feat: plat-6873 add storage documentation (#395)

* chore: initial

* feat: add repos logic and config processing logic

* chore: fixes

* chore: imprve env sync_nonce and add service info log

* chore: lint

* chore: add notifications crud endpoints

* chore: add notification request validations

* chore: initial work for notificaitons crud

* chore: fix openapi generation

* chore: improvements

* chore: improvements

* chore: improvements

* chore: impr

* chore: intial signers crud impl

* chore: improvements

* chore: refactor

* chore: impr

* refactor + remove vault cloud due to deprecation of service

* chore: impr

* chore: fix clippy

* chore: fixes

* chore: add noboost comments

* chore: typo

* chore: stellar

* chore: noboost

* feat: plat-6845 implement relayer models

* chore: improvements

* chore: improvements

* chore: impr

* chore: implement merge patch logic for relayer

* chore: improvements

* chore: improvements

* chore: impr

* chore: clippy

* chore: cleanup

* chore: add controller tests

* chore: more contrller tests

* chore: resolve bug

* chore: tests

* chore: more tests

* chore: fixes

* chore: impr

* chore: add nosemgrep rule

* feat: securely store secrets in storage

* chore: allow starting service with empty config

* chore: improvements

* chore: clippy

* chore: pr suggestions

* chore: impr

* chore: improvements

* chore: format

* chore: improvements

* feat: plat-6864 impre response schema and revert some model name changes to avoid sdk breaking changes

* feat: add support for transaction expiration

* chore: clippy

* feat: plat-6873 add storage documentation

* chore: PR suggestion

* chore: leftover

* chore: PR suggestion

Author: zeljkoX

README.md

@@ -53,11 +53,12 @@ The repository includes several ready-to-use examples to help you get started wi
 | Example                                                      | Description                               |
 | ------------------------------------------------------------ | ----------------------------------------- |
 | [`basic-example`](./examples/basic-example/)                 | Simple setup with Redis                   |
+| [`redis-storage`](./examples/redis-storage/)                 | Simple setup with Redis for storage       |
 | [`basic-example-logging`](./examples/basic-example-logging/) | Configuration with file-based logging     |
 | [`basic-example-metrics`](./examples/basic-example-metrics/) | Setup with Prometheus and Grafana metrics |
-| [`vault-secret-signer`](./examples/vault-secret-signer/) | Using HashiCorp Vault for key management |
-| [`vault-transit-signer`](./examples/vault-transit-signer/) | Using Vault Transit for secure signing |
-| [`evm-turnkey-signer`](./examples/evm-turnkey-signer/) | Using Turnkey Signer for EVM secure signing |
+| [`vault-secret-signer`](./examples/vault-secret-signer/) | Using HashiCorp Vault for key management      |
+| [`vault-transit-signer`](./examples/vault-transit-signer/) | Using Vault Transit for secure signing      |
+| [`evm-turnkey-signer`](./examples/evm-turnkey-signer/) | Using Turnkey Signer for EVM secure signing     |
 | [`solana-turnkey-signer`](./examples/solana-turnkey-signer/) | Using Turnkey Signer for Solana secure signing |
 | [`solana-google-cloud-kms-signer`](./examples/solana-google-cloud-kms-signer/) | Using Google Cloud KMS Signer for Solana secure signing |
 | [`network-configuration-config-file`](./examples/network-configuration-config-file/) | Using Custom network configuration via config file |
@@ -286,6 +287,8 @@ Create `.env` with correct values according to your needs from `.env.example` fi
 cp .env.example .env
 ```
 
+> **Note**: After the service is running, all configuration components (relayers, signers, notifications) can also be managed via REST API endpoints for runtime changes. See the [Configuration Guide](https://docs.openzeppelin.com/relayer/configuration) for details on API-based configuration management.
+
 ### Creating a Signer
 
 To create a new signer keystore, use the provided key generation tool:

docs/modules/ROOT/nav.adoc

@@ -3,6 +3,7 @@
 * xref:configuration.adoc[Configuration]
 ** xref:signers.adoc[Signers]
 ** xref:network_configuration.adoc[Network Configuration]
+** xref:storage.adoc[Storage Configuration]
 * xref:evm.adoc[EVM Integration]
 * xref:solana.adoc[Solana Integration]
 * xref:stellar.adoc[Stellar Integration]

docs/modules/ROOT/pages/configuration.adoc

@@ -8,12 +8,18 @@ Please ensure appropriate access permissions on all configuration files (for `./
 
 [IMPORTANT]
 ====
-The configuration system consists of two main components:
+The OpenZeppelin Relayer supports two configuration approaches:
 
+**File-based Configuration:**
 1. **`config.json`**: Contains relayer definitions, signer configurations, and network policies
 2. **`.env`** file: Contains environment variables like API keys and connection strings
 
-Both files must be properly configured before starting the application. Changes to either file require restarting the container to take effect.
+**API-based Configuration:**
+- Full CRUD operations for relayers, signers, and notifications via REST API
+- Changes take effect immediately (no container restart required)
+- See the **API Reference** page for detailed endpoints documentation
+
+See xref:storage.adoc[Storage Configuration] for detailed information about how file-based and API-based configurations work together, storage behavior, and best practices.
 
 For quick setup examples with pre-configured files, see the https://github.com/OpenZeppelin/openzeppelin-relayer/tree/main/examples[examples directory] in our GitHub repository.
 ====
@@ -40,6 +46,21 @@ This table lists the environment variables and their default values.
 | `info, debug, warn, error, trace`
 | Log level.
 
+| `REPOSITORY_STORAGE_TYPE`
+| `in-memory`
+| `in-memory, redis`
+| Type of storage used for storing repository config and resources. See xref:storage.adoc[Storage Configuration] for detailed information.
+
+| `RESET_STORAGE_ON_START`
+| `false`
+| `bool`
+| Clears all resources from storage on startup and reloads entries from the config file. See xref:storage.adoc[Storage Configuration] for usage details.
+
+| `TRANSACTION_EXPIRATION_HOURS`
+| `4`
+| `number`
+| Number of hours after which transactions in a final state are removed from storage. See xref:storage.adoc[Storage Configuration] for more information.
+
 | `CONFIG_DIR`
 | `./config`
 | `<any relative file path where config.json is located>`
@@ -98,18 +119,22 @@ This table lists the environment variables and their default values.
 | `REDIS_URL`
 | `redis://localhost:6379`
 | `<redis connection string>`
-| Redis connection URL for the relayer.
+| Redis connection URL for the relayer. See xref:storage.adoc[Storage Configuration] for Redis setup details.
 
 | `REDIS_CONNECTION_TIMEOUT_MS`
 | `10000`
 | `<timeout in milliseconds>`
-| Connection timeout for Redis in milliseconds.
+| Connection timeout for Redis in milliseconds. See xref:storage.adoc[Storage Configuration] for Redis configuration.
 
 | `REDIS_KEY_PREFIX`
 | `oz-relayer`
 | `string`
-| Redis key prefix
+| Redis key prefix for namespacing. See xref:storage.adoc[Storage Configuration] for more information.
 
+| `STORAGE_ENCRYPTION_KEY`
+| ``
+| `string`
+| Encryption key used to encrypt data at rest in Redis storage. See xref:storage.adoc[Storage Configuration] for security details.
 
 | `RPC_TIMEOUT_MS`
 | `10000`
@@ -173,18 +198,20 @@ PROVIDER_RETRY_MAX_DELAY_MS=2000
 PROVIDER_MAX_FAILOVERS=3
 ENABLE_SWAGGER=false
 KEYSTORE_PASSPHRASE=your_keystore_passphrase
+STORAGE_ENCRYPTION_KEY=X67aXacJB+krEldv9i2w7NCSFwwOzVV/1ELM2KJJjQw=
+REPOSITORY_STORAGE_TYPE=redis
+RESET_STORAGE_ON_START=false
+TRANSACTION_EXPIRATION_HOURS=8
 ```
 
 == Main configuration file (config.json)
 
 This file can exist in any directory, but the default location is `./config/config.json`.
 
-Copy the example config file and update values according to your needs
-
-[source,bash]
-----
-cp config/config.example.json config/config.json
-----
+[NOTE]
+====
+All components defined in `config.json` can also be managed via REST API endpoints. This provides runtime flexibility for adding, updating, or removing relayers, signers, and notifications without restarting the service. See the **API Reference** page for detailed endpoints documentation.
+====
 
 Key sections in this file include:
 
@@ -196,22 +223,28 @@ Key sections in this file include:
 
 === 1. Signers
 
-Transaction signers are responsible for cryptographically signing transactions before they are submitted to blockchain networks. The `signers` array must contain at least one valid signer configuration.
+Transaction signers are responsible for cryptographically signing transactions before they are submitted to blockchain networks.
 
 For comprehensive details on configuring all supported signer types including:
 
 - Local keystore file signers
-- HashiCorp Vault (secret, cloud, and transit)
+- HashiCorp Vault (secret and transit)
 - Cloud KMS providers (Google Cloud, AWS)
 - Turnkey signers
 - Security best practices and troubleshooting
 
 See the dedicated xref:signers.adoc[Signers Configuration] guide.
 
+[TIP]
+====
+Signers can also be managed via API endpoints.
+
+See the **API Reference** page for detailed endpoints documentation.
+====
 
 === 2. Notifications
 
-* `notifications` array, which should contain, at least, one valid configuration:
+* `notifications` array containing notification entries:
 
 [source,json]
 ----
@@ -253,9 +286,16 @@ Available configuration fields
 |Signing key value, env variable name, ...
 |===
 
+[TIP]
+====
+Notifications can also be managed via API endpoints.
+
+See the **API Reference** page for detailed endpoints documentation.
+====
+
 === 3. Relayers
 
-* `relayers` array, containing at least one valid relayer configuration:
+* `relayers` array, containing relayer entries:
 
 [source,json]
 ----
@@ -469,6 +509,14 @@ When using custom RPC URLs:
 * If a weight is not specified for an endpoint, it defaults to 100.
 ====
 
+[TIP]
+====
+Relayers could also be managed via API endpoints.
+
+See the **API Reference** page for detailed endpoints documentation.
+====
+
+
 === 4. Plugins
 
 For more information on how to write a plugin, please refer to the xref:plugins.adoc[Plugins] page.
@@ -684,3 +732,24 @@ Full `config/config.json` example with evm and solana relayers definitions using
   ]
 }
 ----
+
+== Configuration Management Approaches
+
+The OpenZeppelin Relayer supports two complementary approaches for configuration management:
+
+=== File-based Configuration
+- Ideal for initial setup and deployment
+- Configuration persists across restarts
+- Requires container restart for changes to take effect
+- Suitable for infrastructure-as-code workflows
+
+=== API-based Configuration  
+- Enables runtime configuration changes
+- No service restarts required
+- Perfect for dynamic environments
+- Supports automated configuration management
+
+[NOTE]
+====
+See xref:storage.adoc[Storage Configuration] for detailed information about how file-based and API-based configurations work together, storage behavior, and best practices.
+====

docs/modules/ROOT/pages/index.adoc

@@ -231,6 +231,7 @@ For quick setup with various configurations, check the https://github.com/OpenZe
 * `evm-gcp-kms-signer`: Using Google Cloud KMS for EVM secure signing
 * `evm-turnkey-signer`: Using Turnkey for EVM secure signing
 * `solana-turnkey-signer`:  Using Turnkey for Solana secure signing
+* `redis-storage`: Using Redis for Storage 
 * `network-configuration-config-file`: Using Custom network configuration via config file
 * `network-configuration-json-file`: Using Custom network configuration via JSON file
 
@@ -311,14 +312,22 @@ DOCKERFILE=Dockerfile.production docker compose up -d
 
 == Configuration
 
-OpenZeppelin Relayer requires proper configuration before starting. The configuration system uses two main files:
+OpenZeppelin Relayer supports two configuration approaches:
 
+**File-based Configuration:**
 - **`config.json`**: Contains relayer definitions, signer configurations, and network policies
 - **`.env`**: Contains environment variables like API keys and connection strings
 
+**API-based Configuration:**
+- Runtime configuration management via REST API
+- No service restarts required for configuration changes
+- Full CRUD operations for relayers, signers, and notifications
+
 [IMPORTANT]
 ====
-Both configuration files must be properly set up before starting the application. Changes to either file require restarting the container to take effect.
+Both approaches can be used together. File-based configuration is loaded on startup, while API changes provide runtime flexibility. Changes to environment variables (`.env`) always require restarting the container.
+
+When used together, API changes are not synced to file-based configuration. File-based configuration is loaded only once when using persistent storage mode.
 
 For quick setup examples with pre-configured files, see the https://github.com/OpenZeppelin/openzeppelin-relayer/tree/main/examples[examples directory] in our GitHub repository.
 ====

docs/modules/ROOT/pages/signers.adoc

@@ -5,7 +5,7 @@
 
 Signers are responsible for cryptographically signing transactions before they are submitted to blockchain networks. OpenZeppelin Relayer supports multiple signer types to accommodate different security requirements and infrastructure setups.
 
-The `signers` array in your configuration must contain at least one valid signer configuration. Each signer is referenced by its `id` in relayer configurations.
+Each signer is referenced by its `id` in relayer configurations.
 
 == Configuration Structure