From f4d71ae3f8e5bdf3a05e7e94f3cd4777cb714022 Mon Sep 17 00:00:00 2001
From: Mikko Ohtamaa <mikko@opensourcehacker.com>
Date: Sat, 5 Mar 2022 14:41:42 +0100
Subject: [PATCH 1/3] An example how to manage local private key using env

How to manage private keys using environment variable, how to generate them, and some security warnings.
---
 docs/web3.eth.account.rst | 54 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/docs/web3.eth.account.rst b/docs/web3.eth.account.rst
index 60a25839f2..d563d925e9 100644
--- a/docs/web3.eth.account.rst
+++ b/docs/web3.eth.account.rst
@@ -1,4 +1,4 @@
-.. _eth-account:
+... _eth-account:
 
 Working with Local Private Keys
 ==========================================
@@ -55,6 +55,58 @@ Using private keys usually involves ``w3.eth.account`` in one way or another. Re
 or see a full list of things you can do in the docs for
 :class:`eth_account.Account <eth_account.account.Account>`.
 
+Read a private key from an environment variable
+------------------------------------------------
+
+In this example we pass the private key to our Python application in an 
+`environment variable <https://en.wikipedia.org/wiki/Environment_variable>`_.
+This private key is then added to the transaction signing keychain 
+with Signing middleware.
+
+You can also `export your private keys from Metamask and other wallets <https://metamask.zendesk.com/hc/en-us/articles/360015289632-How-to-Export-an-Account-Private-Key>`_.
+
+.. warning ::
+
+  Never share your private key. Never put your private keys in Python source code.
+  Never commit private keys to a Git repository. Always keep private keys separate from your source code.
+
+Example `account_test_script.py`
+
+.. code-block:: python
+
+    import os 
+    from eth_account import Account
+    from eth_account.signers.local import LocalAccount
+    from web3.auto import w3
+    from web3.middleware import construct_sign_and_send_raw_middleware
+    
+    private_key = os.environ.get("PRIVATE_KEY")
+    assert private_key is None, "You must set PRIVATE_KEY environment variable"        
+    assert private_key.startswith("0x"), "Private key must start with 0x hex prefix"
+    
+    account: LocalAccount = Account.from_key(private_key)
+    w3.middleware_onion.add(construct_sign_and_send_raw_middleware(account))
+    
+    print(f"Your hot wallet address is {account.address}")
+    
+Example how to run this in UNIX shell:
+
+.. code-block:: shell
+ 
+    # Generate a new 256-bit random integer using openssl UNIX command that acts as a private key.
+    # You can as well do:
+    # python -c "from web3 import Web3; w3 = Web3(); acc = w3.eth.account.create(); print(f'private key={w3.toHex(acc.privateKey)}, account={acc.address}')"
+    # Store this in a safe place, like in your password manager.
+    export PRIVATE_KEY=0x`openssl rand -hex 32` 
+    
+    # Run our script
+    python account_test_script.py
+    
+This will print::
+
+    Your hot wallet account is 0x27C8F899bb69E1501BBB96d09d7477a2a7518918
+
+  
 .. _extract_geth_pk:
 
 Extract private key from geth keyfile

From 83c41833ad3b37639db364c8465024d4d477dc79 Mon Sep 17 00:00:00 2001
From: Mikko Ohtamaa <mikko@opensourcehacker.com>
Date: Sat, 5 Mar 2022 14:44:18 +0100
Subject: [PATCH 2/3] Fix extra period

Inserted by the editor?
---
 docs/web3.eth.account.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/web3.eth.account.rst b/docs/web3.eth.account.rst
index d563d925e9..16760daa6f 100644
--- a/docs/web3.eth.account.rst
+++ b/docs/web3.eth.account.rst
@@ -1,4 +1,4 @@
-... _eth-account:
+.. _eth-account:
 
 Working with Local Private Keys
 ==========================================

From 22db7bb4c091fc4899d57068e1b36afabec275f4 Mon Sep 17 00:00:00 2001
From: Marc Garreau <marcdgarreau@gmail.com>
Date: Wed, 9 Mar 2022 16:07:08 -0700
Subject: [PATCH 3/3] add content tweaks and newsfragment

---
 docs/web3.eth.account.rst  | 23 ++++++++++++-----------
 newsfragments/2380.doc.rst |  1 +
 2 files changed, 13 insertions(+), 11 deletions(-)
 create mode 100644 newsfragments/2380.doc.rst

diff --git a/docs/web3.eth.account.rst b/docs/web3.eth.account.rst
index 16760daa6f..a331c3b733 100644
--- a/docs/web3.eth.account.rst
+++ b/docs/web3.eth.account.rst
@@ -39,7 +39,7 @@ Hosted Private Key
   not your Ether" in the wise words of Andreas Antonopoulos.
 
 Some Common Uses for Local Private Keys
--------------------------------------------
+---------------------------------------
 
 A very common reason to work with local private keys is to interact
 with a hosted node.
@@ -56,21 +56,22 @@ or see a full list of things you can do in the docs for
 :class:`eth_account.Account <eth_account.account.Account>`.
 
 Read a private key from an environment variable
-------------------------------------------------
+-----------------------------------------------
 
 In this example we pass the private key to our Python application in an 
 `environment variable <https://en.wikipedia.org/wiki/Environment_variable>`_.
 This private key is then added to the transaction signing keychain 
-with Signing middleware.
+with ``Signing`` middleware.
 
-You can also `export your private keys from Metamask and other wallets <https://metamask.zendesk.com/hc/en-us/articles/360015289632-How-to-Export-an-Account-Private-Key>`_.
+If unfamiliar, note that you can `export your private keys from Metamask and other wallets <https://metamask.zendesk.com/hc/en-us/articles/360015289632-How-to-Export-an-Account-Private-Key>`_.
 
 .. warning ::
 
-  Never share your private key. Never put your private keys in Python source code.
-  Never commit private keys to a Git repository. Always keep private keys separate from your source code.
+  - **Never** share your private keys.
+  - **Never** put your private keys in source code.
+  - **Never** commit private keys to a Git repository.
 
-Example `account_test_script.py`
+Example ``account_test_script.py``
 
 .. code-block:: python
 
@@ -81,7 +82,7 @@ Example `account_test_script.py`
     from web3.middleware import construct_sign_and_send_raw_middleware
     
     private_key = os.environ.get("PRIVATE_KEY")
-    assert private_key is None, "You must set PRIVATE_KEY environment variable"        
+    assert private_key is not None, "You must set PRIVATE_KEY environment variable"
     assert private_key.startswith("0x"), "Private key must start with 0x hex prefix"
     
     account: LocalAccount = Account.from_key(private_key)
@@ -94,8 +95,8 @@ Example how to run this in UNIX shell:
 .. code-block:: shell
  
     # Generate a new 256-bit random integer using openssl UNIX command that acts as a private key.
-    # You can as well do:
-    # python -c "from web3 import Web3; w3 = Web3(); acc = w3.eth.account.create(); print(f'private key={w3.toHex(acc.privateKey)}, account={acc.address}')"
+    # You can also do:
+    # python -c "from web3 import Web3; w3 = Web3(); acc = w3.eth.account.create(); print(f'private key={w3.toHex(acc.key)}, account={acc.address}')"
     # Store this in a safe place, like in your password manager.
     export PRIVATE_KEY=0x`openssl rand -hex 32` 
     
@@ -104,7 +105,7 @@ Example how to run this in UNIX shell:
     
 This will print::
 
-    Your hot wallet account is 0x27C8F899bb69E1501BBB96d09d7477a2a7518918
+    Your hot wallet address is 0x27C8F899bb69E1501BBB96d09d7477a2a7518918
 
   
 .. _extract_geth_pk:
diff --git a/newsfragments/2380.doc.rst b/newsfragments/2380.doc.rst
new file mode 100644
index 0000000000..6baf4bb2d6
--- /dev/null
+++ b/newsfragments/2380.doc.rst
@@ -0,0 +1 @@
+Document reading private keys from environment variables