Content
@
0 reply
0 recast
2 reactions
greg
@gregfromstl
Yes, this was a mistake. BUT it’s also a very clear sign that devtools in this industry have a long way to go. Plaintext private keys (in a .env or not) are WAY TOO COMMON. If you’re trying to work with wallets or smart contracts and need help, lmk. There’s a lot of easy things you can do to avoid this.
6 replies
2 recasts
13 reactions
McBain
@mcbain
When dev wallets native to each repo and rotating automatically?
1 reply
0 recast
2 reactions
eggman 🔵
@eggman.eth
Man, that's horrifying. At the same time, even when uploaded "securely", a lot of .envs and config jsons containing keys get placed on less-than-great platforms. Cloud instances and VMs are not a great place to keep your keys either. *Especially* with basement-level startups.
1 reply
0 recast
0 reaction
jtgi
@jtgi
what would you advise for working with wallet pkeys/seeds from dev thru prod?
1 reply
0 recast
0 reaction
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
In a decentralized future when we have decentralized git repos and decentralized hosting nodes for apps, I wonder how we're even going to do that sort of secret sharing. I might trust Vercel or Heroku with a hot wallet in an environment variable, but curious what that's going to look like on Akash or whatever 🤔
1 reply
0 recast
0 reaction
Myk.eth
@myk
Another good reason to use Thirdweb Engine if you need a backend to write onchain
0 reply
0 recast
1 reaction
Juuso
@juuso
sops and agenix made me realize how few developers have hardware-backed cryptographic keys and care about 2fa even with their net worth at stake
0 reply
0 recast
0 reaction
