Hiding sensitive data
There are cases where developers need to store sensitive information in their bot (e.g. some API key) or just hide their bot code from the public. While Forta does not currently support storage of secrets (since all bot images are stored in a public repository), developers can still use code obfuscation as a way to hide sensitive data.
It should be noted that obfuscation is not the same as encryption, and that obfuscation can potentially be reversed with enough effort. With this in mind, we do not recommend storing high-value secrets in your bots i.e. private keys with lots of funds. However, secrets that can be easily replaced can still be obfuscated (e.g. Etherscan API key). The goal is to deter the average person from opening up your bot image and copy/pasting your secrets.
npm run obfuscate. The script in package.json will look like:
It is recommended to obfuscate before building your bot image so that you can verify the results of the obfuscation and make sure it meets your expectations. You can also try running the obfuscated code to verify that it still works by moving the obfuscated files over to the src folder. Please note that the
The obfuscation-config.js contains a number of settings for manipulating the code. You may want to tweak these settings in order to further obfuscate your code. There are a few preset options you can experiment with to achieve your desired level of obfuscation. Keep in mind that there will be a tradeoff between obfuscation and performance when tweaking these settings.
Be careful if tweaking the obfuscation-config.js settings, as some of the options could potentially break your code. For example, the
selfDefending option will prevent your code from running if it is formatted in any way after being obfuscated. See the complete list of options to get a better understanding.
Updating the Dockerfile
The Dockerfile in the example is slightly modified to copy the obfuscated source code from the obfuscated folder instead of the src folder:
... # copy code over from obfuscated folder COPY /obfuscated ./src ...
This will ensure only the obfuscated code gets published in the bot image.
Awesome! You now have an obfuscated bot that can store sensitive data in a publicly available image.