diff --git a/pop-cli-for-appchains/.gitbook/assets/use-wallet/connected-wallet.png b/pop-cli-for-appchains/.gitbook/assets/use-wallet/connected-wallet.png new file mode 100644 index 0000000..50d7269 Binary files /dev/null and b/pop-cli-for-appchains/.gitbook/assets/use-wallet/connected-wallet.png differ diff --git a/pop-cli-for-appchains/.gitbook/assets/use-wallet/talisman-signing.png b/pop-cli-for-appchains/.gitbook/assets/use-wallet/talisman-signing.png new file mode 100644 index 0000000..078bec2 Binary files /dev/null and b/pop-cli-for-appchains/.gitbook/assets/use-wallet/talisman-signing.png differ diff --git a/pop-cli-for-appchains/guides/launch-a-chain/coretime.md b/pop-cli-for-appchains/guides/launch-a-chain/coretime.md index 77f6113..85689cc 100644 --- a/pop-cli-for-appchains/guides/launch-a-chain/coretime.md +++ b/pop-cli-for-appchains/guides/launch-a-chain/coretime.md @@ -23,6 +23,9 @@ pop call chain --url ◇ Enter the value for the parameter: para_id │ 2000 │ +◇ Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice') +│ No +│ ◇ Signer of the extrinsic: │ ... @@ -37,6 +40,11 @@ pop call chain --url If the event `OnDemandOrderPlaced` is returned it means that your block will be validated and finalised! +> Note: +In the example above, you are prompted to provide a `` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts. +For production accounts and enhanced security, Pop CLI offers the `--use-wallet` option to securely sign transactions. Refer to the [Securely sign transactions from CLI guide](../securely-sign-transactions-from-cli.md) for detailed instructions. + + ## Resources #### Learning Resources diff --git a/pop-cli-for-appchains/guides/launch-a-chain/launch-a-chain-to-paseo.md b/pop-cli-for-appchains/guides/launch-a-chain/launch-a-chain-to-paseo.md index 9873ca2..590d1e3 100644 --- a/pop-cli-for-appchains/guides/launch-a-chain/launch-a-chain-to-paseo.md +++ b/pop-cli-for-appchains/guides/launch-a-chain/launch-a-chain-to-paseo.md @@ -283,6 +283,9 @@ pop call chain --url ws://localhost:57731 ◇ What would you like to do? │ Reserve a parachain ID │ +◇ Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice') +│ No +│ ◇ Signer of the extrinsic: │ │ @@ -319,6 +322,9 @@ Now we register the para ID with the generated genesis state (`para-2000-genesis ◇ The value for `validation_code` might be too large to enter. You may enter the path to a file instead. │ para-2000.wasm │ +◇ Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice') +│ No +│ ◇ Signer of the extrinsic: │ │ @@ -342,6 +348,10 @@ Your chain is now registered on Paseo and should produce a block! In order to validate and get your block finalised by the Relay chain, see [here](./coretime.md) how to acquire core time. +> Note: +In the examples above, you are prompted to provide a `` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts. +For production accounts and enhanced security, Pop CLI offers the `--use-wallet` option to securely sign transactions. Refer to the [Securely sign transactions from CLI guide](../securely-sign-transactions-from-cli.md) for detailed instructions. + ## Resources #### Learning Resources diff --git a/pop-cli-for-appchains/guides/securely-sign-transactions-from-cli.md b/pop-cli-for-appchains/guides/securely-sign-transactions-from-cli.md new file mode 100644 index 0000000..503d0b9 --- /dev/null +++ b/pop-cli-for-appchains/guides/securely-sign-transactions-from-cli.md @@ -0,0 +1,49 @@ +# Securely Sign Transactions from CLI +Pop CLI provides an option to securely sign transactions from the CLI. It does this by opening a signing portal allowing you +to sign the transactions using your browser extension wallet. + +## Example Usage +For a full guide on calling a chain from Pop CLI, see the [Call a Chain](./call-a-chain.md) guide. + +Normally, you would provide `--suri=` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts. +For production accounts and more secure signing, Pop CLI provides the `--use-wallet` option that you can use. + +Here is an example of calling a chain using `--use-wallet`: +```bash +pop call chain --pallet System --function remark --args "0x11" --url ws://localhost:9944/ --use-wallet --skip-confirm +``` + +This will open a signing portal in your browser. Pop CLI will display the following: +```bash +◇ Wallet signing portal started at http://127.0.0.1:9090. +│ +◒ Waiting for signature... Press Ctrl+C to terminate early. +``` + +Your browser will open a new tab with the following screen at http://127.0.0.1:9090 (or similar if the port is already in use); +

Signing Portal Initial Open

+ +Click on the `Connect Wallet` button to connect your browser extension wallet. +

Connect Wallet

+ +After connecting your wallet, you will have the option to choose your account and sign the transaction, and finally see the transaction details for signing. +

Transaction Details

+ +Once ready to sign, pressing the `Submit` button will open your wallet for signature. +> ⚠️ **It is important to verify transaction details in your wallet before signing.** + +

Opened Wallet for Signing

+ +Signing the transaction will show a success message in the portal. You may close the portal after signing. + +After the signed transaction is received, the portal will send the transaction payload to Pop CLI, which will then submit the transaction to the chain. + +```bash +◆ Signed payload received. +│ +◇ Extrinsic submitted with hash: "0x039076e2760eb1a4d41bf4daf009a0376ba128bd8c51cf365e4a5c5dee07a414" +│ +◆ Do you want to perform another call? +│ ○ Yes / ● No +└ +``` diff --git a/pop-cli-for-appchains/pop-cli/call.md b/pop-cli-for-appchains/pop-cli/call.md index 7a8b40e..306f469 100644 --- a/pop-cli-for-appchains/pop-cli/call.md +++ b/pop-cli-for-appchains/pop-cli/call.md @@ -34,10 +34,20 @@ If you already have the `SCALE`-encoded call data and want to submit the extrins pop call chain --call 0x00000411 --url ws://localhost:9944/ --suri //Alice ``` -**Additional options:** +**Wallet Signing Portal for Browser Extension Signing** +Pop CLI includes a `--use-wallet` option that opens a signing portal, allowing you to sign transactions using a browser extension wallet. +This eliminates the need to provide your account's private key directly in the command line. `--suri` can not be used with `--use-wallet`. +Example usage of `--use-wallet`: +```bash +pop call chain --call 0x00000411 --url ws://localhost:9944/ --use-wallet ``` + +### Additional options: + +``` bash pop call chain --help + Call a chain Usage: pop call chain [OPTIONS] @@ -60,6 +70,9 @@ Options: e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD" + -w, --use-wallet + Use a browser extension wallet to sign the extrinsic + -c, --call SCALE encoded bytes representing the call data of the extrinsic @@ -71,4 +84,5 @@ Options: -h, --help Print help (see a summary with '-h') + ``` diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connect-wallet.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connect-wallet.png new file mode 100644 index 0000000..4fd7f84 Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connect-wallet.png differ diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connected-wallet.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connected-wallet.png new file mode 100644 index 0000000..599423d Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connected-wallet.png differ diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/expanded-dry-run-fail.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/expanded-dry-run-fail.png new file mode 100644 index 0000000..2bb55e5 Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/expanded-dry-run-fail.png differ diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/fail-dry-run.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/fail-dry-run.png new file mode 100644 index 0000000..0d68f0f Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/fail-dry-run.png differ diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/talisman-signing.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/talisman-signing.png new file mode 100644 index 0000000..3080068 Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/talisman-signing.png differ diff --git a/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/unconnected-wallet.png b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/unconnected-wallet.png new file mode 100644 index 0000000..fb1df95 Binary files /dev/null and b/pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/unconnected-wallet.png differ diff --git a/pop-cli-for-smart-contracts/guides/securely-sign-transactions-from-cli.md b/pop-cli-for-smart-contracts/guides/securely-sign-transactions-from-cli.md new file mode 100644 index 0000000..f8364fc --- /dev/null +++ b/pop-cli-for-smart-contracts/guides/securely-sign-transactions-from-cli.md @@ -0,0 +1,54 @@ +# Securely Sign Transactions from CLI +Pop CLI provides an option to securely sign transactions from the CLI. It does this by opening a signing portal allowing you +to sign the transactions using your browser extension wallet. + +## Example Usage: Deploying a Contract +For a full guide on deploying a contract, see the [Deploy Your Contract Locally](./deploy-your-contract-locally.md) guide. + +Normally, you would provide `--suri=` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts. +For production accounts and more secure signing, Pop CLI provides the `--use-wallet` option that you can use. + +Here is an example of deploying a contract using `--use-wallet`: +```bash +pop up contract --constructor new --args false --use-wallet +``` + +This will open a signing portal in your browser. Pop CLI will display the following: +```bash +◇ Wallet signing portal started at http://127.0.0.1:9090. +│ +◒ Waiting for signature... Press Ctrl+C to terminate early. +``` + +Your browser will open a new tab with the following screen at http://127.0.0.1:9090 (or similar if the port is already in use); +

Signing Portal Initial Open

+ +Click on the `Connect Wallet` button to connect your browser extension wallet. +

Connect Wallet

+ +After connecting your wallet, you will have the option to choose your account and sign the transaction, and finally see the transaction details for signing. +Note that for contract calls, the portal will perform a dry-run to alert you if the transaction will succeed, and also estimate the gas costs. +

Transaction Details

+ +If the transaction will fail, the dry-run alert will change: +

Failing Dry Run

+ +In this case, you can expand the dry-run alert to see the error details. This example shows an error of the account not having enough funds: +

Expanded Failing Dry Run

+ +Once ready to sign, pressing the `Submit` button will open your wallet for signature. +> ⚠️ **It is important to verify transaction details in your wallet before signing.** + +

Opened Wallet for Signing

+ +Signing the transaction will show a success message in the portal. You may close the portal after signing. + +After the signed transaction is received, the portal will send the transaction payload to Pop CLI, which will then submit the transaction to the chain. + +```bash +◆ Signed payload received. +│ +◇ Contract deployed and instantiated: +● The contract address is "5F1P99TD63qZ9bnoxrK7kuzwMWuU7kKKVJJZoVKBYoVQtQeR" +● The contract code hash is "0x9e4bbfc311f58aaffb63d7570651567d40dd76f301f601a0f0a61f3204d49e5b" +``` diff --git a/pop-cli-for-smart-contracts/pop-cli/call.md b/pop-cli-for-smart-contracts/pop-cli/call.md index 9c77b4b..a708084 100644 --- a/pop-cli-for-smart-contracts/pop-cli/call.md +++ b/pop-cli-for-smart-contracts/pop-cli/call.md @@ -30,59 +30,73 @@ Example executing the `flip()` message: pop call contract -p ./my_contract --contract $INSTANTIATED_CONTRACT_ADDRESS --message flip --suri //Alice -x ``` -**Additional options:** +**Wallet Signing Portal for Browser Extension Signing** +Pop CLI includes a `--use-wallet` option that opens a signing portal, allowing you to sign transactions using a browser extension wallet. +This eliminates the need to provide your account's private key directly in the command line. `--suri` can not be used with `--use-wallet` +Example usage of `--use-wallet`: +```bash +pop call contract -p ./my_contract --use-wallet --contract $INSTANTIATED_CONTRACT_ADDRESS --message flip ``` -pop call contract --help -Call a contract +### Additional options: +```bash + +``` bash +pop call contract --help -Usage: pop call contract [OPTIONS] --contract --message --suri +Usage: pop call contract [OPTIONS] Options: -p, --path - Path to the contract build folder + Path to the contract build directory or a contract artifact - --contract + -c, --contract The address of the contract to call - + [env: CONTRACT=] -m, --message The name of the contract message to call - --args [...] - The constructor arguments, encoded as strings + -a, --args [...] + The message arguments, encoded as strings + + -v, --value + The value to be transferred as part of the call - --value - Transfers an initial balance to the instantiated contract - [default: 0] - --gas - Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the instantiation + -g, --gas + Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the call - --proof-size + -P, --proof-size Maximum proof size for this command. If not specified it will perform a dry-run to estimate the proof size required - --url + -u, --url Websocket endpoint of a node - - [default: ws://localhost:9944] - -s, --suri - Secret key URI for the account deploying the contract. - + [default: ws://localhost:9944/] + + -s, --suri + Secret key URI for the account calling the contract. + e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD" - [default: //Alice] + [default: //Alice] + + -w, --use-wallet + Use a browser extension wallet to sign the extrinsic -x, --execute Submit an extrinsic for on-chain execution - --dry-run + -D, --dry-run Perform a dry-run via RPC to estimate the gas usage. This does not submit a transaction -d, --dev Enables developer mode, bypassing certain user prompts for faster testing. Recommended for testing and local development only + + -h, --help + Print help (see a summary with '-h') ``` diff --git a/pop-cli-for-smart-contracts/pop-cli/up.md b/pop-cli-for-smart-contracts/pop-cli/up.md index 6572f0c..54996bd 100644 --- a/pop-cli-for-smart-contracts/pop-cli/up.md +++ b/pop-cli-for-smart-contracts/pop-cli/up.md @@ -14,6 +14,10 @@ To deploy (upload and instantiate) a smart contract: pop up contract -p ./my_contract --constructor new --args "false" --suri //Alice ``` +Alternatively, you can use the `--use-wallet` option for a more secure signing method: +```bash +pop up contract -p ./my_contract --constructor new --args "false" --use-wallet +``` > ℹ️ If you don't specify a live chain, `pop` will automatically spawn a local node for testing purposes. Some of the options available are: @@ -21,68 +25,71 @@ Some of the options available are: * Specify the contract `constructor` to use, which in this example is `new()`. * Specify the argument (`args`) to the constructor, which in this example is `false`. * Specify the account uploading and instantiating the contract with `--suri`, which in this example is the default development account of `//Alice`. For other accounts, the actual secret key must be provided e.g. an 0x prefixed 64 bit hex string, or the seed phrase. + * Alternatively, use the `--use-wallet` option to sign transactions using a browser extension wallet. This is more secure than providing your account's private key directly in the command line. -> ⚠️ **Use only for development**: Use a safer method of signing here before using this feature with production projects. We will be looking to provide alternative solutions in the future! +> ⚠️ **Use `--suri` only for development**: Using `--suri` should only be done with development accounts. Consider using `--use-wallet` for production accounts. * You also can specify the url of your node with `--url ws://your-endpoint`, by default it is using `ws://localhost:9944`. For more information about the options, check [cargo-contract documentation](https://github.com/paritytech/cargo-contract/blob/master/crates/extrinsics/README.md#instantiate). +### Additional options: - -**Additional options:** - -``` +``` bash pop up contract --help -Deploy a smart contract to a node - Usage: pop up contract [OPTIONS] Options: -p, --path - Path to the contract build folder + Path to the contract build directory - --constructor + -c, --constructor The name of the contract constructor to call [default: new] - --args [...] + -a, --args [...] The constructor arguments, encoded as strings - --value + -v, --value Transfers an initial balance to the instantiated contract [default: 0] - --gas + -g, --gas Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the instantiation - --proof-size + -P, --proof-size Maximum proof size for the instantiation. If not specified it will perform a dry-run to estimate the proof size required - --salt + -S, --salt A salt used in the address derivation of the new contract. Use to create multiple instances of the same contract code from the same account - --url - Websocket endpoint of a node + -u, --url + Websocket endpoint of a chain - [default: ws://localhost:9944] + [default: ws://localhost:9944/] - -s, --suri + -s, --suri Secret key URI for the account deploying the contract. e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD" [default: //Alice] - --dry-run + -w, --use-wallet + Use your browser wallet to sign a transaction + + -D, --dry-run Perform a dry-run via RPC to estimate the gas usage. This does not submit a transaction - -u, --upload-only + -U, --upload-only Uploads the contract only, without instantiation -y, --skip-confirm - Before start a local node, do not ask the user for confirmation + Automatically source or update the needed binary required without prompting for confirmation + + -h, --help + Print help (see a summary with '-h') ```