THE .ENV PLEDGE #2

patrick-streaming · 2024-11-14T02:19:18Z

patrick-streaming
Nov 14, 2024

The Pledge

I solemnly swear, that I will never place a private key or secret phrase or mnemonic in a .env file that is associated with real funds.

I will only place private keys in a .env file that have ONLY testnet ETH, LINK, or other cryptocurrencies.

When I'm testing and developing, I will use a different wallet than the one associated with my real funds.

I am aware that if I forget a .gitignore and push my key/phrase up to GitHub even for a split-second, or show my key/phrase to the internet for a split second, it should be considered compromised and I should move all my funds immediately.

If I am unsure if my account has real funds in it, I will assume it has real funds in it. If I assume it has real funds in it, I will not use it for developing purposes.

I am aware that even if I hit add account on my metamask (or other ETH wallet) I will get a new private key, but it will share the same secret phrase/mnemonic of the other accounts generated in that metamask (or other ETH wallet).

Pledge Additions

For this course, I will only use funds associated with a brand new never-before-used metamask (or other ETH wallet). I am aware that my account associated with my private key is the same on testnets that it is on mainnets.

If I must use a private key associated with real funds in the future, until I am 100% sure what I am doing I will always either:

Encrypt the private key MYSELF in such a way as Patrick taught me
Use the built-in functionality of moccasin to encrypt my private keys
Use the command line way to pass private keys, and delete my command line history right after ONLY AS A LAST OPTION

If I never actually deploy anything to mainnet myself or work with a private key with real funds, I do not need to be concerned.

patrick-streaming · 2024-11-14T02:52:03Z

patrick-streaming
Nov 14, 2024
Author

I WILL BE SAFE

0 replies

EngrPips · 2024-11-27T16:54:36Z

EngrPips
Nov 27, 2024

I WILL BE SAFE.

0 replies

GoldTeaaa · 2024-11-29T14:30:18Z

GoldTeaaa
Nov 29, 2024

I WILL BE SAFE!!

0 replies

abc0xmattyic333 · 2024-11-29T17:09:20Z

abc0xmattyic333
Nov 29, 2024

I will be safe!

0 replies

GuireWire · 2024-12-06T02:37:15Z

GuireWire
Dec 6, 2024

I WILL BE SAFE!!!!

0 replies

doble196 · 2024-12-09T00:02:51Z

doble196
Dec 9, 2024

🛡️ Vyper-Pilled Dev Safety Pledge 🛡️

I, Rensley R., the First "Vyper-Pilled Dev," Solemnly Swear:

1. I will never place a private key, secret phrase, or mnemonic in a .env file associated with real funds.

2. I will never place private keys, even for testnet ETH, LINK, or other cryptocurrencies, in plain text, because:

Good habits in testing are great habits in production.

3. I will always use a separate wallet for testing and development, isolated from my real funds wallet.

🧠 Trick Question 🤔

Is it okay to keep private keys for testnet ETH in plain text just because it's testnet?
🚫 NO! Treat testnet keys like real keys because:

Sloppy habits in testing lead to catastrophic mistakes in production.

🛑 Immediate Action if Keys Are Exposed

If I accidentally push my key or phrase to GitHub (even for a moment) or show it publicly:

I will consider it compromised immediately.
I will move all funds to a new wallet, whether it’s testnet or mainnet.

When in doubt:

If I suspect an account contains real funds, I will assume it does and avoid using it for development.

🔑 Understanding Wallet Behavior

I understand that adding a new account in Metamask (or similar wallets) generates a new private key.
All accounts under a single wallet share the same secret phrase/mnemonic.

🔒 Secure Private Keys

If I must use a private key associated with real funds in the future:

I will encrypt the private key myself using best practices.
I will use built-in encryption tools, such as those provided by moccasin or another secure framework.
As an absolute last resort:
- Pass private keys through the command line.
- Delete the command line history immediately afterward.

📜 Pledge Additions

For this course and all future projects:

I will use a brand-new Metamask wallet (or equivalent) with no prior usage.
I understand that wallet addresses are identical on testnets and mainnets.

💡 Final Note

Even in testing, never keep private keys, secret phrases, or mnemonics in plain text. By building good habits today, I ensure safe deployments tomorrow.

🚀 Let’s build securely, together.
🔗 Project Repository: NFTeria
🐦 Find me on Twitter (X): @Rensley_Ramos

Pledge signed by: Rensley Ramos 🐍✨

0 replies

Torres91 · 2024-12-10T10:01:58Z

Torres91
Dec 10, 2024

I WILL BE SAFE

0 replies

Baloo8721 · 2024-12-14T19:36:46Z

Baloo8721
Dec 14, 2024

I WILL BE SAFE

0 replies

bycraft-betrue · 2024-12-18T10:04:22Z

bycraft-betrue
Dec 18, 2024

I WILL BE SAFE

0 replies

s3bc40 · 2024-12-18T18:03:51Z

s3bc40
Dec 18, 2024

I WILL BE SAFE

0 replies

Scofield-Idehen · 2024-12-19T08:33:09Z

Scofield-Idehen
Dec 19, 2024

If you see this, please remember I won't be that moron and if I ever make a mistake may the seven gods forgive me not.

👍🏾

0 replies

pattool · 2024-12-22T17:04:36Z

pattool
Dec 22, 2024

I WILL BE SAFE

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

THE .ENV PLEDGE #2

{{title}}

Replies: 12 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

THE .ENV PLEDGE #2

The Pledge

Pledge Additions

Replies: 12 comments

patrick-streaming Nov 14, 2024 Author

🛡️ Vyper-Pilled Dev Safety Pledge 🛡️

I, Rensley R., the First "Vyper-Pilled Dev," Solemnly Swear:

🧠 Trick Question 🤔

🛑 Immediate Action if Keys Are Exposed

🔑 Understanding Wallet Behavior

🔒 Secure Private Keys

📜 Pledge Additions

💡 Final Note

patrick-streaming
Nov 14, 2024
Author