Lesson 5: Improvement on reading private_key_password from enviroment

[cyberws]

I would welcome any feedback but surely this solution below of reading encrypted private key password from stdin (ie. console), is more secure than setting it as an environment variable.

  const encryptedJson = fs.readFileSync("./.encryptedKey.json", "utf8");
  async function promptPassword() {
    prompt.start();
    prompt.message = "";
    prompt.delimiter = ":";
    const { password } = await prompt.get({
      properties: {
        password: {
          message: "Enter private key pass",
          hidden: true,
        },
      },
    });
    return password;
  }
  const password = await promptPassword();
  let wallet = ethers.Wallet.fromEncryptedJsonSync(encryptedJson, password);
  wallet = await wallet.connect(provider);

Either method is still at risk from a key logger, but this method does not visibly show password on screen OR allow it to be stored in bash history.

Note above code requires ethers 6.x.x or the word "new " to prefix "ethers.Wallet" if using ethers 5.x.x

[Nlferu]

Hi @cyberws

Yup I did the same when I was on this lesson ;) I think thats the best solution although using private key in VSCode isnt safe at all, you should also try switching into VSCodium it is much safer alternative as it is not gathering all data as VSCode. There is also more information regarding using private keys in foundry version of this course, so you should definitely chek that out :)