Skip to content

Commit f6a29c3

Browse files
chaseflemingchasefleming
authored
Merge pull request #2250 from onflow/cf/extract-warning
Add security warning for accounts with inline keys
2 parents 36a03aa + 2f59f99 commit f6a29c3

File tree

1 file changed

+33
-2
lines changed

1 file changed

+33
-2
lines changed

internal/command/command.go

Lines changed: 33 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,20 +34,21 @@ import (
3434
"sync"
3535
"time"
3636

37-
"github.com/onflow/flow-cli/internal/prompt"
38-
3937
"github.com/coreos/go-semver/semver"
4038
"github.com/dukex/mixpanel"
4139
"github.com/getsentry/sentry-go"
4240
"github.com/spf13/afero"
4341
"github.com/spf13/cobra"
4442

4543
"github.com/onflow/flowkit/v2"
44+
"github.com/onflow/flowkit/v2/accounts"
4645
"github.com/onflow/flowkit/v2/config"
4746
"github.com/onflow/flowkit/v2/gateway"
4847
"github.com/onflow/flowkit/v2/output"
4948

5049
"github.com/onflow/flow-cli/build"
50+
"github.com/onflow/flow-cli/common/branding"
51+
"github.com/onflow/flow-cli/internal/prompt"
5152
"github.com/onflow/flow-cli/internal/settings"
5253
"github.com/onflow/flow-cli/internal/util"
5354
)
@@ -131,6 +132,9 @@ func (c Command) AddToParent(parent *cobra.Command) {
131132
checkVersion(logger)
132133
}
133134

135+
// warn about inline keys in config
136+
checkForInlineKeys(state, logger)
137+
134138
// record command usage
135139
wg := sync.WaitGroup{}
136140
go UsageMetrics(c.Cmd, &wg)
@@ -328,6 +332,33 @@ func isDevelopment() bool {
328332
return build.Semver() == "undefined"
329333
}
330334

335+
// checkForInlineKeys warns users if they have accounts with inline private keys in flow.json
336+
func checkForInlineKeys(state *flowkit.State, logger output.Logger) {
337+
if state == nil {
338+
return
339+
}
340+
341+
var inlineKeyAccounts []string
342+
for _, account := range *state.Accounts() {
343+
if _, isHexKey := account.Key.(*accounts.HexKey); isHexKey {
344+
inlineKeyAccounts = append(inlineKeyAccounts, account.Name)
345+
}
346+
}
347+
348+
if len(inlineKeyAccounts) > 0 {
349+
cmd := branding.GreenStyle.Render("flow config extract-key --all")
350+
logger.Info(fmt.Sprintf(
351+
"\n%s Security warning: %d account(s) have private keys stored directly in flow.json: %s\n"+
352+
" Extract them to separate key files by running: %s\n"+
353+
" Learn more: https://developers.flow.com/build/tools/flow-cli/flow.json/security\n",
354+
output.WarningEmoji(),
355+
len(inlineKeyAccounts),
356+
strings.Join(inlineKeyAccounts, ", "),
357+
cmd,
358+
))
359+
}
360+
}
361+
331362
// initCrashReporting set-ups sentry as crash reporting tool, it also sets listener for panics
332363
// and asks before sending the error for a permission to do so from the user.
333364
func initCrashReporting() {

0 commit comments

Comments
 (0)