Your private key doesn't belong in your terminal. Here's the Foundry fix.

You're about to run forge script --broadcast. The command needs a private key. The options that come to mind first all share the same problem: paste it into the terminal and it ends up in .bash_history or .zsh_history. Put it in .env and it's one accidental git add away from the repo. Hardcode it in the deploy script and it's in version history the moment the file is committed. These aren't theoretical risks — they're how keys get exposed. There is a better way built directly into Foundry. Using Foundry's encrypted keystore Import your private key into an encrypted keystore: cast wallet import deployer --interactive The --interactive flag prompts for your private key and a password. Foundry stores the key encrypted at ~/.foundry/keystores/deployer. Nothing touches shell history. The name deployer is arbitrary — use whatever you'll recognise. Before running a deploy, confirm the import worked: cast wallet list This lists all keystores by name. If deployer appears, the import succeeded.