Zeroize the cli structs

cli/Cargo.toml

@@ -118,5 +118,9 @@ features = [ "env-filter" ]
 [dependencies.ureq]
 version = "2.9"
 
+[dependencies.zeroize]
+version = "1"
+features = [ "derive" ]
+
 [target."cfg(target_family = \"unix\")".dependencies.nix]
 version = "0.26"

cli/src/commands/account.rs

@@ -27,11 +27,12 @@ use rand::SeedableRng;
 use rand_chacha::ChaChaRng;
 use rayon::prelude::*;
 use std::io::{Read, Write};
+use zeroize::Zeroize;
 
 type Network = snarkvm::prelude::Testnet3;
 
 /// Commands to manage Aleo accounts.
-#[derive(Debug, Parser)]
+#[derive(Debug, Parser, Zeroize)]
 pub enum Account {
     /// Generates a new Aleo account
     New {

cli/src/commands/developer/decrypt.rs

@@ -22,9 +22,10 @@ use snarkvm::{
 use anyhow::{bail, Result};
 use clap::Parser;
 use std::str::FromStr;
+use zeroize::Zeroize;
 
 /// Decrypts a record ciphertext.
-#[derive(Debug, Parser)]
+#[derive(Debug, Parser, Zeroize)]
 pub struct Decrypt {
     /// The record ciphertext to decrypt.
     #[clap(short, long)]

cli/src/commands/developer/deploy.rs

@@ -31,6 +31,7 @@ use anyhow::{bail, Result};
 use clap::Parser;
 use colored::Colorize;
 use std::str::FromStr;
+use zeroize::Zeroize;
 
 /// Deploys an Aleo program.
 #[derive(Debug, Parser)]
@@ -63,6 +64,13 @@ pub struct Deploy {
     store: Option<String>,
 }
 
+impl Drop for Deploy {
+    /// Zeroize the private key when the `Deploy` struct goes out of scope.
+    fn drop(&mut self) {
+        self.private_key.zeroize();
+    }
+}
+
 impl Deploy {
     /// Deploys an Aleo program.
     pub fn parse(self) -> Result<String> {
@@ -78,7 +86,7 @@ impl Deploy {
         let private_key = PrivateKey::from_str(&self.private_key)?;
 
         // Fetch the package from the directory.
-        let package = Developer::parse_package(self.program_id, self.path)?;
+        let package = Developer::parse_package(self.program_id, &self.path)?;
 
         println!("📦 Creating deployment transaction for '{}'...\n", &self.program_id.to_string().bold());
 
@@ -133,9 +141,9 @@ impl Deploy {
 
         // Determine if the transaction should be broadcast, stored, or displayed to the user.
         Developer::handle_transaction(
-            self.broadcast,
+            &self.broadcast,
             self.dry_run,
-            self.store,
+            &self.store,
             transaction,
             self.program_id.to_string(),
         )

cli/src/commands/developer/execute.rs

@@ -31,6 +31,7 @@ use anyhow::{anyhow, bail, Result};
 use clap::Parser;
 use colored::Colorize;
 use std::str::FromStr;
+use zeroize::Zeroize;
 
 /// Executes an Aleo program function.
 #[derive(Debug, Parser)]
@@ -64,6 +65,13 @@ pub struct Execute {
     store: Option<String>,
 }
 
+impl Drop for Execute {
+    /// Zeroize the private key when the `Execute` struct goes out of scope.
+    fn drop(&mut self) {
+        self.private_key.zeroize();
+    }
+}
+
 impl Execute {
     /// Executes an Aleo program function with the provided inputs.
     #[allow(clippy::format_in_format_args)]
@@ -143,7 +151,7 @@ impl Execute {
         println!("✅ Created execution transaction for '{}'", locator.to_string().bold());
 
         // Determine if the transaction should be broadcast, stored, or displayed to the user.
-        Developer::handle_transaction(self.broadcast, self.dry_run, self.store, transaction, locator.to_string())
+        Developer::handle_transaction(&self.broadcast, self.dry_run, &self.store, transaction, locator.to_string())
     }
 }
 

cli/src/commands/developer/mod.rs

@@ -81,7 +81,7 @@ impl Developer {
     }
 
     /// Parse the package from the directory.
-    fn parse_package(program_id: ProgramID<CurrentNetwork>, path: Option<String>) -> Result<Package<CurrentNetwork>> {
+    fn parse_package(program_id: ProgramID<CurrentNetwork>, path: &Option<String>) -> Result<Package<CurrentNetwork>> {
         // Instantiate a path to the directory containing the manifest file.
         let directory = match path {
             Some(path) => PathBuf::from_str(&path)?,
@@ -167,9 +167,9 @@ impl Developer {
 
     /// Determine if the transaction should be broadcast or displayed to user.
     fn handle_transaction(
-        broadcast: Option<String>,
+        broadcast: &Option<String>,
         dry_run: bool,
-        store: Option<String>,
+        store: &Option<String>,
         transaction: Transaction<CurrentNetwork>,
         operation: String,
     ) -> Result<String> {

cli/src/commands/developer/scan.rs

@@ -26,12 +26,13 @@ use std::{
     str::FromStr,
     sync::Arc,
 };
+use zeroize::Zeroize;
 
 const MAX_BLOCK_RANGE: u32 = 50;
 const CDN_ENDPOINT: &str = "https://s3.us-west-1.amazonaws.com/testnet3.blocks/phase3";
 
 /// Scan the snarkOS node for records.
-#[derive(Debug, Parser)]
+#[derive(Debug, Parser, Zeroize)]
 pub struct Scan {
     /// An optional private key scan for unspent records.
     #[clap(short, long)]

cli/src/commands/developer/transfer_private.rs

@@ -27,6 +27,7 @@ use snarkvm::prelude::{
 use anyhow::{bail, Result};
 use clap::Parser;
 use std::str::FromStr;
+use zeroize::Zeroize;
 
 /// Executes the `transfer_private` function in the `credits.aleo` program.
 #[derive(Debug, Parser)]
@@ -63,6 +64,13 @@ pub struct TransferPrivate {
     store: Option<String>,
 }
 
+impl Drop for TransferPrivate {
+    /// Zeroize the private key when the `TransferPrivate` struct goes out of scope.
+    fn drop(&mut self) {
+        self.private_key.zeroize();
+    }
+}
+
 impl TransferPrivate {
     /// Creates an Aleo transfer with the provided inputs.
     #[allow(clippy::format_in_format_args)]
@@ -116,6 +124,6 @@ impl TransferPrivate {
         println!("✅ Created private transfer of {} microcredits to {}\n", &self.amount, self.recipient);
 
         // Determine if the transaction should be broadcast, stored, or displayed to the user.
-        Developer::handle_transaction(self.broadcast, self.dry_run, self.store, transaction, locator.to_string())
+        Developer::handle_transaction(&self.broadcast, self.dry_run, &self.store, transaction, locator.to_string())
     }
 }