elrond-sdk-erdpy icon indicating copy to clipboard operation
elrond-sdk-erdpy copied to clipboard

Published 20 hours ago verified publisher icon ElrondNetwork

erdpy template lacks .gitignore

Open miohtama opened this issue 3 years ago • 2 comments

I am creating a Hello World project with this template:

https://docs.elrond.com/developers/tutorials/counter/

erdpy contract new --template="simple-counter" mycounter

Because there is no .gitgnore, all generated files, including keys (PEM) are added to git.

        new file:   chains/elrond/hello-world/mycounter/testnet.toml
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey00.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey01.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey02.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey03.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey04.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey05.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey06.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey07.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey08.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey09.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey10.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey11.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/users/alice.json

Because these are obviously generated files, contain secrets (private keys), this is dangerous.

I suggest a default .gitignore is included in all Elrond smart contract project templates, properly showing users how not to commit their keys by accident.

miohtama avatar Aug 21 '21 09:08 miohtama

I'm not sure about the observerKeys but at least the user wallets are well known files that are the same for every machine. So there is no need to exclude them from the repository.

Of course it's highly dangerous to use those on the mainnet, so don't do that on any circumstance :)

MWFIAE avatar Sep 10 '21 13:09 MWFIAE

The templates should teach newcomer developers the best practices. In this case, the project template is not achieving this goal.

miohtama avatar Sep 14 '21 16:09 miohtama

Since mxpy is only forwarding the arguments to sc-meta I think this can be closed. If the issue still persists should be opened on the mx-sdk-rs repository.

popenta avatar Dec 15 '23 12:12 popenta