Add a command to generate a secret key

Cargo.toml

@@ -9,7 +9,7 @@ borsh = "0.9.3"
 clap = { version = "4.5.39", features = ["derive", "env"] }
 hex = { version = "0.4.3", features = ["serde"] }
 reqwest = { version = "0.12.19", features = ["json"] }
-secp256k1 = { version = "0.31.0", features = ["recovery"] }
+secp256k1 = { version = "0.30.0", features = ["recovery", "rand"] }
 serde = "1.0.219"
 serde_wormhole = "0.1.0"
 sha3 = "0.10.8"
@@ -19,6 +19,7 @@ solana-sdk = "2.2.2"
 tokio = "1.45.1"
 tokio-stream = "0.1.17"
 tracing = "0.1.41"
+tracing-subscriber = { version = "0.3.19", features = ["env-filter", "json"] }
 wormhole-vaas-serde = "0.1.0"
 
 [dev-dependencies]

README.md

@@ -23,9 +23,10 @@ cargo build
 ### ▶️ Run the Project
 
 You can run the project using `cargo run` by passing the required flags:
+Make sure to set `RUST_LOG=INFO` to enable logs from tracing:
 
 ```bash
-cargo run -- \
+RUST_LOG=INFO cargo run -- run \
   --pythnet-url wss://api2.pythnet.pyth.network \
   --server-url https://watcher.pyth.network \
   --secret-key /path/to/secret.key \
@@ -44,11 +45,23 @@ export SERVER_URL=https://watcher.pyth.network
 export SECRET_KEY=/path/to/secret.key
 export WORMHOLE_PID=H3fxXJ86ADW2PNuDDmZJg6mzTtPxkYCpNuQUTgmJ7AjU
 
-cargo run
+RUST_LOG=INFO cargo run
 ```
 
 ---
 
+### 🔑 Generate a Secret Key
+
+To generate a new secp256k1 secret key and write it to a file:
+
+```bash
+RUST_LOG=INFO cargo run -- generate-key --output-file .secret
+```
+
+This will save the key in raw byte format to the file named `.secret`.
+
+---
+
 ### 🧪 Testing Locally
 
 To test in a non-production environment (e.g. with devnet or a local Pythnet fork), just provide a different `--pythnet-url`, and `--server-url`, and optionally use custom `--wormhole-pid`.

src/api_client.rs

@@ -44,7 +44,7 @@ impl<P: Serialize> Observation<P> {
     pub fn try_new(body: Body<P>, secret_key: SecretKey) -> Result<Self, anyhow::Error> {
         let digest = body.digest()?;
         let signature = Secp256k1::new()
-            .sign_ecdsa_recoverable(Message::from_digest(digest.secp256k_hash), &secret_key);
+            .sign_ecdsa_recoverable(&Message::from_digest(digest.secp256k_hash), &secret_key);
         let (recovery_id, signature_bytes) = signature.serialize_compact();
         let recovery_id: i32 = recovery_id.into();
         let mut signature = [0u8; 65];
@@ -126,7 +126,7 @@ mod tests {
 
     #[test]
     fn test_new_signed_observation() {
-        let secret_key = SecretKey::from_byte_array([1u8; 32]).expect("Invalid secret key length");
+        let secret_key = SecretKey::from_byte_array(&[1u8; 32]).expect("Invalid secret key length");
         let body = Body {
             timestamp: 1234567890,
             nonce: 42,
@@ -154,7 +154,7 @@ mod tests {
                 .expect("Invalid recoverable signature");
 
         let pubkey = secp
-            .recover_ecdsa(message, &recoverable_sig)
+            .recover_ecdsa(&message, &recoverable_sig)
             .expect("Failed to recover pubkey");
 
         let expected_pubkey = PublicKey::from_secret_key(&secp, &secret_key);

src/config.rs

@@ -18,3 +18,18 @@ pub struct RunOptions {
     #[arg(long = "server-url", env = "SERVER_URL")]
     pub server_url: String,
 }
+
+#[derive(Parser, Clone, Debug)]
+pub struct GenerateKeyOptions {
+    /// Output path for the generated secret key.
+    #[arg(long = "output-file", env = "OUTPUT_FILE")]
+    pub output_path: String,
+}
+
+#[derive(Parser, Debug)]
+pub enum Command {
+    /// Run the auction server service.
+    Run(RunOptions),
+    /// Run db migrations and exit.
+    GenerateKey(GenerateKeyOptions),
+}