Keys stay in your wallet — not your scripts
Cipher Gate
Your dev tools see a normal RPC. Reads pass straight through — but every transaction pauses to be simulated, decoded, and signed in your own browser wallet.
Rust · single binary · MIT · localhost-only by default
The problem
Your deploy scripts shouldn't hold your private keys.
— the usual way
Drop a raw private key into .env, pass it to Foundry or Hardhat, and hope it never leaks into a log, a commit, a CI artifact, or the wrong network. One mistake signs with the wrong account on mainnet.
+ with Cipher Gate
The key stays in your wallet. Your tooling points at a plain RPC endpoint and never sees a secret. You review a simulated, decoded transaction and approve it with the same wallet you already trust.
How it works
Sits between your tools and your wallet.
Your dev tool
forge · hardhat · viem
Cipher Gate
localhost
Your wallet
MetaMask · Rabby
01
Run the proxy
Start Cipher Gate against your upstream RPC. It serves the JSON-RPC proxy and the signing UI on one port.
02
Point your tool at it
Set your RPC URL to Cipher Gate (port 8545 by default). Open that address in a browser and connect your wallet.
03
Approve in your wallet
Run your script. Reads pass straight through; each signing request pops up to approve or reject — simulated and decoded.
Features
Built for people who read their calldata.
No keys in your scripts
Your tool talks to a normal RPC. Signing happens in your browser wallet — the private key never touches your shell, env, or CI logs.
Simulated before you sign
Every write is run through eth_call + gas estimation first. See if it reverts (and why) before it ever reaches your wallet.
Calldata, decoded
Raw calldata is decoded to a function and arguments — with real parameter names pulled from the contract's verified Sourcify ABI.
Human-readable amounts
ERC-20 transfers and approvals show real token symbols and decimals — and flag dangerous ones like unlimited approvals.
Localhost-only by default
Binds 127.0.0.1, gates the signing socket with a per-run token, and checks the browser Origin. Nothing reaches your wallet from off-machine.
One binary, no Node
A single Rust binary with the signing UI baked in — cargo install, run, done. Nothing to host, and a desktop alert with sound on every new request.
Get started
Up and running in three commands.
# 1. install
$ cargo install cipher-gate
# 2. run against your upstream RPC
$ cipher-gate --rpc-url https://eth.llamarpc.com
# 3. point your tool at it, open the UI, connect a wallet
$ forge script script/Deploy.s.sol --rpc-url http://localhost:8545 \
--broadcast --unlocked --sender <your-address>Works out of the box — no signup. Want to use your own WalletConnect quota? Pass --reown-project-id with a free ID from cloud.reown.com.