Using Truffle framework with Arkane

Extending the most popular blockchain development framework.

Undeniably, Truffle suite 🍫 is the most used development framework for Ethereum today. Like many of our colleagues, we use the framework to deploy and migrate our smart contracts, and a key piece in the deployment process is signing the transaction. The standard flow is to send the transaction to a web3 client, for example, a local geth or Parity node, after which the client signs the transaction and forwards it to the chain. This approach requires a sync node.

⚠️ Spoiler alert — Demo at the bottom of the article

Web3 Providers

A commonly used alternative is to change the default Web3 provider by the HD Wallet provider. This extension uses a predefined mnemonic phrase to sign before forwarding it to an Ethereum node. The node can be hosted locally, internally, or even externally. Infura is an example of an external node service. A variation for the HD Wallet provider is the Ledger Wallet provider, which allows you to sign the transaction using a Ledger Nano S or Ledger Blue.

While those providers have definitely increased the usability, a few issues still remain. 🐞

Accidental push

The provider configuration is stored in a file which lives in your code base, so the risk of an accidental commit is present, not to mention a push to a public repository on GitHub. In the case of the HD Wallet provider, it would expose your mnemonic phrase, giving anyone access to your account.

Professional use

As we all know a deploy to Mainnet is not free. If you are a one-man team there is no discussion who should pay for the deployment, but if you are part of a larger team or organization, who will be responsible for the development costs? Usually, one account is created, funded by either multiple people or by the organization and the people that perform deployments get access. Now imagine one of the team members leaving. How would you revoke his access to the deployment account? The only available option is to change the account, transfer all the remaining funds and have all the developers change their configuration.

Truffle Arkane Wallet Provider

Compared to other providers the Arkane Wallet provider allows you to access accounts via API keys 🔐. You are able to create multiple keys for one wallet and revoking a key happens in just a single mouse click.

Using Arkane grants you several benefits:

  • Fine-grained access management to your deployment account, for example, one key for each developer.
  • Easy way to revoke access if you think a key might have been compromised.
  • It allows you to implement a security policy, where for example you change the API keys every month.
  • And in case of a leak, it also prevents from identifying your account in any way.
At the bottom of this article, you can find an animated gif where you can see the magic in action.

How to add the Arkane Wallet Provider to Truffle

🙈 If you don’t yet have an Arkane wallet and an API key, let’s start by creating one here.

To get going you need to install the Arkane Wallet provider, which is a node package 📦.

npm i @arkane-network/truffle-arkane-provider 

Then add the new provider in truffle.js and you are good to go 👌🚀.

var ArkaneProvider = require("@arkane-network/truffle-arkane-provider");
module.exports = {
networks: {
development: {
host: "localhost",
port: 8545,
network_id: "*" // Match any network id
},
ropsten: {
provider: () =>
new ArkaneProvider({
apiKey: 'my-api-key',
baseUrl: 'https://api.arkane.network',
providerUrl: 'https://ropsten.infura.io'
}),
network_id: '3',
}
}

The compilation and deployment of the smart contract is done by executing:

truffle compile
truffle migration --network ropsten

For more details on the Arkane Wallet provider, you can have a look at the package on npm.