Cardano-wallet how to supply wallet password non-interactively?

cardano-wallet asks for password every time you want to submit a transaction, which is OK when you work in CLI, but not OK if you want to wrap cardano-wallet in a script.

Is there any way to supply the password from app perspective?

seems it’s possible via http endpoint:

curl --request POST \  --url http://localhost:1337/v2/wallets/5076b34c6949dbd150eb9c39039037543946bdce/transactions \  --header 'Content-Type: application/json' \  --data '{    "passphrase": "test123456",    "payments": [        {            "address": "addr_test1qzyfnjk3zmgzmvnnvnpeguv6se2ptjj3w3uuh30llqe5xdtzdduxxvke8rekwukyn0qt9g5pahasrnrdmv7nr86x537qxdgza0",            "amount": {                "quantity": 250000000,                "unit": "lovelace"            }        }    ]}'

I highly discourage posting wallet passwords in plain text with curl for anything other than playing in a testnet sandbox. What kind of transaction are you trying to automate?

User withdrawal from tipping bot (people can deposit / withdraw like from the exchange), it’s curl pointed against cardano-wallet instance that is running on same server as the bot, I am not sure how insecure it is, given that it’s fully sandboxed environment that nobody else has any kind of access to and that isn’t much accessible from outside either.

Do you think that when you withdraw from exchange their staff enters their hot wallet password manually? :slight_smile: I am fairly sure they automate this kind of stuff as well.

Yeah, just not with curl and plain text buddy.

Don’t get me wrong, curl is an awesome tool and I have been using it since the 90s but this is not something you use in a public facing production environment unless you want to get hacked. This tool is to test routes or debug while still in the development stages, supporting some CICD pipelines, and basic development stuff.

Exchanges most likely have an event driven orchestration system with workflow patterns that initiate state machines. These state machines then go through a rigorous rule engine to determine which cryptographic hashes need to be compared and how many authentications need to be met within a finite time limit to transition to the next state before authorizing anything. This is part of how 2FA and other multi-phase approval systems work in a general sense.

Automation isn’t just a buzzword in the real world. You need some actual effort beyond installing Ansible or Rundeck on your server :wink: