Doppler Blog Crash course in Web3 Application Development with Python

In the world of cryptocurrency, private keys are king. Mathematical mechanics treat correctly signed transactions as valid regardless of intent, which makes account keys and passphrases a particularly lucrative target for malicious actors. While end-user best practices for securing keys tend to be plentiful, the development side of blockchain work takes place amid a sea of API tokens, key files, and service credentials that can sprawl out of control if not managed correctly.Ensuring that these sensitive values remain secure is critical and outdated solutions such as .env files are no longer sufficient.This tutorial will start from the basics of interacting with blockchain APIs from joining as a peer upwards. There are numerous third-party services and APIs that sit atop various blockchains, but establishing secure management practices for primitives such as private keys is fundamental.No prior experience interacting with blockchain or web3 services is assumed, and we'll use a testnet in order to limit the potential exposure of sensitive information. Doppler will be used to store and retrieve credentials associated with private key material, which is a secure and convenient way to manage secrets without the risks of storing them on disk in unencrypted text files.Before downloading any programs or generating account keys, there are a few concepts to establish heading into the unique paradigms that accompany working with web3 networks.While plenty of unique blockchains and products abound in the web3 space, this guide will focus on the Ethereum blockchain, which is one of the more commonly used networks. Like most cryptocurrency blockchains, Ethereum operates in a decentralized way with a vast network of computers that can be interacted with as a peer. However, any sort of operation that requires some proof of ownership, e.g. signing a transaction, does require the authoritative stamp of a private key.This is the core of how the network operates, which makes the method of communication and management of privileged information a chief concern.This tutorial will follow a basic outline to work directly with the Ethereum blockchain and its API:Connecting to the testnetGenerating and securing public keysReceiving tokensSending tokens securelyLet's begin!A Chain PrimerWhen choosing how to connect to the Ethereum blockchain, there are two general approaches, each with distinct advantages and disadvantages.The first is by connecting to a third-party API that serves as a frontend to low-level blockchain network protocols. Services like Infura offer a web-based JSON RPC API, which is widely compatible with a range of libraries and languages and allows developers to interact with the blockchain without downloading the entire ledger, which can take up significant compute resources and disk space (around 500GB at the time of this writing).Using a third-party API means that your code can run from a variety of environments without being tethered to a running node and the accompanying resource requirements that are necessary. The downside to this approach is reliance upon a third party when one of the core advantages of blockchain technology is decentralisation. Routing communication with the aid of an intermediary party is convenient, but means that clients must trust the provider and are subject to the inherent properties of using a hosted API instead of communicating directly via peer protocols (such as availability and uptime). These tradeoffs are often the right choice, but are tradeoffs nonetheless.The second approach is to run a native node to communicate to the chosen blockchain directly. As previously mentioned, there are significant computational costs involved, but this means that the client speaks directly to the chosen peer network which brings with it benefits like smaller risk exposure, high availability of the decentralised network, and the ability to self-validate the ledger.There are additional considerations to take into account when operating a dedicated node, such as choosing whether to download the entire ledger during the initial loading process or instead electing a more lightweight method that incurs a smaller disk usage cost.This guide will opt for the self-hosted node technique, though in practice, either approach is a reasonable choice.Finally, a node operator must select which network to connect to when initialising their connection.Normally, users will choose to connect to the live, "production" chain when interacting with a public ledger, but during local development and testing, a testnet is a better choice. In addition to less traffic (resulting in smaller ledgers and transaction costs), acquiring tokens to send and receive is usually free and does not require any initial funds. This is a significant advantage when sending and receiving tokens without risk of making mistakes that could incur significant consequences.First StepsWe'll use geth (Go Ethereum) to connect to the Ethereum network, which is a golang implementation that can function not only as a client but a fully featured node as well.First, follow the instructions for installing geth for your operating system. Once installed, the geth command should be available from the terminal.geth version Geth Version: 1.10.17-stable Architecture: amd64 Go Version: go1.16.13 Operating System: linux GOPATH= GOROOT=/nix/store/j1x3cy8g2cqcr54rg98gw0mdc28jlyc8-go-1.16.13/share/goThe command-line flags passed to the geth CLI dictate which network it will connect to. There are a number of testnets within the Ethereum network to choose from, and this guide will use the Goerli proof-of-authority network as its newer than some of the others, and is not coupled with the computationally-expensive proof-of-work networks.The --syncmode flag controls the method that geth will use when downloading the historical ledger of the blockchain. On one end of the extreme, the full method will download the entirety of the blockchain ledger which includes all the relevant transactional data. On the other, the light method will only fetch recent block headers and retrieve other information on-demand. When communicating with the production Ethereum network, the full method offers the most comprehensive assurance that the local copy of blockchain data is valid and legitimate. However, in this exploratory case on a testnet, the light method is sufficient.Begin the geth process in a background terminal on your machine. The initial syncing process will take time, but using the light method on the goerli testnet will not use excessive space (at the time of this writing, the entirety of the chain requires about 500MB of disk space). The following command will store the Goerli chain data in the ~/.goerli directory:geth --syncmode light --datadir ~/.goerli --goerli INFO [04-05|15:54:49.916] Starting Geth on Grli testnet... ...After some time, the daemon will stop importing historical blocks and the latest blocks will be available.The logging output from geth will include the age of a block when performing initial synchronisation. When you see blocks being imported with output such as age=4m04w1d, this indicates old blocks being retrieved to construct the local chain. Once older blocks stop appearing, this indicates that the initial synchronisation is complete.You can continue with the rest of this guide while the blockchain synchronises; full synchronisation will only be necessary once we reach the portion that covers transactions.Accounts and KeysAt the beginning of this guide, we spoke at length about the importance of keys when interacting with the blockchain.Public-key cryptography forms the backbone of the cryptographic methods for forming and authenticating transactions on public ledgers. Private keys prove ownership of public addresses and sign transactions to send tokens to other public addresses.While high-level, user-facing cryptocurrency applications may leverage account information for wallets in the form of traditional username/password combinations, the core values that comprise an "account" on a blockchain like Ethereum is a cryptographic key - tokens belong to an addressed coupled to a private key. The geth CLI includes utilities to generate keys, which it calls an account.To begin, create a new account. Remember that this "account" is really a locally encrypted file and not an account that can be "logged into" from another machine - if you are using an account tied to a production blockchain, it's critical to ensure that this account is secured by a strong passphrase backed up regularly.In our case, the local account and keypair will be associated with a testnet, but we'll still use best practices for managing the passphrase by storing it in encrypted secrets store (Doppler) and treat the account as sensitive. Because the running geth process is active, we'll connect to the running daemon via attach instead of using the geth account subcommand.Enter the geth console:geth --datadir ~/.goerli attachYou'll be greeted by the command prompt for geth javascript commands.Welcome to the Geth JavaScript console! instance: Geth/v1.10.17-stable/linux-amd64/go1.16.13 at block: 6664849 (Tue Apr 05 2022 17:34:43 GMT-0600 (MDT)) datadir: /home/yourname/.goerli modules: admin:1.0 clique:1.0 debug:1.0 eth:1.0 les:1.0 net:1.0 personal:1.0 rpc:1.0 txpool:1.0 vflux:1.0 web3:1.0 To exit, press ctrl-d or type exit > To create a new account, run the following command where you'll be asked to enter a passphrase:personal.newAccount()After following the prompts, geth will create a keypair within the ~/.goerli/keystore/ directory. You can view the public address of this account at any time by using the following command from the geth console:personal.listAccountsAt this point, your local machine will have a light copy of the Ethereum Goerli testnet blockchain and a keypair ready to send and receive tokens. Let's begin working with transactions!Interacting with the BlockchainA simple task t