From 5d1556d1e9f5a7fbd4a8e8e52d9fcc4755402c62 Mon Sep 17 00:00:00 2001 From: Chase Fleming <1666730+chasefleming@users.noreply.github.com> Date: Tue, 6 Jan 2026 17:20:18 -0800 Subject: [PATCH 1/3] Add warning for extract --- internal/command/command.go | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/internal/command/command.go b/internal/command/command.go index 4d0f627e8..d5f85b673 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -34,8 +34,6 @@ import ( "sync" "time" - "github.com/onflow/flow-cli/internal/prompt" - "github.com/coreos/go-semver/semver" "github.com/dukex/mixpanel" "github.com/getsentry/sentry-go" @@ -43,11 +41,13 @@ import ( "github.com/spf13/cobra" "github.com/onflow/flowkit/v2" + "github.com/onflow/flowkit/v2/accounts" "github.com/onflow/flowkit/v2/config" "github.com/onflow/flowkit/v2/gateway" "github.com/onflow/flowkit/v2/output" "github.com/onflow/flow-cli/build" + "github.com/onflow/flow-cli/internal/prompt" "github.com/onflow/flow-cli/internal/settings" "github.com/onflow/flow-cli/internal/util" ) @@ -131,6 +131,9 @@ func (c Command) AddToParent(parent *cobra.Command) { checkVersion(logger) } + // warn about inline keys in config + checkForInlineKeys(state, logger) + // record command usage wg := sync.WaitGroup{} go UsageMetrics(c.Cmd, &wg) @@ -328,6 +331,30 @@ func isDevelopment() bool { return build.Semver() == "undefined" } +// checkForInlineKeys warns users if they have accounts with inline private keys in flow.json +func checkForInlineKeys(state *flowkit.State, logger output.Logger) { + if state == nil { + return + } + + var inlineKeyAccounts []string + for _, account := range *state.Accounts() { + if _, isHexKey := account.Key.(*accounts.HexKey); isHexKey { + inlineKeyAccounts = append(inlineKeyAccounts, account.Name) + } + } + + if len(inlineKeyAccounts) > 0 { + logger.Info(fmt.Sprintf( + "\n%s Security warning: %d account(s) have private keys stored directly in flow.json: %s\n"+ + " Extract them to separate key files by running: flow config extract-key --all\n", + output.WarningEmoji(), + len(inlineKeyAccounts), + strings.Join(inlineKeyAccounts, ", "), + )) + } +} + // initCrashReporting set-ups sentry as crash reporting tool, it also sets listener for panics // and asks before sending the error for a permission to do so from the user. func initCrashReporting() { From 32a77aba1d27ad82209ea63dbdabb99c90c9dba0 Mon Sep 17 00:00:00 2001 From: Chase Fleming <1666730+chasefleming@users.noreply.github.com> Date: Tue, 6 Jan 2026 17:23:36 -0800 Subject: [PATCH 2/3] Colorize command and add url --- cadence/transactions/test.cdc | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cadence/transactions/test.cdc diff --git a/cadence/transactions/test.cdc b/cadence/transactions/test.cdc new file mode 100644 index 000000000..a6168109d --- /dev/null +++ b/cadence/transactions/test.cdc @@ -0,0 +1,5 @@ +transaction() { + prepare(account: &Account) {} + + execute {} +} \ No newline at end of file From 2f59f99f8b08c06ebec7ebd38ad5717fec9b071c Mon Sep 17 00:00:00 2001 From: Chase Fleming <1666730+chasefleming@users.noreply.github.com> Date: Tue, 6 Jan 2026 17:26:47 -0800 Subject: [PATCH 3/3] Add file --- cadence/transactions/test.cdc | 5 ----- internal/command/command.go | 6 +++++- 2 files changed, 5 insertions(+), 6 deletions(-) delete mode 100644 cadence/transactions/test.cdc diff --git a/cadence/transactions/test.cdc b/cadence/transactions/test.cdc deleted file mode 100644 index a6168109d..000000000 --- a/cadence/transactions/test.cdc +++ /dev/null @@ -1,5 +0,0 @@ -transaction() { - prepare(account: &Account) {} - - execute {} -} \ No newline at end of file diff --git a/internal/command/command.go b/internal/command/command.go index d5f85b673..ebbc60df7 100644 --- a/internal/command/command.go +++ b/internal/command/command.go @@ -47,6 +47,7 @@ import ( "github.com/onflow/flowkit/v2/output" "github.com/onflow/flow-cli/build" + "github.com/onflow/flow-cli/common/branding" "github.com/onflow/flow-cli/internal/prompt" "github.com/onflow/flow-cli/internal/settings" "github.com/onflow/flow-cli/internal/util" @@ -345,12 +346,15 @@ func checkForInlineKeys(state *flowkit.State, logger output.Logger) { } if len(inlineKeyAccounts) > 0 { + cmd := branding.GreenStyle.Render("flow config extract-key --all") logger.Info(fmt.Sprintf( "\n%s Security warning: %d account(s) have private keys stored directly in flow.json: %s\n"+ - " Extract them to separate key files by running: flow config extract-key --all\n", + " Extract them to separate key files by running: %s\n"+ + " Learn more: https://developers.flow.com/build/tools/flow-cli/flow.json/security\n", output.WarningEmoji(), len(inlineKeyAccounts), strings.Join(inlineKeyAccounts, ", "), + cmd, )) } }