Starkli uses "signers" to sign transactions. Technically speaking, a signer can be anything that can provide valid signatures for transactions. In practice, the following signer types are currently supported:
More signer types will be supported as they become available. As of this writing, the most secure signer type is encrypted keystores.
Signers can be created and managed through the
starkli signer command.
Encrypted keystores are JSON files that follow the Web3 secret storage definition. A password must be supplied to create a keystore, and is required for subsequently using the keystore.
Keystores are encrypted, but they're only as secure as the password you used to create them.
To create a fresh keystore from scratch:
starkli signer keystore new /path/to/keystore
and a keystore file will be created at
You can then use it via the
--keystore <PATH> option for commands expecting a signer.
Alternatively, you can set the
STARKNET_KEYSTORE environment variable to make command invocations easier:
STARKNET_KEYSTOREis set, it would be ignored by Starkli when any other signer option is supplied via the command line, including using the
Using plain text private keys is highly insecure. Never use this for production.
Plain text private keys are only intended to be used for development purposes, where security of keys does not matter. To generate a private key, run the command:
starkli signer gen-keypair
For commands that expect a signer, you can then use the
--private-key <KEY> option. Alternatively, you can set the
STARKNET_PRIVATE_KEY environment variable to make command invocations easier.
Starkli shows a warning when you use plain-text private keys. If you know what you're doing, you can suppress this warning by setting the
STARKLI_NO_PLAIN_KEY_WARNINGto anything but