret is insecure. Should be at least %d characters", minimumShareSecretLength)
+	}
+	s.secret = secret
+	return nil
+}
+
 func getShareArgs(c *cli.Context) (*shareArgs, error) {
 	var err error
 	args := new(shareArgs)
-	args.secret = c.String(secretFlag.Name)
-	if len(args.secret) < minimumShareSecretLength {
-		return nil, fmt.Errorf("secret is insecure. Should be at least %d characters", minimumShareSecretLength)
+	if err := args.loadSecret(c); err != nil {
+		return nil, err
 	}
 
 	args.isTLS = !c.IsSet(insecureFlag.Name)

demo/node/node_subprocess.go

@@ -173,7 +173,6 @@ func (n *NodeProc) Index() int {
 func (n *NodeProc) RunDKG(nodes, thr int, timeout string, leader bool, leaderAddr string, beaconOffset int) *key.Group {
 	args := []string{"share", "--control", n.ctrl}
 	args = append(args, pair("--out", n.groupPath)...)
-	args = append(args, pair("--secret", secretDKG)...)
 	if leader {
 		args = append(args, "--leader")
 		args = append(args, pair("--nodes", strconv.Itoa(nodes))...)
@@ -191,6 +190,7 @@ func (n *NodeProc) RunDKG(nodes, thr int, timeout string, leader bool, leaderAdd
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	cmd := exec.CommandContext(ctx, n.binary, args...)
+	cmd.Env = append(os.Environ(), "DRAND_SHARE_SECRET="+secretDKG)
 	out := runCommand(cmd)
 	fmt.Println(n.priv.Public.Address(), "FINISHED DKG", string(out))
 	group := new(key.Group)
@@ -213,7 +213,6 @@ func (n *NodeProc) RunReshare(nodes, thr int, oldGroup string, timeout string, l
 	args := []string{"share"}
 	args = append(args, pair("--out", n.groupPath)...)
 	args = append(args, pair("--control", n.ctrl)...)
-	args = append(args, pair("--secret", secretReshare)...)
 	if oldGroup != "" {
 		// only append if we are a new node
 		args = append(args, pair("--from", oldGroup)...)
@@ -235,6 +234,7 @@ func (n *NodeProc) RunReshare(nodes, thr int, oldGroup string, timeout string, l
 		}
 	}
 	cmd := exec.Command(n.binary, args...)
+	cmd.Env = append(os.Environ(), "DRAND_SHARE_SECRET="+secretReshare)
 	runCommand(cmd, fmt.Sprintf("drand node %s", n.privAddr))
 	group := new(key.Group)
 	checkErr(key.Load(n.groupPath, group))