tudormunteanu / framehub-template Goto Github PK

The steps to add a secret is simple. We will add the Neynar API Key in this example by creating a secret JSON object with the apiKey:

{"apiKey": "<NEYNAR_API_KEY>"}

Then in your frame code, you will be able to access the secret key via req.secret object:

async function POST(req: Request): Promise<Response> {
    const apiKey = req.secret?.apiKey
}

Note: Before continuing, make sure to publish your compiled JS code, so you can add secrets to the CID.

Open terminal Use curl to POST your secrets to https://frames.phatfn.xyz/vaults. Replace IPFS_CID with the CID to the compile JS code in IPFS, and replace <NEYNAR_API_KEY> with your Neynar API key.

The command will look like this:

curl https://frames.phatfn.xyz/vaults -H 'Content-Type: application/json' -d '{"cid": "IPFS_CID", "data": {"apiKey": "<NEYNAR_API_KEY>"}}'
# Output:
# {"token":"e85ae53d2ba4ca8d","key":"e781ef31210e0362","succeed":true}

The API returns a token and a key. The key is the id of your secret. It can be used to specify which secret you are going to pass to your frame. The token can be used by the developer to access the raw secret. You should never leak the token.

To verify the secret, run the following command where key and token are replaced with the values from adding your secret to the vault.

curl https://frames.phatfn.xyz/vaults/<key>/<token>

Expected output:

{"data":{"apiKey":"<NEYNAR_API_KEY>"},"succeed":true}

To see where the code is used in this template, check out index.ts line 36.

If you are using secrets, make sure that your Cast URL is set in the following syntax where cid is the IPFS CID of your compiled JS file and key is the key from adding secrets to your vault.

https://frames.phatfn.xyz/ipfs/<cid>?key=<key>

• Most of the npm packages are supported: viem, onchainkit, ….
• Some packages with some advanced features are not supported:
• Large code size. Compiled bundle should be less than 500kb.
• Large memory usage, like image generation
• Web Assembly
• Browser only features: local storage, service workers, etc

• The code runs inside a tailored QuickJS engine
• Available features: ES2023, async, fetch, setTimeout, setInterval, bigint
• Resource limits
• Max execution time 10s
• Max memory usage: 16 mb
• Max code size: 500 kb
• Limited CPU burst: CPU time between async calls is limited. e.g. Too complex for-loop may hit the burst limit.

• Your code on FrameHub is fully secure, private, and permissionless. Nobody can manipulate your program, steal any data from it, or censor it.
• Security: The code is executed in the decentralized TEE network running on Phala Network. It runs code inside a secure blackbox (called enclave) created by the CPU. It generates cryptographic proofs verifiable on Phala blockchain. It proves that the hosted code is exactly the one you deployed.
• Privacy: You can safely put secrets like API keys or user privacy on FrameHub. The code runs inside TEE hardware blackboxs. The memory of the program is fully encrypted by the TEE. It blocks any unauthorized access to your data.
• Learn more at Phala Network Homepage

• TEE/SGX wiki
• Debunking TEE FUD: A Brief Defense of The Use of TEEs in Crypto