You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Aptos CLI currently stores private keys and mnemonics in plain text within a .aptos folder typically located in a project's root directory. This approach has several drawbacks:
Security risk: Storing sensitive information in plain text is vulnerable to unauthorized access.
Duplication: Each project requires a separate profile, resulting in multiple copies of the same private key.
Lack of portability: Wallets are tied to specific project directories, making it inconvenient to use the same wallet across multiple projects.
Proposed Solution
Implement a secure wallet management system for the Aptos CLI, similar to Foundry's wallet commands, while maintaining compatibility with the existing profile-based system. This system should:
Provide a single local encrypted store for private keys and mnemonics.
Allow users to manage multiple wallets across all Aptos projects.
Implement secure key derivation and encryption techniques to protect sensitive information.
Integrate seamlessly with existing CLI commands and workflows.
Feature Details
New Wallet Commands
Introduce the following wallet commands to the Aptos CLI:
aptos wallet: Display wallet management help and available subcommands.
aptos wallet list: List all available wallets.
aptos wallet new [name]: Create a new wallet with an optional name.
aptos wallet import [name]: Import an existing private key or mnemonic.
aptos wallet export [name]: Securely export a wallet's private key or mnemonic.
aptos wallet remove [name]: Remove a wallet from the management system.
aptos wallet sign [name] [message]: Sign a message using the specified wallet.
aptos wallet verify [address] [signature] [message]: Verify a signature.
aptos wallet link [wallet_name] [profile_name]: Associate a wallet with an existing profile(profiles could still be local to a prjoect?).
aptos wallet info [wallet_name]: Display wallet information, such as associated profiles.
Integration with Existing CLI Commands
To maintain compatibility with existing CLI commands:
Modify the aptos init command to optionally use a wallet:
Maintain support for the current --profile flag in all existing commands.
When a profile is specified, the CLI will first check if it's associated with a wallet. If so, it will use the wallet's credentials. If not, it will fall back to the current behavior of using the profile's stored private key.
Usage Examples
Creating a multisig account using a profile (current method, backward compatible):
Master Password: Require users to set a master password to access the wallet management system.
Backup and Recovery: Provide mechanisms for users to securely backup and restore their wallets.
Integration: Update existing Aptos CLI commands to work seamlessly with the new wallet management system.
Wallet Storage Location: Store the encrypted wallet data in a centralized location (e.g., ~/.aptos/wallets/) rather than in individual project directories.
Benefits
Enhanced security: Centralized, encrypted storage reduces the risk of exposing private keys.
Improved user experience: Users can easily manage and use the same wallet across multiple projects and networks.
Standardization: Aligns with best practices in crypto wallet management, similar to other ecosystems like Ethereum (Foundry).
Flexibility: Users can choose between the new wallet system and the existing profile system, allowing for a gradual transition.
Reduced duplication: Eliminates the need to store multiple copies of the same private key across different projects.
The text was updated successfully, but these errors were encountered:
Current Situation
The Aptos CLI currently stores private keys and mnemonics in plain text within a
.aptos
folder typically located in a project's root directory. This approach has several drawbacks:Proposed Solution
Implement a secure wallet management system for the Aptos CLI, similar to Foundry's wallet commands, while maintaining compatibility with the existing profile-based system. This system should:
Feature Details
New Wallet Commands
Introduce the following wallet commands to the Aptos CLI:
aptos wallet
: Display wallet management help and available subcommands.aptos wallet list
: List all available wallets.aptos wallet new [name]
: Create a new wallet with an optional name.aptos wallet import [name]
: Import an existing private key or mnemonic.aptos wallet export [name]
: Securely export a wallet's private key or mnemonic.aptos wallet remove [name]
: Remove a wallet from the management system.aptos wallet sign [name] [message]
: Sign a message using the specified wallet.aptos wallet verify [address] [signature] [message]
: Verify a signature.aptos wallet link [wallet_name] [profile_name]
: Associate a wallet with an existing profile(profiles could still be local to a prjoect?).aptos wallet info [wallet_name]
: Display wallet information, such as associated profiles.Integration with Existing CLI Commands
To maintain compatibility with existing CLI commands:
Modify the
aptos init
command to optionally use a wallet:Introduce a new
--wallet
flag as an alternative to--profile
in all existing commands:Maintain support for the current
--profile
flag in all existing commands.When a profile is specified, the CLI will first check if it's associated with a wallet. If so, it will use the wallet's credentials. If not, it will fall back to the current behavior of using the profile's stored private key.
Usage Examples
Creating a multisig account using a profile (current method, backward compatible):
Creating a multisig account using a wallet directly:
Implementation Considerations
~/.aptos/wallets/
) rather than in individual project directories.Benefits
The text was updated successfully, but these errors were encountered: