Enhancing Security and Efficiency: A Guide to Using ‘ — account’ in Foundry

Do you find it inconvenient to repeatedly enter a private key whenever you need to deploy a contract, run a script, or publish a transaction with Foundry? Today, I’ll introduce you to a more efficient method. Let’s dive in!

Before introducing you to a more efficient method, let’s see what it usually looks like to deploy a very simple contract using Foundry.

forge create <Contract name> --rpc-url <RPC Url> --private-key <Private key>

There are some points to consider when using the above approach:

1. You need to explicitly copy and paste your private key. When dealing with a real account, with real funds, that's definitely not a good approach. You should never copy and paste a real account like this
2. You need to copy and paste your private key every time you want to deploy a new contract. In a production environment, this might not be as bothersome because deploying new contracts is less frequent. However, in a development environment, where contract deployment occurs more frequently, this process can become quite annoying.

How could it be improved?

What if I tell you, we can use it like this:

forge create <Contract name> --rpc-url <RPC Url> --account <Account name>

No private keys being displayed and no copy and paste of your private keys, that's a way more secure!

Since August 10, 2023, this new improvement to Foundry has been merged. This improvement encrypts private keys using JSON keystores and allows you to create multiple accounts, each with its own private key. You can view the merged pull request (PR) here:

improvement: cast wallet import / --account option by rplusq · Pull Request #5551 ·…

How to use it?

To create a new account, just open your terminal and type:

cast wallet import <Account name> --private-key <Private key>

The <Account name> can be anything you want; it’s simply the name of your account.

Alternatively, for a more secure method that doesn’t involve displaying your private key in the terminal:

cast wallet import <Account name> --interactive

This "— interactive" will just ask you your private key, but won't display it in your terminal

If everything went well, it will ask you for a password for this account:

You can set a password, or leave it blank if you don’t want any password (although it’s highly recommended to use a password for a private key with real funds). This password will be asked every time you run something with this account.

Now, simply press Enter, and your account will be created.

You can use your created account to deploy contracts, run scripts, and publish transactions. Just by using "—account <Account Name>".

If you want to see your created accounts, just type in your terminal:

cast wallet list

Examples

forge create

forge create <Contract name> --rpc-url <RPC Url> --account <Account name>

forge script

Unfortunately, to run a script you will need to specify a sender, which is the public key of your wallet. Knowing that, it will look like this:

forge script <Script Path> --rpc-url <RPC URL> --sender <Sender public key> --account <Account Name> --broadcast

cast send

cast send <Receiver public key> --account <Account name>