A place for developers to talk about building on Farcaster.

/dev

So, I've been messing around for a few months with private key leaks: I purposely pushed a _Base64-encoded_ private key (with a non-empty balance) into a public GitHub repo (don't worry, it's gone now) to see if the scrapers/drainers are slick enough to catch it. Turns out, they missed it (though they might get better after seeing this lol). Rule number one is still to never save your private keys in files. But if you want do it (DON'T DO IT THO!), throw some fancy encoding (and decoding) on it. It'll probably cover your back for a bit, at least.

𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭.

https://github.com/pcaversaccio

So you should not save your keys within a service like last pass?