Don't overlook the .env file: A critical security measure in your Hardhat project.

Nwokocha EmekaNwokocha Emeka
5 min read

Table of contents

Introduction

Working on a hardhat project? You should put security first because you'll be working with valuables items.

It takes security expertise to work on a hardhat project because you need to protect your assets from dangers.. The Blockchain is a decentralized financial system in which everything is visible and everyone with access to a person's wallet address may examine that person's activities. Because the blockchain is decentralized, anyone with your private keys or seed phrase can access your wallet and do away with every valuable assets.

This article provide security precautions to take and the significance of the env file in your Hardhat project due to recent rise in cybercrime.

What is Environment Variable

A variable is a symbol that denotes an integer, a string, or a bool value.

Let num = 5;

In the sample code above, num is a variable used to represent the value 5.

An environment variable is a variable whose value is set externally rather than inside the program in order to guarantee security exclusively for you, the program's owner or developer.

The environment variable helps to keep crucial variables hidden from the general public. When submitting your code to GitHub, presenting to your buddy, or documenting your learning, the env file helps safeguard crucial variables from the public.

What is Hardhat

Hardhat is an ethereum development environment for professionals. It makes it easier to carry out routine tasks like running tests, automatically verifying code for errors, or communicating with smart contracts.

Hardhat provides a platform for developers to work with smart contracts locally. You can deploy, check, and debug your smart contract using hardhat without using an online IDE.

Hardhat includes pre-installed dependencies such as hardhat-network, hardhat-ethers, hardhat-waffle and hardhat-etherscan, all this aid in the development process.

Prerequisites

  • JavaScript knowledge

  • Basic Hardhat knowledge

  • Have NodeJs installed

About our sample Hardhat project

This project aims to establish a secure environment for variables. In your Hardhat environment, you will utilize the variable's symbol rather than its value whenever it is required.

As a project for this article, you will create a hardhat environment. The sample JavaScript and smart contract code inside the Hardhat environment is what you are going to use. This code is generated automatically after installation.

In your Hardhat environment, the hardhat.config.js file require your increased attention.

Installation

Create a directory, name it what ever you like. I will name mine env-hardhat. Use the command line below to create a new directory.

mkdir env-hardhat

cd into the the new directory

cd env-hardhat

Create an npm workspace configuration inside the env-hardhat directory using the command below :

npm init

Install hardhat locally using the command :

npm install --save-dev hardhat

Startup your hardhat project using the command :

npx hardhat

A prompt will pop up after running the command above, select create a JavaScript project.

Create a JavaScript project will populate your hardhat environment with sample JavaScript code which we are going to use in the cause of this article.

$ npx hardhat
888    888                      888 888               888
888    888                      888 888               888
888    888                      888 888               888
8888888888  8888b.  888d888 .d88888 88888b.   8888b.  888888
888    888     "88b 888P"  d88" 888 888 "88b     "88b 888
888    888 .d888888 888    888  888 888  888 .d888888 888
888    888 888  888 888    Y88b 888 888  888 888  888 Y88b.
888    888 "Y888888 888     "Y88888 888  888 "Y888888  "Y888

👷 Welcome to Hardhat v2.9.9 👷‍

? What do you want to do? …
  Create a JavaScript project
  Create a TypeScript project
❯ Create an empty hardhat.config.js
  Quit

Creating our environment variable

To use an environment variable in our project we have to install dotenv using the command :

npm install --save-dev dotenv

In the root of your env-hardhat directory, create a new file. As seen in the code snippet below, we keep important variables within a new file with the filename ".env".

Replace the variables below with your own private key and API key.

ALCHEMY_API_KEY=U0W03eNiS86UBvQhRQD7Zlmz_0IEmmHd

GOERLI_PRIVATE_KEY=0x775fa7f5934b36b7d69aa91c91019b2d64906186643ec47e5f5c58205812bb50

Using the .env variables in our hardhat.config.js file

Firstly, import the dotenv we installed previously into your hardhat.config.js file as shown in the second line of the code snippet below.

Instead of directly entering your private or API key into the code, you will call the variable from the .env file by using the command process.env.(variable name).

require("@nomicfoundation/hardhat-toolbox");
require('dotenv').config();


// Go to https://www.alchemyapi.io, sign up, create
// a new App in its dashboard, and replace "KEY" with its key
const ALCHEMY_API_KEY = process.env.ALCHEMY_API_KEY;

// Replace this private key with your Goerli account private key
// To export your private key from Metamask, open Metamask and
// go to Account Details > Export Private Key
// Beware: NEVER put real Ether into testing accounts
const GOERLI_PRIVATE_KEY = process.env.GOERLI_PRIVATE_KEY;

module.exports = {
  solidity: "0.8.9",
  networks: {
    goerli: {
      url: `https://eth-goerli.alchemyapi.io/v2/${ALCHEMY_API_KEY}`,
      accounts: [GOERLI_PRIVATE_KEY]
    }
  }
};

The code snippet above shows how to declare variables by calling the Goerli private key and the Alchemy API key into the hardhat.config.js file from the .env file.

Before pushing your code to GitHub

The following should be done before pushing your code to GitHub :

  1. Add the .env to your gitignore file to avoid pushing it with rest of the code to GitHub.

  2. Create a new file .env.sample at the root of your env-hardhat directory. You must include a sample .env file since the .env file won't be published to GitHub, which makes it necessary to explain your goals to anybody who clones your code from GitHub. The .env.sample file needs to have the following example variable:

  3.      ALCHEMY_API_KEY = [YOUR ALCHEMY API KEY]

     GOERLI_PRIVATE_KEY = [YOUR GOERLI PRIVATE KEY]

Conclusion

By structuring your project in this way, you can conceal important elements from the general audience. As you can see, importing variables from an environment variable is safer than adding them directly to your code.

To understand more about working with and deploying a smart contract, visit the Hardhat doc.

0
Subscribe to my newsletter

Read articles from Nwokocha Emeka directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Hardhat smart-contract .Env web3 Blockchain environment-variable

Written by

Nwokocha Emeka
Nwokocha Emeka

I am a Web3 Full-Stack Developer with 2 years experience in NFT contract deployment, Art Engine, ER721 Tokens, and Dapps. Experienced with all stages of the development cycle for dynamic web development and in the creation of decentralized app projects. A technical writer who takes pleasure in decomposing complicated subjects into understandable chunks.