Using Encrypted Private Key File

Learn to use private key in the encrypted file

Instead of writing private key directly in the script and passing private key directly to your deployment, you can hide our private key in an encrypted file. To unlock the encrypted file, you can use password that you can write in a settings file or you can password on-demand just before you deploy our blockchain application.

After you initialize the directory, you will get the file.

auth = {
    "development": {
        #"private_key": os.environ("MY_PRIVATE_KEY")
        "password": "password_to_unlock_keyfile",
        "keyfile": "keyfile.json"

You can put private key directly in this settings file or you can use password and the encrypted file which we will call it as keyfile. So fill the "password" and "keyfile" field. Then how do we get the keyfile? You can encrypt the private key to keyfile with Mamba cli application.

$ mamba keyfile --keyfile_mode encrypt --keyfile_file keyfile.json --keyfile_private_key 0bf89b27648bd7fb6ed5478a9865a05968f14b3644153adaa7d603f755a436f5 --keyfile_password password123

You can take a look at the keyfile.json.

{"address": "49dff23da6518ad602f6a4d261f6a41e7fdf7ec6", "crypto": {"cipher": "aes-128-ctr", "cipherparams": {"iv": "a532f90aac7dc4f6adb8afe4298611d5"}, "ciphertext": "acf5e10d8aaf2bfc479752adda0ea57f48a2fc2306a5c937eb1ed0b883e4d6de", "kdf": "pbkdf2", "kdfparams": {"c": 1000000, "dklen": 32, "prf": "hmac-sha256", "salt": "bcc92c185b230d77bbe8d4862aadec18"}, "mac": "66ffbba3f6c58b55fc58d64155d3a58d0a4daf85d1838743677495cb7e70d314"}, "id": "e6eececf-8b13-4765-a047-5a979235b5b0", "version": 3}

You can peek the private key from this file.

$ mamba keyfile --keyfile_mode decrypt --keyfile_file keyfile.json --keyfile_password password123

Let's take a look at our migration script, which is located in migrations folder. But first you need to compile your Vyper source code first. If your smart contract's name is HelloWorld, your migration script is migrations/

from sys import path
from os import getcwd

from black_mamba.deploy import DeployContract
from black_mamba.auth import Authentication

import settings
auth = settings.auth
development_auth = auth["development"]

keyfile = development_auth["keyfile"]
password = development_auth["password"]

private_key = Authentication.get_private_key_from_keyfile_by_explicit_password(keyfile, password)
# private_key = Authentication.get_private_key_from_keyfile_by_asking_password(keyfile)
# private_key = development_auth["private_key"]

deploy_contract_instance = DeployContract()
parameters = []
tx_params = {{ "from": "" }}

deploy_contract_instance.deploy_contract("{smart_contract_name}", parameters, tx_params, private_key)

You have three options on how you want to proceed with the migration. You could use the keyfile and the explicit password. You could use the keyfile and ask the password on-demand. Lastly, you could set the private key directly.