Skip to content

Prevent STELLAR_SIGN_WITH_KEY from showing up on stellar env.#2408

Merged
fnando merged 2 commits into
mainfrom
stellar-env-sign-with-key
Feb 20, 2026
Merged

Prevent STELLAR_SIGN_WITH_KEY from showing up on stellar env.#2408
fnando merged 2 commits into
mainfrom
stellar-env-sign-with-key

Conversation

@fnando
Copy link
Copy Markdown
Member

@fnando fnando commented Feb 20, 2026

What

Prevent STELLAR_SIGN_WITH_KEY from showing up on stellar env.

Before:

$ STELLAR_SIGN_WITH_KEY=foo STELLAR_SECRET_KEY=bar stellar env
STELLAR_ACCOUNT=default   # use
STELLAR_NETWORK=local     # use
STELLAR_SIGN_WITH_KEY=foo # env

After:

$ STELLAR_SIGN_WITH_KEY=foo STELLAR_SECRET_KEY=bar stellar env
STELLAR_ACCOUNT=default # use
STELLAR_NETWORK=local   # use

Why

STELLAR_SIGN_WITH_KEY can also contain a secret key.

Known limitations

N/A

Copilot AI review requested due to automatic review settings February 20, 2026 18:15
@github-project-automation github-project-automation Bot moved this to Backlog (Not Ready) in DevX Feb 20, 2026
@fnando fnando requested review from leighmcculloch and mootz12 and removed request for Copilot February 20, 2026 18:15
@fnando fnando enabled auto-merge (squash) February 20, 2026 18:52
Copilot AI review requested due to automatic review settings February 20, 2026 21:57
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security concern by preventing STELLAR_SIGN_WITH_KEY from being displayed when running the stellar env command, since this environment variable can contain secret keys. The fix follows the same pattern already established for STELLAR_SECRET_KEY.

Changes:

  • Removed SIGN_WITH_KEY from the public environment variables list to prevent it from being displayed by stellar env
  • Manually added SIGN_WITH_KEY to the backwards compatibility mapping (SOROBAN_* to STELLAR_*) to maintain functionality
  • Added comprehensive test coverage for both STELLAR_SECRET_KEY and STELLAR_SIGN_WITH_KEY to verify they are properly excluded from the env command output

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
cmd/soroban-cli/src/env_vars.rs Removed SIGN_WITH_KEY from the unprefixed environment variables list that gets displayed
cmd/soroban-cli/src/cli.rs Added SIGN_WITH_KEY to the manual list for backwards compatibility mapping while preventing display
cmd/crates/soroban-test/tests/it/config.rs Added PredicateBooleanExt import and two test cases to verify SECRET_KEY and SIGN_WITH_KEY are not displayed in env output

Comment thread cmd/crates/soroban-test/tests/it/config.rs
@fnando fnando merged commit 9e2c7c8 into main Feb 20, 2026
36 checks passed
@fnando fnando deleted the stellar-env-sign-with-key branch February 20, 2026 22:12
@github-project-automation github-project-automation Bot moved this from Backlog (Not Ready) to Done in DevX Feb 20, 2026
@BrewTestBot BrewTestBot mentioned this pull request Mar 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mootz12 mootz12 mootz12 approved these changes

@leighmcculloch leighmcculloch Awaiting requested review from leighmcculloch

Assignees

No one assigned

Labels

claude-code-assisted

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fnando @mootz12