search

stacks-network / docs

Unleash Bitcoin's full potential with decentralized apps and smart contracts. The documentation covers key aspects of the Stacks network and technology and provides tutorials and other helpful content for developers.
https://docs.stacks.co
Creative Commons Zero v1.0 Universal
158 stars 237 forks source link

Clearer description on best practices for contract deployment #1253

Closed pgray-hiro closed 2 years ago

pgray-hiro commented 3 years ago

Right now, the documentation either instructs the user to use the Explorer sandbox or the Stacks CLI for Clarity contract deployment. The former is clunky for large contract deployment, and the latter is not well supported anymore. Clarinet should replace the CLI method for contract deployment, but there are currently some limitations to that method, namely that the seedphrase for the deployment account must be stored in plaintext on the developer's hard drive.

Ludo has plans to address the security issue but has an external dependency on a rust lib for interacting with crypto hardware wallets. For now, we should at least publish a set of instructions on how to deploy with Clarinet and some of the potential security risks with using a hot wallet connected to Clarinet.

From discussion with Alex:

he's asking zondax for a rust lib for communicating with a ledger device
[3:03 PM]
he would like to create a "deployer" object in clarinet, like https://www.trufflesuite.com/docs/truffle/getting-started/running-migrations#migration-files I believe
Truffle Suite
Truffle | Running Migrations | Documentation | Truffle Suite
The Truffle suite of tools make dapp development easier and more consistent.

[3:03 PM]
and: developers / infrastructure wallets are usually "hot wallets", meaning they have just enough crypto for dealing with deployments. the Mainnet.toml file should not be commited (that's when it's getting scaffolded, it's also added to your .gitignore), since all this contracts repo are usually open sourced
[3:05 PM]
looking at other solutions: Alchemy uses env vars: https://docs.alchemy.com/alchemy/tutorials/how-to-create-an-nft#step-13-update-hardhat-config-js(edited)
🎨 How to Create an NFT
This tutorial will walk you through writing and deploying a Non Fungible (ERC721) Token smart contract using Ethereum and Inter Planetary File System (IPFS).

[3:06 PM]
brownie uses local JSON files: https://eth-brownie.readthedocs.io/en/stable/account-management.html#local-accounts. it also enables hardware wallet usage through Clef(edited)
[3:08 PM]
I guess devs have two options for production: use a hot wallet and manage keys in plain text on hard drive or use a tool that integrates with a cold wallet. we support only the first today but Ludo has ambitions to enable the 2nd
stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue has been automatically closed. Please reopen if needed.