Relates to #674. Add suri_path
and password_path
options to CLI
#1134
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
This PR relates to issue #674 and #1106 and updates the CLI options available to allow loading the suri and password from plain text .txt files so users can avoid having to enter values in the terminal. It could be changed so they can read from any file even if it doesn't have an extension.
Usage
Run a substrate-contracts-node on ws://127.0.0.1:9944 (e.g. this codebase allows you to run it in a Docker container https://github.com/ltfschoen/InkTemplate, and if necessary delete the chain db and restart the node by running
docker exec -it ink /app/docker/reset.sh
)Run the following to deploy a Flipper contract, where the
contract upload
command reads the suri and password from associated text files with file extension .txt.Important note: The purpose of this PR is so the user can run CLI commands that read sensitive information from a file, where they'd open a text editor and enter the sensitive information in them that way and then read from the files with CLI commands, and then delete those files after using them. That way they can avoid entering the suri and password in the terminal window where hackers may gain access to it from terminal history logs, but only for demonstration purposes I'm the example suri and password via the terminal with
echo "//Alice" > my-suri.txt
and echo "" > my-password.txt.Verified it works with the following functionality:
then it outputs the following:
//Alice\n
instead of//Alice
to simulate what would happen if we weren't applying.trim()
when reading the file contents, then it outputs the following since it thinks it's dealing with a different account that wouldn't have sufficient funds to upload. Likewise, if you change the my-password.txt file from not having a password (default for Alice's built-in account) to having a password, then it also outputs the following:Result ModuleError: Contracts::StorageDepositNotEnoughFunds: ["Origin doesn't have enough balance to pay the required storage deposits."]
--suri
and--suri-path
it outputs the following since in the code we've setmultiple(false)
to theArgGroup
called"surigroup"
--password
and--password-path
it outputs the following since in the code we've setmultiple(false)
to theArgGroup
called"passgroup"
--password-path
but it doesn't have an extension, then it'll output error:ERROR: suri data not provided. password path has no extension, expected `.txt`
--suri-path
but it doesn't have an extension, then it'll output error:ERROR: suri data not provided. suri path has no extension, expected `.txt`
Further considerations:
Something worth considering is whether to change it from:
--suri-path
to--suri-file-path
--password-path
to--password-file-path
There are numerous
TODO
's, so any feedback on how to approach those in addition to general review would be appreciated.Maybe the
Suri
andPassword
struct types could be used better.