EIP-3030: Cleanup Suggestion

[pookiecn]

Pull Request

No response

What happened?

While reviewing EIP-3030, I noticed that a raw BLS secret key is included directly in the test data section:

Secret key: 0x68081afeb7ad3e8d469f87010804c3e8d53ef77d393059a55132637206cc59ec
This is visible at the following line:

EIPs/EIPS/eip-3030.md

Line 138 in ab95f0f

* Secret key: `0x68081afeb7ad3e8d469f87010804c3e8d53ef77d393059a55132637206cc59ec`.

Ideally, the secret key should be removed or replaced with a generic placeholder like <example_secret_key> or <do_not_use_in_production>, accompanied by a comment indicating that such keys are unsafe to share or reuse, even for demonstration purposes.

Including any form of private key in documentation — even test keys — goes against secure development practices and may unintentionally encourage unsafe behavior. Additionally, this might be misinterpreted or reused by developers unaware of the risks, leading to potential vulnerabilities.

Replace the hardcoded secret key with a generic placeholder

Add a short note or warning about key usage best practices

Optionally relocate full test vectors (if needed) to a secure testing suite outside the EIP document

Relevant log output

[Gb2real]

I'm behind on trons but plan to catch up n the next few days my problem is the lack of payment on ur end is upsetting

[pookiecn]

Hi @Gb2real, I believe your comment might have been added here by mistake — this issue is about a security cleanup suggestion for EIP-3030 (specifically regarding the inclusion of a raw BLS secret key in the documentation).

Also, I’m not sure what payment you're referring to, as I’ve only opened this issue to highlight a best-practice concern. If it’s related to another discussion or contributor, perhaps it was meant to be posted elsewhere?

Thanks!

[Gb2real]

My mistake I will find proper solution n take care of this issue right away I appreciate ur patience and understanding I will most definitely clean up my n double check from now on

[SamWilsn]

Since this is a test case tuple, removing the secret key wouldn't make sense. You can't check your signing algorithm works if you don't have the private key.

In any case, if you'd like to get the attention of the authors of EIP-3030, you should comment on their discussions-to thread, visible in the header of their proposal.