CipherGate

Keys stay in your wallet — not your scripts

Cipher Gate

Your dev tools see a normal RPC. Reads pass straight through — but every transaction pauses to be simulated, decoded, and signed in your own browser wallet.

See how it works

Rust · single binary · MIT · localhost-only by default

The problem

Your deploy scripts shouldn't hold your private keys.

— the usual way

Drop a raw private key into .env, pass it to Foundry or Hardhat, and hope it never leaks into a log, a commit, a CI artifact, or the wrong network. One mistake signs with the wrong account on mainnet.

+ with Cipher Gate

The key stays in your wallet. Your tooling points at a plain RPC endpoint and never sees a secret. You review a simulated, decoded transaction and approve it with the same wallet you already trust.

How it works

Sits between your tools and your wallet.

Your dev tool

forge · hardhat · viem

Cipher Gate

localhost

Your wallet

MetaMask · Rabby

01

Run the proxy

Start Cipher Gate against your upstream RPC. It serves the JSON-RPC proxy and the signing UI on one port.

02

Point your tool at it

Set your RPC URL to Cipher Gate (port 8545 by default). Open that address in a browser and connect your wallet.

03

Approve in your wallet

Run your script. Reads pass straight through; each signing request pops up to approve or reject — simulated and decoded.

Features

Built for people who read their calldata.

No keys in your scripts

Your tool talks to a normal RPC. Signing happens in your browser wallet — the private key never touches your shell, env, or CI logs.

Simulated before you sign

Every write is run through eth_call + gas estimation first. See if it reverts (and why) before it ever reaches your wallet.

Calldata, decoded

Raw calldata is decoded to a function and arguments — with real parameter names pulled from the contract's verified Sourcify ABI.

Human-readable amounts

ERC-20 transfers and approvals show real token symbols and decimals — and flag dangerous ones like unlimited approvals.

Localhost-only by default

Binds 127.0.0.1, gates the signing socket with a per-run token, and checks the browser Origin. Nothing reaches your wallet from off-machine.

One binary, no Node

A single Rust binary with the signing UI baked in — cargo install, run, done. Nothing to host, and a desktop alert with sound on every new request.

Get started

Up and running in three commands.

terminal
# 1. install
$ cargo install cipher-gate

# 2. run against your upstream RPC
$ cipher-gate --rpc-url https://eth.llamarpc.com

# 3. point your tool at it, open the UI, connect a wallet
$ forge script script/Deploy.s.sol --rpc-url http://localhost:8545 \
            --broadcast --unlocked --sender <your-address>

Works out of the box — no signup. Want to use your own WalletConnect quota? Pass --reown-project-id with a free ID from cloud.reown.com.