# Deployment Credentials Guide ## Overview This guide covers all required credentials and environment variables for deploying the contracts. ## Required Environment Variables ### 1. Deployer Configuration #### PRIVATE_KEY (Required) - **Description**: Private key of the deployer account (without 0x prefix) - **Usage**: Used by all deployment scripts - **Security**: NEVER commit to version control - **Example**: `PRIVATE_KEY=your_private_key_here` ### 2. CCIP Configuration #### CCIP_ROUTER (Required) - **Description**: CCIP Router address on your chain - **Usage**: Used by CCIP bridge deployment scripts - **Example**: `CCIP_ROUTER=0x0000000000000000000000000000000000000000` #### CCIP_FEE_TOKEN (Required) - **Description**: LINK token address for paying CCIP fees - **Usage**: Used by CCIP bridge deployment scripts - **Example**: `CCIP_FEE_TOKEN=0x0000000000000000000000000000000000000000` ### 3. WETH Configuration (Optional) #### WETH9_ADDRESS (Optional) - **Description**: WETH9 contract address (if not deploying new one) - **Usage**: Used by CCIPWETH9Bridge deployment script - **Example**: `WETH9_ADDRESS=0x0000000000000000000000000000000000000000` #### WETH10_ADDRESS (Optional) - **Description**: WETH10 contract address (if not deploying new one) - **Usage**: Used by CCIPWETH10Bridge deployment script - **Example**: `WETH10_ADDRESS=0x0000000000000000000000000000000000000000` ### 4. Deployment Flags (Optional) #### DEPLOY_WETH9 (Optional) - **Description**: Set to `true` to deploy WETH9 - **Usage**: Used by DeployWETHWithCCIP script - **Example**: `DEPLOY_WETH9=true` #### DEPLOY_WETH10 (Optional) - **Description**: Set to `true` to deploy WETH10 - **Usage**: Used by DeployWETHWithCCIP script - **Example**: `DEPLOY_WETH10=true` #### DEPLOY_BRIDGES (Optional) - **Description**: Set to `true` to deploy CCIP bridges - **Usage**: Used by DeployWETHWithCCIP script - **Example**: `DEPLOY_BRIDGES=true` ### 5. Oracle Configuration (Optional) #### ORACLE_DESCRIPTION (Optional) - **Description**: Oracle description (e.g., "ETH/USD Price Feed") - **Usage**: Used by DeployOracle script - **Default**: `ETH/USD Price Feed` - **Example**: `ORACLE_DESCRIPTION=ETH/USD Price Feed` #### ORACLE_HEARTBEAT (Optional) - **Description**: Oracle heartbeat in seconds - **Usage**: Used by DeployOracle script - **Default**: `60` - **Example**: `ORACLE_HEARTBEAT=60` #### ORACLE_DEVIATION_THRESHOLD (Optional) - **Description**: Oracle deviation threshold in basis points - **Usage**: Used by DeployOracle script - **Default**: `50` (0.5%) - **Example**: `ORACLE_DEVIATION_THRESHOLD=50` ### 6. MultiSig Configuration (Optional) #### MULTISIG_OWNER_1 (Optional) - **Description**: MultiSig owner address 1 - **Usage**: Used by DeployMultiSig script - **Example**: `MULTISIG_OWNER_1=0x0000000000000000000000000000000000000001` #### MULTISIG_OWNER_2 (Optional) - **Description**: MultiSig owner address 2 - **Usage**: Used by DeployMultiSig script - **Example**: `MULTISIG_OWNER_2=0x0000000000000000000000000000000000000002` #### MULTISIG_OWNER_3 (Optional) - **Description**: MultiSig owner address 3 - **Usage**: Used by DeployMultiSig script - **Example**: `MULTISIG_OWNER_3=0x0000000000000000000000000000000000000003` #### MULTISIG_REQUIRED (Optional) - **Description**: Number of required signatures (must be <= number of owners) - **Usage**: Used by DeployMultiSig script - **Example**: `MULTISIG_REQUIRED=2` ### 7. RPC Configuration (Optional) #### RPC_URL (Optional) - **Description**: RPC URL for deployment - **Usage**: Used by all deployment scripts - **Default**: `http://localhost:8545` - **Example**: `RPC_URL=http://localhost:8545` #### CHAIN_ID (Optional) - **Description**: Chain ID - **Usage**: Used for chain verification - **Default**: `138` - **Example**: `CHAIN_ID=138` ### 8. Verification Configuration (Optional) #### ETHERSCAN_API_KEY (Optional) - **Description**: Etherscan API key for contract verification - **Usage**: Used for contract verification on Etherscan - **Example**: `ETHERSCAN_API_KEY=your_etherscan_api_key_here` #### BLOCKSCOUT_API_KEY (Optional) - **Description**: Blockscout API key for contract verification - **Usage**: Used for contract verification on Blockscout - **Example**: `BLOCKSCOUT_API_KEY=your_blockscout_api_key_here` ## Setup Instructions ### 1. Create .env File ```bash # Copy example file cp .env.example .env # Edit .env file with your values nano .env ``` ### 2. Configure Variables Fill in the required variables in `.env`: ```bash # Deployer private key (required) PRIVATE_KEY=your_private_key_here # CCIP Router address (required) CCIP_ROUTER=0x... # LINK token address (required) CCIP_FEE_TOKEN=0x... # Deployment flags (optional) DEPLOY_WETH9=true DEPLOY_WETH10=true DEPLOY_BRIDGES=true ``` ### 3. Verify Configuration ```bash # Check if variables are set source .env echo $PRIVATE_KEY echo $CCIP_ROUTER echo $CCIP_FEE_TOKEN ``` ### 4. Test Configuration ```bash # Test deployment script (dry run) forge script script/DeployWETH.s.sol:DeployWETH --rpc-url $RPC_URL -vvvv ``` ## Security Best Practices ### 1. Private Key Management - **Never commit .env to version control** - Use environment variables in production - Use hardware wallets for production deployments - Rotate private keys regularly - Store sensitive credentials in Azure Key Vault or similar ### 2. Environment Variables - Use separate .env files for different environments (dev, staging, production) - Never hardcode credentials in code - Use secure key management services - Rotate credentials regularly ### 3. Access Control - Limit access to .env files - Use least privilege principle - Monitor access to sensitive credentials - Use multi-factor authentication ## Deployment Scripts ### Scripts Requiring PRIVATE_KEY - `Deploy.s.sol` - Main deployment script - `DeployWETH.s.sol` - WETH deployment - `DeployWETH10.s.sol` - WETH10 deployment - `DeployCCIPWETH9Bridge.s.sol` - CCIPWETH9Bridge deployment - `DeployCCIPWETH10Bridge.s.sol` - CCIPWETH10Bridge deployment - `DeployWETHWithCCIP.s.sol` - Combined WETH + CCIP deployment - `DeployOracle.s.sol` - Oracle deployment - `DeployMulticall.s.sol` - Multicall deployment - `DeployMultiSig.s.sol` - MultiSig deployment ### Scripts Requiring Additional Variables - `DeployCCIPWETH9Bridge.s.sol` - Requires CCIP_ROUTER, WETH9_ADDRESS, CCIP_FEE_TOKEN - `DeployCCIPWETH10Bridge.s.sol` - Requires CCIP_ROUTER, WETH10_ADDRESS, CCIP_FEE_TOKEN - `DeployWETHWithCCIP.s.sol` - Requires CCIP_ROUTER, CCIP_FEE_TOKEN, DEPLOY_WETH9, DEPLOY_WETH10, DEPLOY_BRIDGES - `DeployMultiSig.s.sol` - Requires MULTISIG_OWNER_1, MULTISIG_OWNER_2, MULTISIG_OWNER_3, MULTISIG_REQUIRED ## Testing ### Test Configuration Tests don't require environment variables - they use mock contracts and test fixtures. ### Running Tests ```bash # Run all tests forge test # Run specific test forge test --match-test testSendCrossChain # Run with verbose output forge test -vvvv ``` ## Troubleshooting ### Common Issues 1. **Missing Environment Variables** - Error: `Error: Missing environment variable: PRIVATE_KEY` - Solution: Create .env file and set PRIVATE_KEY 2. **Invalid Private Key** - Error: `Error: Invalid private key format` - Solution: Ensure private key is hex format without 0x prefix 3. **Invalid Address** - Error: `Error: Invalid address format` - Solution: Ensure addresses are valid Ethereum addresses 4. **Missing CCIP Router** - Error: `Error: CCIP_ROUTER not set` - Solution: Set CCIP_ROUTER in .env file 5. **Missing Fee Token** - Error: `Error: CCIP_FEE_TOKEN not set` - Solution: Set CCIP_FEE_TOKEN in .env file ## References - [Foundry Documentation](https://book.getfoundry.sh/) - [Chainlink CCIP Documentation](https://docs.chain.link/ccip) - [WETH Deployment Guide](docs/WETH_CCIP_DEPLOYMENT.md) - [Contract Deployment Environment Setup](../configuration/CONTRACT_DEPLOYMENT_ENV_SETUP.md) - [Azure/Cloudflare Environment Setup](../configuration/AZURE_CLOUDFLARE_ENV_SETUP.md)