Skip to content

Reject STELLAR_SECRET_KEY when --secure-store is requested.#2504

Merged
fnando merged 3 commits intomainfrom
reject-env-var-when-adding-key-with-secure-store
Apr 21, 2026
Merged

Reject STELLAR_SECRET_KEY when --secure-store is requested.#2504
fnando merged 3 commits intomainfrom
reject-env-var-when-adding-key-with-secure-store

Conversation

@fnando
Copy link
Copy Markdown
Member

@fnando fnando commented Apr 20, 2026

What

Reject STELLAR_SECRET_KEY when --secure-store is requested.

Why

Close #2491

Known limitations

N/A

Copilot AI review requested due to automatic review settings April 20, 2026 23:26
@github-project-automation github-project-automation Bot moved this to Backlog (Not Ready) in DevX Apr 20, 2026
@fnando fnando requested a review from mootz12 April 20, 2026 23:26
@fnando fnando self-assigned this Apr 20, 2026
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Apr 20, 2026
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a high-severity keys import footgun: when users explicitly request --secure-store, the CLI now rejects STELLAR_SECRET_KEY to prevent silently persisting the secret key in plaintext identity files (issue #2491).

Changes:

  • Add a dedicated error for --secure-store + STELLAR_SECRET_KEY conflict and enforce it in keys add secret resolution.
  • Reorder read_secret() logic so --secure-store takes precedence and fails closed when the env secret key is present.
  • Add an integration test ensuring the command fails and does not create an identity TOML file in this scenario.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
cmd/soroban-cli/src/commands/keys/add.rs Rejects STELLAR_SECRET_KEY when --secure-store is requested, preventing plaintext fallback.
cmd/crates/soroban-test/tests/it/config.rs Adds an integration test to ensure the conflict is rejected and no identity file is created.

Comment thread cmd/crates/soroban-test/tests/it/config.rs Outdated
mootz12
mootz12 approved these changes Apr 21, 2026
View reviewed changes
Comment thread cmd/soroban-cli/src/commands/keys/add.rs
@fnando fnando enabled auto-merge (squash) April 21, 2026 20:39
@fnando fnando merged commit 4f15e97 into main Apr 21, 2026
210 checks passed
@fnando fnando deleted the reject-env-var-when-adding-key-with-secure-store branch April 21, 2026 20:49
@github-project-automation github-project-automation Bot moved this from Needs Review to Done in DevX Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mootz12 mootz12 mootz12 approved these changes

Assignees

@fnando fnando

Labels

None yet

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

keys add --secure-store silently downgrades env-key imports to plaintext files

3 participants

@fnando @mootz12