search

multiversx / mx-sdk-py-cli

Python Command Line Tools and SDK for interacting with the MultiversX blockchain and dApps.
Other
48 stars 36 forks source link

erdpy template lacks .gitignore #17

Closed miohtama closed 10 months ago

miohtama commented 3 years ago

I am creating a Hello World project with this template:

https://docs.elrond.com/developers/tutorials/counter/

erdpy contract new --template="simple-counter" mycounter

Because there is no .gitgnore, all generated files, including keys (PEM) are added to git.

        new file:   chains/elrond/hello-world/mycounter/testnet.toml
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey00.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey01.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey02.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey03.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey04.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey05.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey06.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey07.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey08.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey09.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey10.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/observers/observerKey11.pem
        new file:   chains/elrond/hello-world/mycounter/wallets/users/alice.json

Because these are obviously generated files, contain secrets (private keys), this is dangerous.

I suggest a default .gitignore is included in all Elrond smart contract project templates, properly showing users how not to commit their keys by accident.

MWFIAE commented 3 years ago

I'm not sure about the observerKeys but at least the user wallets are well known files that are the same for every machine. So there is no need to exclude them from the repository.

Of course it's highly dangerous to use those on the mainnet, so don't do that on any circumstance :)

miohtama commented 3 years ago

The templates should teach newcomer developers the best practices. In this case, the project template is not achieving this goal.

popenta commented 10 months ago

Since mxpy is only forwarding the arguments to sc-meta I think this can be closed. If the issue still persists should be opened on the mx-sdk-rs repository.