Skip to content
This repository has been archived by the owner on Oct 3, 2024. It is now read-only.

fix: added warning about using private keys in plaintext #1031

Closed
wants to merge 3 commits into from
Closed

fix: added warning about using private keys in plaintext #1031

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
daeb22a
fix: added warning about using private keys in plaintext
PatrickAlphaC Apr 25, 2024
36694c8
feat: added section for private key management, and added warnings
PatrickAlphaC May 1, 2024
1144499
Merge branch 'main' into add-warning-about-private-keys
dutterbutter May 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .../tutorials/smart-contract-development/account-abstraction/custom-aa-tutorial.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -842,6 +842,12 @@ Make sure you deposit funds on zkSync Era using [one of the available bridges](h

1. In the `deploy` folder, create the file `deploy-factory.ts` and copy/paste the following code, replacing `<WALLET_PRIVATE_KET>` with your private key.

::: warning
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's please update all instances where this warning should be added. I believe the other tutorials also need this warning.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

Remember to use a private key that only has testnet funds if you are going to paste your private key in plaintext. It is recommended to [never have a private key associated with real funds in plaintext.](https://github.com/Cyfrin/foundry-full-course-f23/discussions/5).

If you wish to use hardhat with real funds, it's recommended to encrypt your key so it's not accidentally exposed.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have a link to an example we can link to for encrypting your Private Key for use with something like Hardhat?

Also, as a general note, the upcoming new docs will lean more on tools like Foundry's cast wallet importto manage keys in a private encrypted keystore automatically for devs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For Hardhat, you have to roll your own encryption script. They recommend using their variables setting, but I don't like it because the keys are still in plaintext and just moved elsewhere.

I have used this example in the past to encrypt and decrypt your own keys. The project has an example of encrypting and decrypting the keys.

cast wallet import is the best way to do key management!! That's great!

I'll add this example to the warning.

:::

```ts
import { utils, Wallet } from "zksync-ethers";
import * as ethers from "ethers";
Expand Down