Launch a Token guide uses raw PRIVATE_KEY env variable, contradicting Deploy Smart Contracts guide's safer keystore approach

[knisaci]

Description

The "Launch a Token" guide uses vm.envUint("PRIVATE_KEY") to load a
private key directly from a .env file in the deployment script.

However, the "Deploy Smart Contracts" guide on the same site explicitly
teaches cast wallet import deployer --interactive as the secure approach,
with a warning: "Never share or commit your private key."

These two pages give contradictory advice on a security-critical topic
with no explanation of the difference.

Pages affected

• https://docs.base.org/get-started/launch-token (uses raw env var)
• https://docs.base.org/get-started/deploy-smart-contracts (uses keystore)

Suggested fix

Either align both guides to use the keystore method, or add a note on the
Launch a Token page explaining when a raw PRIVATE_KEY env var is acceptable
(e.g. only in CI/CD pipelines, never locally) and link to the safer approach.

[schoolkamsergj]

Confirmed this inconsistency. When following both guides sequentially,
the switch from cast wallet import (keystore) to raw PRIVATE_KEY
env var is confusing — especially for developers new to Foundry.

A note on the Launch a Token page explaining that the raw env var
approach is acceptable only in isolated/CI environments would prevent
a lot of accidental key exposure.

[knisaci]

Thanks for the quick fix @schoolkamsergj! Glad this was confirmed as a real issue. I'll look forward to seeing this merged.