NomicFoundation
diff --git a/‎.changeset/stupid-laws-carry.md
Lines changed: 7 additions & 0 deletions b/‎.changeset/stupid-laws-carry.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎v-next/hardhat-errors/src/descriptors.ts
Lines changed: 14 additions & 0 deletions b/‎v-next/hardhat-errors/src/descriptors.ts
Lines changed: 14 additions & 0 deletions
diff --git a/‎v-next/hardhat-keystore/src/index.ts
Lines changed: 30 additions & 0 deletions b/‎v-next/hardhat-keystore/src/index.ts
Lines changed: 30 additions & 0 deletions
diff --git a/‎v-next/hardhat-keystore/src/internal/hook-handlers/config.ts
Lines changed: 10 additions & 1 deletion b/‎v-next/hardhat-keystore/src/internal/hook-handlers/config.ts
Lines changed: 10 additions & 1 deletion
diff --git a/‎v-next/hardhat-keystore/src/internal/hook-handlers/configuration-variables.ts
Lines changed: 81 additions & 21 deletions b/‎v-next/hardhat-keystore/src/internal/hook-handlers/configuration-variables.ts
Lines changed: 81 additions & 21 deletions
diff --git a/‎v-next/hardhat-keystore/src/internal/keystores/password.ts
Lines changed: 61 additions & 19 deletions b/‎v-next/hardhat-keystore/src/internal/keystores/password.ts
Lines changed: 61 additions & 19 deletions
@@ -0,0 +1,7 @@
+---
+"@nomicfoundation/hardhat-errors": patch
+"@nomicfoundation/hardhat-keystore": patch
+"hardhat": patch
+---
+
+Add a development keystore ([#7003](https://github.com/NomicFoundation/hardhat/issues/7003))
@@ -2048,6 +2048,20 @@ Please check Hardhat's output for more details.`,
         websiteDescription:
           "The password you provided is incorrect or the keystore file is corrupted.",
       },
+      CANNOT_CHANGED_PASSWORD_FOR_DEV_KEYSTORE: {
+        number: 50001,
+        messageTemplate: `The keystore "change-password" task cannot be used with the development keystore`,
+        websiteTitle: "Cannot change password for dev keystore",
+        websiteDescription: `The keystore "change-password" task cannot be used with the development keystore`,
+      },
+      KEY_NOT_FOUND_DURING_TESTS_WITH_DEV_KEYSTORE: {
+        number: 50002,
+        messageTemplate: `Key "{key}" not found in the development keystore. Run "npx hardhat keystore set {key} --dev" to set it.`,
+        websiteTitle: "Key not found in the development keystore during tests",
+        websiteDescription: `Key not found in the development keystore. During tests, configuration variables can only be accessed through the development keystore.
+
+Run "npx hardhat keystore set <KEY> --dev" to set it.`,
+      },
     },
   },
   NETWORK_HELPERS: {
 
@@ -31,10 +31,20 @@ const hardhatKeystorePlugin: HardhatPlugin = {
         name: "force",
         description: "Forces overwrite if the key already exists.",
       })
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .setAction(import.meta.resolve("./internal/tasks/set.js"))
       .build(),
 
     task(["keystore", "get"], "Get a value given a key")
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .addPositionalArgument({
         name: "key",
         type: ArgumentType.STRING,
@@ -44,10 +54,20 @@ const hardhatKeystorePlugin: HardhatPlugin = {
       .build(),
 
     task(["keystore", "list"], "List all keys in the keystore")
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .setAction(import.meta.resolve("./internal/tasks/list.js"))
       .build(),
 
     task(["keystore", "delete"], "Delete a key from the keystore")
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .addPositionalArgument({
         name: "key",
         type: ArgumentType.STRING,
@@ -62,13 +82,23 @@ const hardhatKeystorePlugin: HardhatPlugin = {
       .build(),
 
     task(["keystore", "path"], "Display the path where the keystore is stored")
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .setAction(import.meta.resolve("./internal/tasks/path.js"))
       .build(),
 
     task(
       ["keystore", "change-password"],
       "Change the password for the keystore",
     )
+      .addFlag({
+        name: "dev",
+        description:
+          "Use the development keystore instead of the production one",
+      })
       .setAction(import.meta.resolve("./internal/tasks/change-password.js"))
       .build(),
   ],
 
@@ -2,7 +2,11 @@ import type { ConfigHooks } from "hardhat/types/hooks";
 
 import debug from "debug";
 
-import { getKeystoreFilePath } from "../utils/get-keystore-file-path.js";
+import {
+  getDevKeystoreFilePath,
+  getDevKeystorePasswordFilePath,
+  getKeystoreFilePath,
+} from "../utils/get-keystore-file-path.js";
 
 const log = debug("hardhat:keystore:hooks:config");
 
@@ -19,13 +23,18 @@ export default async (): Promise<Partial<ConfigHooks>> => {
       );
 
       const defaultKeystoreFilePath = await getKeystoreFilePath();
+      const defaultDevKeystoreFilePath = await getDevKeystoreFilePath();
+      const defaultDevKeystorePasswordFilePath =
+        await getDevKeystorePasswordFilePath();
 
       log(`path to keystore file: ${defaultKeystoreFilePath}`);
 
       return {
         ...resolvedConfig,
         keystore: {
           filePath: defaultKeystoreFilePath,
+          devFilePath: defaultDevKeystoreFilePath,
+          devPasswordFilePath: defaultDevKeystorePasswordFilePath,
         },
       };
     },
 
@@ -5,17 +5,20 @@ import type {
   HookContext,
 } from "hardhat/types/hooks";
 
+import { HardhatError } from "@nomicfoundation/hardhat-errors";
 import { isCi } from "@nomicfoundation/hardhat-utils/ci";
 
 import { deriveMasterKeyFromKeystore } from "../keystores/encryption.js";
-import { askPassword } from "../keystores/password.js";
+import { getPasswordHandlers } from "../keystores/password.js";
 import { setupKeystoreLoaderFrom } from "../utils/setup-keystore-loader-from.js";
 
 export default async (): Promise<Partial<ConfigurationVariableHooks>> => {
   // Use a cache with hooks since they may be called multiple times consecutively.
-  let keystoreLoader: KeystoreLoader | undefined;
+  let keystoreLoaderProd: KeystoreLoader | undefined;
+  let keystoreLoaderDev: KeystoreLoader | undefined;
   // Caching the masterKey prevents repeated password prompts when retrieving multiple configuration variables.
-  let masterKey: Uint8Array | undefined;
+  let masterKeyProd: Uint8Array | undefined;
+  let masterKeyDev: Uint8Array | undefined;
 
   const handlers: Partial<ConfigurationVariableHooks> = {
     fetchValue: async (
@@ -29,34 +32,91 @@ export default async (): Promise<Partial<ConfigurationVariableHooks>> => {
         return next(context, variable);
       }
 
-      if (keystoreLoader === undefined) {
-        keystoreLoader = setupKeystoreLoaderFrom(context);
+      // When `fetchValue` is called from a test, we only allow the use of the development keystore
+      // to avoid prompting for the production keystore password.
+      const onlyAllowDevKeystore = process.env.HH_TEST === "true";
+
+      // First try to get the value from the development keystore
+      let value = await getValue(context, variable, true, onlyAllowDevKeystore);
+
+      if (value !== undefined) {
+        return value;
       }
 
-      if (!(await keystoreLoader.isKeystoreInitialized())) {
-        return next(context, variable);
+      // Then, if the development keystore does not have the key and `fetchValue` is not called from a test,
+      // attempt to retrieve the value from the production keystore.
+      value = await getValue(context, variable, false, onlyAllowDevKeystore);
+
+      if (value !== undefined) {
+        return value;
       }
 
-      const keystore = await keystoreLoader.loadKeystore();
+      return next(context, variable);
+    },
+  };
+
+  async function getValue(
+    context: HookContext,
+    variable: ConfigurationVariable,
+    isDevKeystore: boolean,
+    onlyAllowDevKeystore: boolean,
+  ): Promise<string | undefined> {
+    let keystoreLoader = isDevKeystore ? keystoreLoaderDev : keystoreLoaderProd;
+    let masterKey = isDevKeystore ? masterKeyDev : masterKeyProd;
 
-      if (masterKey === undefined) {
-        const password = await askPassword(
-          context.interruptions.requestSecretInput.bind(context.interruptions),
-        );
+    if (keystoreLoader === undefined) {
+      keystoreLoader = setupKeystoreLoaderFrom(context, isDevKeystore);
 
-        masterKey = deriveMasterKeyFromKeystore({
-          encryptedKeystore: keystore.toJSON(),
-          password,
-        });
+      if (isDevKeystore) {
+        keystoreLoaderDev = keystoreLoader;
+      } else {
+        keystoreLoaderProd = keystoreLoader;
       }
+    }
 
-      if (!(await keystore.hasKey(variable.name, masterKey))) {
-        return next(context, variable);
+    if (!(await keystoreLoader.isKeystoreInitialized())) {
+      return undefined;
+    }
+
+    const keystore = await keystoreLoader.loadKeystore();
+
+    if (masterKey === undefined) {
+      const { askPassword } = getPasswordHandlers(
+        context.interruptions.requestSecretInput.bind(context.interruptions),
+        console.log,
+        isDevKeystore,
+        keystoreLoader.getKeystoreDevPasswordFilePath(),
+      );
+
+      const password = await askPassword();
+
+      masterKey = deriveMasterKeyFromKeystore({
+        encryptedKeystore: keystore.toJSON(),
+        password,
+      });
+
+      if (isDevKeystore) {
+        masterKeyDev = masterKey;
+      } else {
+        masterKeyProd = masterKey;
       }
+    }
 
-      return keystore.readValue(variable.name, masterKey);
-    },
-  };
+    if (!(await keystore.hasKey(variable.name, masterKey))) {
+      if (onlyAllowDevKeystore) {
+        throw new HardhatError(
+          HardhatError.ERRORS.HARDHAT_KEYSTORE.GENERAL.KEY_NOT_FOUND_DURING_TESTS_WITH_DEV_KEYSTORE,
+          {
+            key: variable.name,
+          },
+        );
+      }
+
+      return undefined;
+    }
+
+    return keystore.readValue(variable.name, masterKey);
+  }
 
   return handlers;
 };
@@ -1,14 +1,49 @@
+import type {
+  KeystoreConsoleLog,
+  KeystoreRequestSecretInput,
+} from "../types.js";
+
+import { randomBytes } from "node:crypto";
+
+import { HardhatError } from "@nomicfoundation/hardhat-errors";
+import { readUtf8File, writeUtf8File } from "@nomicfoundation/hardhat-utils/fs";
 import chalk from "chalk";
 
 import { PLUGIN_ID } from "../constants.js";
 import { UserDisplayMessages } from "../ui/user-display-messages.js";
 
+export function getPasswordHandlers(
+  requestSecretInput: KeystoreRequestSecretInput,
+  consoleLog: KeystoreConsoleLog,
+  isDevKeystore: boolean,
+  devPasswordFilePath: string,
+): {
+  setUpPassword: () => Promise<string>;
+  askPassword: () => Promise<string>;
+  setNewPassword: (password: string) => Promise<string>;
+} {
+  if (isDevKeystore) {
+    return {
+      setUpPassword: () => setUpPasswordForDevKeystore(devPasswordFilePath),
+      askPassword: () => askPasswordForDevKeystore(devPasswordFilePath),
+      setNewPassword: () => {
+        throw new HardhatError(
+          HardhatError.ERRORS.HARDHAT_KEYSTORE.GENERAL.CANNOT_CHANGED_PASSWORD_FOR_DEV_KEYSTORE,
+        );
+      },
+    };
+  }
+
+  return {
+    setUpPassword: () => setUpPassword(requestSecretInput, consoleLog),
+    askPassword: () => askPassword(requestSecretInput),
+    setNewPassword: () => setNewPassword(requestSecretInput, consoleLog),
+  };
+}
+
 export async function setUpPassword(
-  requestSecretInput: (
-    interruptor: string,
-    inputDescription: string,
-  ) => Promise<string>,
-  consoleLog: (text: string) => void = console.log,
+  requestSecretInput: KeystoreRequestSecretInput,
+  consoleLog: KeystoreConsoleLog = console.log,
 ): Promise<string> {
   consoleLog(UserDisplayMessages.keystoreBannerMessage());
 
@@ -19,12 +54,19 @@ export async function setUpPassword(
   return createPassword(requestSecretInput, consoleLog);
 }
 
+export async function setUpPasswordForDevKeystore(
+  devPasswordFilePath: string,
+): Promise<string> {
+  const password = randomBytes(16).toString("hex");
+
+  await writeUtf8File(devPasswordFilePath, password);
+
+  return password;
+}
+
 export async function setNewPassword(
-  requestSecretInput: (
-    interruptor: string,
-    inputDescription: string,
-  ) => Promise<string>,
-  consoleLog: (text: string) => void = console.log,
+  requestSecretInput: KeystoreRequestSecretInput,
+  consoleLog: KeystoreConsoleLog = console.log,
 ): Promise<string> {
   consoleLog(UserDisplayMessages.passwordChangeMessage());
   consoleLog(UserDisplayMessages.passwordRequirementsMessage());
@@ -34,20 +76,20 @@ export async function setNewPassword(
 }
 
 export async function askPassword(
-  requestSecretInput: (
-    interruptor: string,
-    inputDescription: string,
-  ) => Promise<string>,
+  requestSecretInput: KeystoreRequestSecretInput,
 ): Promise<string> {
   return requestSecretInput(PLUGIN_ID, UserDisplayMessages.enterPasswordMsg());
 }
 
+export async function askPasswordForDevKeystore(
+  devPasswordFilePath: string,
+): Promise<string> {
+  return readUtf8File(devPasswordFilePath);
+}
+
 async function createPassword(
-  requestSecretInput: (
-    interruptor: string,
-    inputDescription: string,
-  ) => Promise<string>,
-  consoleLog: (text: string) => void = console.log,
+  requestSecretInput: KeystoreRequestSecretInput,
+  consoleLog: KeystoreConsoleLog = console.log,
 ) {
   const PASSWORD_REGEX = /^.{8,}$/;