feat: Plat-6681 expose crud api endpoints

.github/workflows/ci.yaml

@@ -231,23 +231,22 @@ jobs:
           LLVM_PROFILE_FILE: unit-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --lib --ignore-filename-regex "(.*/relayer_docs\.rs$|src/repositories/.*/.*_redis\.rs$)" --lcov --output-path unit-lcov.info
-
+        run: cargo hack llvm-cov --locked --lib --ignore-filename-regex "(src/api/routes/docs/.*_docs\.rs$|src/repositories/.*/.*_redis\.rs$)" --lcov --output-path unit-lcov.info
       # Integration tests coverage
       - name: Run Integration Tests and Generate Coverage Report
         env:
           LLVM_PROFILE_FILE: integration-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$" --lcov --output-path integration-lcov.info --test integration
+        run: cargo hack llvm-cov --locked --ignore-filename-regex "(src/api/routes/docs/.*_docs\.rs$|src/repositories/.*/.*_redis\.rs$)" --lcov --output-path integration-lcov.info --test integration
 
       # Properties tests coverage
       - name: Run Properties Tests
         env:
           LLVM_PROFILE_FILE: properties-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$" --lcov --output-path properties-lcov.info --test properties
+        run: cargo hack llvm-cov --locked --ignore-filename-regex "(src/api/routes/docs/.*_docs\.rs$|src/repositories/.*/.*_redis\.rs$)" --lcov --output-path properties-lcov.info --test properties
 
       # Upload unit coverage
       - name: Upload Unit Coverage to Codecov

Cargo.toml

@@ -29,6 +29,7 @@ async-trait = "0.1"
 actix-rt = "2.0.0"
 alloy = { version = "0.9", features = ["full"] }
 serde_json = "1"
+json-patch = "4.0"
 strum = { version = "0.27", default-features = false, features = ["derive"] }
 strum_macros = "0.27"
 serde = { version = "1.0", features = ["derive", "alloc"] }
@@ -75,6 +76,7 @@ secrets = { version = "1.2"}
 libsodium-sys = "0.2.7"
 zeroize = "1.8"
 subtle = "2.6"
+aes-gcm = "0.10"
 ed25519-dalek = "2.2"
 stellar-strkey = "0.0.13"
 soroban-rs = "0.2.5"
@@ -115,6 +117,10 @@ path = "helpers/create_key.rs"
 name = "generate_uuid"
 path = "helpers/generate_uuid.rs"
 
+[[example]]
+name = "generate_encryption_key"
+path = "helpers/generate_encyption_key.rs"
+
 [[example]]
 name = "generate_openapi"
 path = "helpers/generate_openapi.rs"

docs/modules/ROOT/pages/signers.adoc

@@ -33,7 +33,6 @@ OpenZeppelin Relayer supports the following signer types:
 
 - `local`: Keystore file signer
 - `vault`: HashiCorp Vault secret signer
-- `vault_cloud`: Hosted HashiCorp Vault secret signer
 - `vault_transit`: HashiCorp Vault Transit signer
 - `turnkey`: Turnkey signer
 - `google_cloud_kms`: Google Cloud KMS signer
@@ -57,11 +56,6 @@ The following table shows which signer types are compatible with each network ty
 |✅ Supported
 |❌ Not supported
 
-|`vault_cloud`
-|✅ Supported
-|✅ Supported
-|❌ Not supported
-
 |`vault_transit`
 |❌ Not supported
 |✅ Supported
@@ -214,63 +208,6 @@ Configuration fields:
 | The mount point for the Secrets engine in Vault. Defaults to `secret` if not explicitly specified. Optional.
 |===
 
-=== Vault Cloud Signer
-
-Uses HashiCorp Vault Cloud (HCP Vault) for key management.
-
-[source,json]
-----
-{
-  "id": "vault-cloud-signer",
-  "type": "vault_cloud",
-  "config": {
-    "client_id": "your-client-id",
-    "client_secret": {
-      "type": "env",
-      "value": "VAULT_CLOUD_CLIENT_SECRET"
-    },
-    "org_id": "your-org-id",
-    "project_id": "your-project-id",
-    "app_name": "relayer-app",
-    "key_name": "signing-key"
-  }
-}
-----
-
-Configuration fields:
-[cols="1,1,2"]
-|===
-|Field |Type |Description
-
-| client_id
-| String
-| The client identifier used to authenticate with Vault Cloud
-
-| client_secret.type
-| String
-| Type of value source (`env` or `plain`)
-
-| client_secret.value
-| String
-| The Vault secret value, or the environment variable name where the secret value is stored
-
-| org_id
-| String
-| The organization ID for your Vault Cloud account
-
-| project_id
-| String
-| The project ID that uniquely identifies your Vault Cloud project
-
-| app_name
-| String
-| The name of the application integrating with Vault Cloud
-
-| key_name
-| String
-| The name of the cryptographic key used for signing or encryption operations in Vault Cloud
-|===
-
 === Vault Transit Signer
 
 Uses HashiCorp Vault's Transit secrets engine for cryptographic operations.

docs/modules/ROOT/pages/solana.adoc

@@ -64,7 +64,6 @@ For detailed network configuration options, see the xref:network_configuration.a
 - `google_cloud_kms` (hosted)
 - `local` (local)
 - `vault` (local)
-- `vault_cloud` (local)
 
 [NOTE]
 ====

helpers/generate_encyption_key.rs

@@ -0,0 +1,54 @@
+//! Encryption Key Generation Tool
+//!
+//! This tool generates a random 32-byte base64-encoded encryption key and prints it to the console.
+//!
+//! Other tools can be used to generate key like:
+//!
+//! ```bash
+//! openssl rand -base64 32
+//! ```
+//!
+//! # Usage
+//!
+//! ```bash
+//! cargo run --example generate_encryption_key
+//! ```
+use eyre::Result;
+use openzeppelin_relayer::utils::generate_encryption_key;
+
+/// Main entry point for encryption key generation tool
+fn main() -> Result<()> {
+    let encryption_key = generate_encryption_key();
+    println!("Generated new encryption key: {}", encryption_key);
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use base64::{engine::general_purpose, Engine as _};
+
+    #[test]
+    fn test_encryption_key_generation() {
+        let key = generate_encryption_key();
+
+        let key_string = key;
+        assert!(!key_string.is_empty(), "Generated key should not be empty");
+
+        // Verify it's valid base64
+        let decoded = general_purpose::STANDARD.decode(&key_string);
+        assert!(decoded.is_ok(), "Generated key is not valid base64");
+
+        // Verify it's 32 bytes when decoded
+        let decoded_bytes = decoded.unwrap();
+        assert_eq!(decoded_bytes.len(), 32, "Decoded key should be 32 bytes");
+    }
+
+    #[test]
+    fn test_multiple_keys_are_different() {
+        let key1 = generate_encryption_key();
+        let key2 = generate_encryption_key();
+
+        assert_ne!(key1, key2, "Two generated keys should be different");
+    }
+}

src/api/controllers/mod.rs

@@ -6,6 +6,10 @@
 //!
 //! * `relayer` - Transaction and relayer management endpoints
 //! * `plugin` - Plugin endpoints
+//! * `notifications` - Notification management endpoints  
+//! * `signers` - Signer management endpoints
 
+pub mod notification;
 pub mod plugin;
 pub mod relayer;
+pub mod signer;