For developing on localnear, contracts and sub-accounts need to be deployed and created programmatically
The localnear deployment script does output the test.near public and private key, however, this workflow is different than the typical seed-phrase driven workflow, and it's also helpful to login to the wallet and see the root account's current state
Is the seed phrase for the root account (i.e. test.near) documented somewhere?
There is now a static account and details are logged in the Github Readme
It doesn't yet document the seed phrase, but the private key is there
Related
I'm setting up a new Near account, and I want to use its keys to sign a message in an app I'm building. How can I do this?
I used the wallet.nearprotocol.com page to create an account. Then, I used nearlib to connect to the testnet, and verify the account's balance and public keys.
But I couldn't find a way to add the account into the localStorage key store or otherwise access a method to sign a message. Nor could I find a wallet plugin or extension that would provide me access.
Generally the idea is that you never transfer given private key between 2 devices / security contexts.
So normally instead of getting private key out of wallet you just want to generate new key pair and request wallet to add public key.
https://github.com/nearprotocol/nearlib/blob/master/src.ts/wallet-account.ts provides relatively easy way to do it for webapp.
Note that it limits access to a give contract ID, so if you need unrestricted access you basically just need to omit contractId.
See examples at https://near.dev/ for WalletAccount usage.
So the masterAccount parameter has this description within the docs
--masterAccount Account used to create requested account. [string] [required]
I have a few questions here:
1) If I need an account, to create an account, how am I supposed to make the original account?
2) It does not ask for the master account private key to sign the transaction, if the goal is that the master account "pays" for the creation of the specified account, then where do I sign the transaction with my private key? Perhaps I'm not far enough in the process but from the parameters I see no place to specify the publicKey to sign
1) You can create original account in the web wallet for necessary network, e.g. https://wallet.testnet.nearprotocol.com/
2) The private key to sign transaction is taken from a key file for given account. It's inside network's subfolder of ./neardev/ folder currently used for key storage.
For example neardev/shared-test/generate-key-test.json contains key for generate-key-test account on shared-test network.
On which to automatically add the Forge servers public key? From the Forge account meta tab:
Typically, this key will automatically be added to GitHub or
Bitbucket. However, if you need to add it to a service manually, you
may copy it from here.
Typically, this is true. Our question is: How does Forge determine which user account gets the key?
We have several developers / user accounts on a single Github team. We'd like to configure a particular (machine) user to get all the Forge keys.
The user that connects/grants permissions to the forge account to their github/bitbucket account is where the key gets added.
With Google service accounts, Google generates the public/private key pair associated with the service account and passes that along to the end user who wants to make API calls. And its up to the end user to keep the keys safe. Is it possible to generate a service account and an associated client, but provide a certificate that Google can use to validate the service account client making the request? The problem I'm trying to solve is not to exchange any private keys.
Also is it possible to scope the users a service account has access to? For example if I wanted to create a service account that only has impersonation api access rights on a sub set of users on the Google domain. From what I've read if you create a service account with domain wide delegation, the service account has impersonation api rights for ALL users on the domain.
No, you cannot associate service account and provide a certificate to validate the client request. As stated here a service account's credentials is unique and at least one public or private key pair. To generate service account credentials, go to Google Developers Console. In the Create service account window, type a name for the service account and select Furnish a new private key. Your private/public key pair is generated and download to your machine. It serves as the only copy of this key. You are responsible for storing it securely. For more details about service account credentials in the Developers Console, see Service account in the Developers Console help file.
Concerning private cache when using Google Apps Script the documentation says:
"Private caches are private to the current active user and script. They can be used to store information specific to that user."
My question is how is the user defined when using private cache in Google Apps Script?
just wrote an script that relied on the private cache service, and deployed it to execute it as myself while open to anyone (even anonymous) as a Web app. My understanding of is that widgets on Google Sites are essentially Web apps. I confirmed that when a script is deployed to execute as you (the owner), you are the "effective" user. However, the individual using the app (anonymous or not) is the active user. All active users gets their own private cache for that app, even if they're not the effective user. Here's the script I ran:
Name Your Stooges
If you had access to my private cache, you'd see my three stooges when you started the app (Anabel, Leopold, Walt), as well as my email address. But since it's a private cache, you won't: you'll have your own.