Skip to content

Reject STELLAR_SECRET_KEY when --secure-store is requested.#2504

Open
fnando wants to merge 2 commits intomainfrom
reject-env-var-when-adding-key-with-secure-store
Open

Reject STELLAR_SECRET_KEY when --secure-store is requested.#2504
fnando wants to merge 2 commits intomainfrom
reject-env-var-when-adding-key-with-secure-store

Conversation

@fnando
Copy link
Copy Markdown
Member

@fnando fnando commented Apr 20, 2026

What

Reject STELLAR_SECRET_KEY when --secure-store is requested.

Why

Close #2491

Known limitations

N/A

Copilot AI review requested due to automatic review settings April 20, 2026 23:26
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Apr 20, 2026
@fnando fnando requested a review from mootz12 April 20, 2026 23:26
@fnando fnando self-assigned this Apr 20, 2026
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Apr 20, 2026
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a high-severity keys import footgun: when users explicitly request --secure-store, the CLI now rejects STELLAR_SECRET_KEY to prevent silently persisting the secret key in plaintext identity files (issue #2491).

Changes:

  • Add a dedicated error for --secure-store + STELLAR_SECRET_KEY conflict and enforce it in keys add secret resolution.
  • Reorder read_secret() logic so --secure-store takes precedence and fails closed when the env secret key is present.
  • Add an integration test ensuring the command fails and does not create an identity TOML file in this scenario.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
cmd/soroban-cli/src/commands/keys/add.rs Rejects STELLAR_SECRET_KEY when --secure-store is requested, preventing plaintext fallback.
cmd/crates/soroban-test/tests/it/config.rs Adds an integration test to ensure the conflict is rejected and no identity file is created.

Comment thread cmd/crates/soroban-test/tests/it/config.rs Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mootz12 mootz12 Awaiting requested review from mootz12

At least 1 approving review is required to merge this pull request.

Assignees

@fnando fnando

Labels

None yet

Projects

DevX
Status: Needs Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

keys add --secure-store silently downgrades env-key imports to plaintext files

2 participants

@fnando