search

openwallet-foundation / acapy

ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments.
https://aca-py.org
Apache License 2.0
420 stars 513 forks source link

Cleanup local tails file after being uploaded into tails-server #2032

Closed pradeepp88 closed 1 year ago

pradeepp88 commented 1 year ago

Currently the tails file is created in the local path /home/indy/.indy_client/tails of Aca-Py agent. This file is later uploaded to tails server after which it becomes available for download. As we create multiple credential definitions and revocation registries, number of tails files gets more and occupies space in local volume of Aca-Py agent.

I looked for options to do this via admin API, but couldn't find any.

Opening this issue to figure out if we need to add an endpoint in the admin API to delete the local tails file either via

Looking for inputs if this is feasible or will disturb any other internal process/workflow.

swcurran commented 1 year ago

It's a bit of a tricky question. The danger of the idea is that if you delete a production tails file, you can't ever get it back, meaning that you can't issue new credentials using that RevReg, and if holders have not cached the tails file, they can't use their credential. In production you probably don't want to ever delete files unless you know for sure they are not in use -- which isn't likely to be often.

For a non-production site, it might make sense -- for example, if your developers and CI/CD pipeline are using a development tails service. In that case, you might want to delete the tails file, but you have to be careful again that are you not deleting something in use. However, in this case, its likely that you have reset the test issuer you created and you no longer have the ID for the rev_reg you want to delete. When that happens, the API is useless. Perhaps just a cleanup script might be good enough. But again, you have to be careful if you have some rev_regs in test that are long lasting, and others that are used for test and never looked at again.

pradeepp88 commented 1 year ago

@swcurran thanks for your reply. Just to add more details and context, we have a tails-server (https://github.com/bcgov/indy-tails-server) running which stores the tails files. We upload the tails file from the local volume where Aca-Py agent is running by making a PUT call in the admin API endpoint /revocation​/registry​/{rev_reg_id}​/tails-file. We can use the same endpoint to download the tails file from the tails-server by making a GET call. And we also save these details on the indy-ledger with the endpoint /revocation/registry/{rev_reg_id}/definition.

As the tails files are available and saved in the tails-server which can also be downloaded and tracked on ledger, the local copy becomes obsolete. Please correct me if I am wrong, thanks.

swcurran commented 1 year ago

Doh... Nevermind :-). I can't think that a backup of the tails files on the local ACA-Py are needed, so a cleanup seems like the right thing to do.

pradeepp88 commented 1 year ago

This issue is resolved by #2103.