feat(key-manager): move private key storage to kms-local (#661)

BREAKING CHANGE: `keyManagetGet` no longer returns private key data
BREAKING CHANGE: `KeyStore` no longer requires a `SecretBox`
BREAKING CHANGE: `KeyManagementSystem` needs a `PrivateKeyStore`
BREAKING CHANGE: @veramo/cli configuration version update to 3.0

If you're already working with Veramo and wish to upgrade existing agents to veramo 3.0, you'll have to make some changes to your configuration, depending on how you're using the framework.

It boils down to these 3 steps:

1. Update your database connection to use migrations
2. Remove the `SecretBox` parameter from `KeyManager`
3. Add a `PrivateKeyStore` parameter to `KeyManagementSystem` with a `SecretBox` that you were using before with `KeyManager` (and keep the same encryption key)

* feat(key-manager): move private key storage to kms-local

fixes #539
fixes #540
fixes #680

* feat(data-store): add migration of key stores

* fix(data-store): fix usage of where clause for queries

* refactor(kms-local): simplify constructor for KeyManagementSystem

* style: remove scar tissue and unused code

Author: mirceanis

__tests__/fixtures/local-database-before-3.0.sqlite

@@ -1,4 +1,4 @@
-import { createAgent, TAgent, IDIDManager, IResolver, IKeyManager, IDataStore } from '@veramo/core/src'
+import { createAgent, TAgent, IDIDManager, IResolver, IKeyManager, IDataStore } from '../packages/core/src'
 import { DIDResolverPlugin } from '../packages/did-resolver/src'
 import { EthrDIDProvider } from '../packages/did-provider-ethr/src'
 import { WebDIDProvider } from '../packages/did-provider-web/src'
@@ -13,13 +13,14 @@ import {
   KeyStore,
   DIDStore,
   migrations,
+  PrivateKeyStore,
 } from '../packages/data-store/src'
-import { createConnection, Connection } from 'typeorm'
 import { getDidKeyResolver } from '../packages/did-provider-key/src'
 import { KeyManager } from '../packages/key-manager/src'
 import { DIDManager } from '../packages/did-manager/src'
 import { FakeDidProvider, FakeDidResolver } from './utils/fake-did'
 
+import { createConnection, Connection } from 'typeorm'
 import { Resolver } from 'did-resolver'
 import { getResolver as ethrDidResolver } from 'ethr-did-resolver'
 import { getResolver as webDidResolver } from 'web-did-resolver'
@@ -32,7 +33,7 @@ const databaseFile = __dirname + '/migrated1.database.sqlite'
 const infuraProjectId = '5ffc47f65c4042ce847ef66a3fa70d4c'
 const secretKey = '29739248cad1bd1a0fc4d9b75cd4d2990de535baf5caadfdf8d8f86664aa830c'
 
-describe('database migration tests', () => {
+describe('database initial migration tests', () => {
   describe('using pre-migration database fixture', () => {
     type TestingAgentPlugins = IDIDManager & IKeyManager & IDataStore & IDataStoreORM & IResolver & IDIDComm
     let agent: TAgent<TestingAgentPlugins>
@@ -58,9 +59,9 @@ describe('database migration tests', () => {
         },
         plugins: [
           new KeyManager({
-            store: new KeyStore(dbConnection, new SecretBox(secretKey)),
+            store: new KeyStore(dbConnection),
             kms: {
-              local: new KeyManagementSystem(),
+              local: new KeyManagementSystem(new PrivateKeyStore(dbConnection, new SecretBox(secretKey))),
             },
           }),
           new DIDManager({
@@ -102,6 +103,7 @@ describe('database migration tests', () => {
     })
 
     it('signs using a migrated key', async () => {
+      expect.assertions(2)
       // output of agent.keyManagerGet() before migration
       const key = {
         kid: '048bb0844ebbcf434048862008991b01cdebb564207f0cea08e5c8d925cec3542bb4c8c1630f38a6b05528ec7460139fe0978bf34a1e4ff32ec210bbaed98dddda',
@@ -128,12 +130,16 @@ describe('database migration tests', () => {
     })
 
     it('reads a credential by hash', async () => {
-      const cred = await agent.dataStoreGetVerifiableCredential({hash: '133b9636e2fe2b7a77b88ca5d81998773b8bc3ebe0b1f3f80dc419dfa0bb797bea779ba0946d603c3ea8611fee5148395894f327661531929294a61589d4d0e7'})
+      const cred = await agent.dataStoreGetVerifiableCredential({
+        hash: '133b9636e2fe2b7a77b88ca5d81998773b8bc3ebe0b1f3f80dc419dfa0bb797bea779ba0946d603c3ea8611fee5148395894f327661531929294a61589d4d0e7',
+      })
       expect(cred.credentialSubject.name).toEqual('Alice')
     })
 
     it('reads a presentation by hash', async () => {
-      const cred = await agent.dataStoreGetVerifiablePresentation({hash: '4cfe965596a0d343ff2cc02afd32068bced34caa2b1e7e3f253b23e420de106b58a613f06f55d9d9cbbdbe0b0f051a45d44404020b123c58f0ee48bdaeafdc90'})
+      const cred = await agent.dataStoreGetVerifiablePresentation({
+        hash: '4cfe965596a0d343ff2cc02afd32068bced34caa2b1e7e3f253b23e420de106b58a613f06f55d9d9cbbdbe0b0f051a45d44404020b123c58f0ee48bdaeafdc90',
+      })
       expect(cred?.verifiableCredential?.[0]?.credentialSubject?.name).toEqual('Alice')
     })
 
@@ -144,15 +150,25 @@ describe('database migration tests', () => {
 
     it('reads existing message with attachments', async () => {
       const msgs = await agent.dataStoreORMGetMessages({
-        where: [{column: 'id', value: ['13065b8bb97cd37410f4f43cfa878f396aa906701e70c7e2bb86c5de1fe1351a41fb05f445cb68b1ba2805858db619ddd26c71e30a0079c200843d52276213d8']}]
+        where: [
+          {
+            column: 'id',
+            value: [
+              '13065b8bb97cd37410f4f43cfa878f396aa906701e70c7e2bb86c5de1fe1351a41fb05f445cb68b1ba2805858db619ddd26c71e30a0079c200843d52276213d8',
+            ],
+          },
+        ],
       })
       expect(msgs[0]?.presentations?.length).toEqual(1)
       expect(msgs[0]?.credentials?.length).toEqual(1)
     })
 
     it('reads a credential by claim', async () => {
       const creds = await agent.dataStoreORMGetVerifiableCredentialsByClaims({
-        where: [{ column: 'type', value: ['name'] }, { column: 'value', value: ['Alice']}]
+        where: [
+          { column: 'type', value: ['name'] },
+          { column: 'value', value: ['Alice'] },
+        ],
       })
       expect(creds.length).toEqual(1)
     })