Background
Currently, the private key is stored in a .env file within the repository. This practice poses security risks since environment files are more susceptible to accidental exposure and do not provide optimal protection for sensitive keys.
Proposal
To align with best practices, align with ERC-2335 and improve the security posture of the Oak Network contracts, move the private key storage from .env to the Foundry Keystore.
Benefits
- Enhanced key security and reduced risk of leakage
- Simplified and more secure testing and deployment workflows
- Alignment with industry standards for secure key management
Tasks
- Update documentation and scripts to reference Foundry Keystore instead of
.env
- Migrate private key handling in CI/CD pipelines
- Test workflow changes to verify compatibility
Additional Notes
- Ensure
.env files do not contain private keys going forward
- Consider auditing the repository for any historical private key exposures
Please collaborate with the relevant team members to implement this change.
Background
Currently, the private key is stored in a
.envfile within the repository. This practice poses security risks since environment files are more susceptible to accidental exposure and do not provide optimal protection for sensitive keys.Proposal
To align with best practices, align with ERC-2335 and improve the security posture of the Oak Network contracts, move the private key storage from
.envto the Foundry Keystore.Benefits
Tasks
.envAdditional Notes
.envfiles do not contain private keys going forwardPlease collaborate with the relevant team members to implement this change.