stellar · willemneal · Nov 5, 2024 · Nov 5, 2024 · Dec 2, 2024 · Nov 14, 2024
diff --git a/.github/workflows/binaries.yml b/.github/workflows/binaries.yml
@@ -46,7 +46,7 @@ jobs:
     - run: rustup target add ${{ matrix.sys.target }}
 
     - if: matrix.sys.target == 'aarch64-unknown-linux-gnu'
-      run: sudo apt-get update && sudo apt-get -y install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libudev-dev
+      run: sudo apt-get update && sudo apt-get -y install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libudev-dev libdbus-1-dev
 
     - name: Setup vars
       run: |
@@ -69,6 +69,7 @@ jobs:
       env:
         CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
       working-directory: ${{ env.BUILD_WORKING_DIR }}
+      run: sudo apt-get update && sudo apt-get -y install libdbus-1-dev
       run: cargo build --target-dir="$GITHUB_WORKSPACE/target" --package ${{ matrix.crate.name }} --features opt --release --target ${{ matrix.sys.target }}
 
     - name: Build provenance for attestation (release only)

diff --git a/.github/workflows/bindings-ts.yml b/.github/workflows/bindings-ts.yml
@@ -38,6 +38,7 @@ jobs:
             target/
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
       - run: rustup update
+      - run: sudo apt install -y libdbus-1-dev
       - run: cargo build
       - run: rustup target add wasm32-unknown-unknown
       - run: make build-test-wasms

diff --git a/.github/workflows/rpc-tests.yml b/.github/workflows/rpc-tests.yml
@@ -39,6 +39,7 @@ jobs:
             target/
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
       - run: rustup update
+      - run: sudo apt install -y libdbus-1-dev
       - run: cargo build
       - run: rustup target add wasm32-unknown-unknown
       - run: make build-test-wasms

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -49,6 +49,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: stellar/actions/rust-cache@main
     - run: rustup update
+    - run: sudo apt install -y libdbus-1-dev
     - run: make generate-full-help-doc
     - run: git add -N . && git diff HEAD --exit-code
 
@@ -90,7 +91,7 @@ jobs:
     - run: rustup target add ${{ matrix.sys.target }}
     - run: rustup target add wasm32-unknown-unknown
     - if: runner.os == 'Linux'
-      run: sudo apt-get update && sudo apt-get -y install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libudev-dev
+      run: sudo apt-get update && sudo apt-get -y install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libudev-dev libdbus-1-dev
     - run: cargo clippy --all-targets --target ${{ matrix.sys.target }}
     - run: make test
       env:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/FULL_HELP_DOCS.md b/FULL_HELP_DOCS.md
@@ -938,7 +938,7 @@ Create and manage identities including keys and addresses
 
 ###### **Subcommands:**
 
-* `add` — Add a new identity (keypair, ledger, macOS keychain)
+* `add` — Add a new identity (keypair, ledger, OS specific secure store)
 * `address` — Given an identity return its address (public key)
 * `fund` — Fund an identity on a test network
 * `generate` — Generate a new identity with a seed phrase, currently 12 words
@@ -951,7 +951,7 @@ Create and manage identities including keys and addresses
 
 ## `stellar keys add`
 
-Add a new identity (keypair, ledger, macOS keychain)
+Add a new identity (keypair, ledger, OS specific secure store)
 
 **Usage:** `stellar keys add [OPTIONS] <NAME>`
 
@@ -1023,6 +1023,7 @@ Generate a new identity with a seed phrase, currently 12 words
 * `--no-fund` — Do not fund address
 * `--seed <SEED>` — Optional seed to use when generating seed phrase. Random otherwise
 * `-s`, `--as-secret` — Output the generated identity as a secret key
+* `--secure-store` — Save in OS-specific secure store
 * `--global` — Use global config
 * `--config-dir <CONFIG_DIR>` — Location of config directory, default is "."
 * `--hd-path <HD_PATH>` — When generating a secret key, which `hd_path` should be used from the original `seed_phrase`

diff --git a/cmd/soroban-cli/Cargo.toml b/cmd/soroban-cli/Cargo.toml
@@ -72,7 +72,8 @@ rand = "0.8.5"
 wasmparser = { workspace = true }
 sha2 = { workspace = true }
 csv = "1.1.6"
-ed25519-dalek = { workspace = true }
+# zeroize feature ensures that all sensitive data is zeroed out when dropped
+ed25519-dalek = { workspace = true, features = ["zeroize"] }
 reqwest = { version = "0.12.7", default-features = false, features = [
     "rustls-tls",
     "http2",
@@ -124,6 +125,10 @@ fqdn = "0.3.12"
 open = "5.3.0"
 url = "2.5.2"
 wasm-gen = "0.1.4"
+zeroize = "1.8.1"
+keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"] }
+whoami = "1.5.2"
+
 
 [build-dependencies]
 crate-git-revision = "0.0.6"

diff --git a/cmd/soroban-cli/src/commands/contract/arg_parsing.rs b/cmd/soroban-cli/src/commands/contract/arg_parsing.rs
@@ -14,8 +14,9 @@ use crate::xdr::{
 
 use crate::commands::txn_result::TxnResult;
 use crate::config::{
-    self,
+    self, address,
     sc_address::{self, UnresolvedScAddress},
+    secret,
 };
 use soroban_spec_tools::Spec;
 
@@ -41,6 +42,10 @@ pub enum Error {
     Xdr(#[from] xdr::Error),
     #[error(transparent)]
     StrVal(#[from] soroban_spec_tools::Error),
+    #[error(transparent)]
+    Address(#[from] address::Error),
+    #[error(transparent)]
+    Secret(#[from] secret::Error),
     #[error("Missing argument {0}")]
     MissingArgument(String),
     #[error("")]

diff --git a/cmd/soroban-cli/src/commands/keys/add.rs b/cmd/soroban-cli/src/commands/keys/add.rs
@@ -2,24 +2,28 @@ use clap::command;
 
 use crate::{
     commands::global,
-    config::{locator, secret},
+    config::{
+        address::{self, KeyName},
+        locator, secret,
+    },
     print::Print,
 };
 
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
     #[error(transparent)]
     Secret(#[from] secret::Error),
-
     #[error(transparent)]
     Config(#[from] locator::Error),
+    #[error(transparent)]
+    Address(#[from] address::Error),
 }
 
 #[derive(Debug, clap::Parser, Clone)]
 #[group(skip)]
 pub struct Cmd {
     /// Name of identity
-    pub name: String,
+    pub name: KeyName,
 
     #[command(flatten)]
     pub secrets: secret::Args,

diff --git a/cmd/soroban-cli/src/commands/keys/address.rs b/cmd/soroban-cli/src/commands/keys/address.rs
@@ -1,8 +1,10 @@
-use crate::commands::config::secret;
-
-use super::super::config::locator;
 use clap::arg;
 
+use crate::{
+    commands::config::{address, locator, secret},
+    config::UnresolvedMuxedAccount,
+};
+
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
     #[error(transparent)]
@@ -13,6 +15,9 @@ pub enum Error {
 
     #[error(transparent)]
     StrKey(#[from] stellar_strkey::DecodeError),
+
+    #[error(transparent)]
+    Address(#[from] address::Error),
 }
 
 #[derive(Debug, clap::Parser, Clone)]
@@ -45,6 +50,11 @@ impl Cmd {
     pub fn public_key(&self) -> Result<stellar_strkey::ed25519::PublicKey, Error> {
         if let Ok(key) = stellar_strkey::ed25519::PublicKey::from_string(&self.name) {
             Ok(key)
+        } else if let Ok(unresolved) = self.name.parse::<UnresolvedMuxedAccount>() {
+            let muxed = unresolved.resolve_muxed_account(&self.locator, self.hd_path)?;
+            Ok(stellar_strkey::ed25519::PublicKey::from_string(
+                &muxed.to_string(),
+            )?)
         } else {
             Ok(stellar_strkey::ed25519::PublicKey::from_payload(
                 self.private_key()?.verifying_key().as_bytes(),