Skip to content

fix: stop exposing wallet seed in stdout and deployment.json#27

Merged
Olanetsoft merged 6 commits intomainfrom
idris/fix-seed-exposure
Mar 26, 2026
Merged

fix: stop exposing wallet seed in stdout and deployment.json#27
Olanetsoft merged 6 commits intomainfrom
idris/fix-seed-exposure

Conversation

@Olanetsoft
Copy link
Copy Markdown
Collaborator

@Olanetsoft Olanetsoft commented Mar 26, 2026
edited
Loading

Summary

  • Seed was being printed to terminal via console.log and stored in deployment.json — both unnecessary exposure vectors (stdout captured by CI/CD logs, deployment.json could be shared/committed)
  • Seed now written to .midnight-seed file with chmod 600 instead of printed to stdout
  • Removed seed field from all deployment.json writes — it only stores contract address and network metadata now
  • cli.ts and check-balance.ts read seed from .midnight-seed instead of deployment.json
  • Added .midnight-seed to .gitignore template

Fixes: #25 too

Test plan

  • Run npm run deploy with option 1 (create new wallet) — verify seed is NOT printed to terminal
  • Verify .midnight-seed file is created with correct permissions (ls -la .midnight-seed)
  • Verify deployment.json does NOT contain a seed field after deploy
  • Run npm run cli — verify it reads seed from .midnight-seed and connects successfully
  • Run npm run check-balance — verify it reads seed from .midnight-seed
  • Run deploy with proof server down — verify retry saves seed to .midnight-seed, not deployment.json
  • Delete .midnight-seed and run npm run cli — verify clear error message

@Olanetsoft Olanetsoft requested a review from a team March 26, 2026 09:15
@Olanetsoft
fix: stop exposing wallet seed in stdout and deployment.json
21751c7 
Seed was being printed to the terminal via console.log and persisted
in deployment.json alongside non-sensitive metadata. Both are
unnecessary exposure vectors — stdout is captured by CI/CD logs,
and deployment.json could be accidentally shared or committed.

- Write seed to .midnight-seed file (chmod 600) instead of printing
- Remove seed from all deployment.json writes
- Read seed from .midnight-seed in cli.ts and check-balance.ts
- Add .midnight-seed to .gitignore template
@Olanetsoft
chore: bump to v0.3.24
2831f13
@Olanetsoft
fix: clarify counter template build steps to prevent skipped contract…
d9fd45a 
… build

The setup guide showed contract compact and build as separate lines,
causing users to skip the contract build step. Combined them into a
single chained command so the flow is unambiguous.

Closes #25
@Olanetsoft
fix: warn when compact compiler is newer than template expects
8e94a01 
A newer compiler can generate code targeting a different compact-runtime
version than the template pins, causing type mismatches at build time.
Now shows a yellow warning during requirements check so users know
before they hit confusing build errors.
@Olanetsoft
chore: bump to v0.3.25
6c6ee6e
@Olanetsoft Olanetsoft force-pushed the idris/fix-seed-exposure branch from 8dd5cbc to 6c6ee6e Compare March 26, 2026 09:43
laurenelee
laurenelee approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

@laurenelee laurenelee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Olanetsoft Olanetsoft merged commit 21921ce into main Mar 26, 2026
2 checks passed
@Olanetsoft Olanetsoft deleted the idris/fix-seed-exposure branch March 26, 2026 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laurenelee laurenelee laurenelee approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

create-mn-app@0.3.23 Counter DApp fails to build due to onchain-runtime version conflict

2 participants

@Olanetsoft @laurenelee