1/ Imagine a single leaked private key costing your project millions. Every smart contract dev has dropped one as plaintext into an .env file at some point. We see you 👀 It’s easy, but extremely risky. The keystore plugin by @NomicFoundation encrypts secrets in Hardhat projects, so you avoid leaks and accidental exposure. Here’s a full guide to set it up using Neon’s projects.

2/ Plaintext credential storage is the leading vulnerability in blockchain development. It opens the door to accidental leaks, malicious access, and eventual loss of funds. In 2024 alone, $2.2B was stolen across 303 hacks - the most ever recorded. @chainalysis reports that 43.8% of that came from private key leaks.

3/ When you add a private key to a .env file, you’re exposed to: - Git leaks from accidental commits - Process exposure via subprocesses or plugins - Team misuse through shared files - Malware reading the file and extracting credentials Not ideal, right?

4/ The Hardhat Keystore plugin solves this with encrypted, password-protected storage. It: - Encrypts private keys with a secure password - Stores only the encrypted keystore files in your project directory - Decrypts at runtime only - never touches disk or memory logs We use it in Neon’s projects, where secure key handling is a must.

5/ Switching to keystore-based encryption reduces your attack surface and aligns with security best practices. 📝 This article shows you how to set it up and use it in a Neon project. Check it out!