Configuration

SCRT Labs regularly updates a Secret Network API Registry containing information required to configure the secretcli.

To check the status of a node use:

$ secretcli status --node "$URL"

Mainnet

secretcli config set client node https://rpc.mainnet.secretsaturn.net:443

secretcli config set client chain-id secret-4

secretcli config set client output json

Testnet

secretcli config set client node https://pulsar.rpc.secretnodes.com

secretcli config set client chain-id pulsar-3

secretcli config set client output json

secretcli config set client keyring-backend test

After installing the secretcli, the next thing to do is to start generating your own keys (public and private) to begin receiving, sending, and bonding SCRT.

Generate a secp256k1 Key

To generate a new secp256k1 key:

secretcli keys add <key-alias>

Note: The output of the above command contains a seed phrase. It's recommended to save the seed phrase in a safe place in case you forget the password of the operating system's credentials store.

The above command will generate an output similar to:

- name: test
  type: local
  address: secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}'
  mnemonic: ""


**Important** write this mnemonic phrase in a safe place.
It is the only way to recover your account if you ever forget your password.

become inspire first replace ask luxury extend member social donor expire lock correct buddy skull task dizzy rather injury decline series reflect piece dumb

Delete A Key

To delete a key use:

secretcli keys delete test

Key reference will be deleted. Continue? [y/N]: y
Key deleted forever (uh oh!)

After deleting a key you will no longer have access to the associated key account. You may regenerate the deleted key using the secretcli and the keys seed phrase.

Multiple keys may be deleted at once. You will be prompted to confirm each keys deletion:

secretcli keys delete pub_addr_2 pub_addr_1 multisig_sorted

# This is the output you should expect to seeb     

Key reference will be deleted. Continue? [y/N]: y
Public key reference deleted
Key reference will be deleted. Continue? [y/N]: y
Public key reference deleted
Key reference will be deleted. Continue? [y/N]: y
Key deleted forever (uh oh!)

Regenerate Key From Seed Phrase

You can regenerate the key from the seed phrase with the following command:

secretcli keys add --recover <key-alias>

Enter your bip39 mnemonic
become inspire first replace ask luxury extend member social donor expire lock correct buddy skull task dizzy rather injury decline series reflect piece dumb

- name: test
  type: local
  address: secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}'
  mnemonic: ""

Regenerate Key From Old Key Path

secretcli keys add test --coin-type 118 --recover 

Enter your bip39 mnemonic
become inspire first replace ask luxury extend member social donor expire lock correct buddy skull task dizzy rather injury decline series reflect piece dumb

- name: test
  type: local
  address: secret1tnmmdv2xkty3jgqh5l52tndgsk9m5caakv3ud6
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A/MV4cGgm7ILcdc/tyxysevjBBWjqBjsBoO5QIItzohJ"}'
  mnemonic: ""

Backup And Export Key

You can also backup your key using export — which outputs to stderr:

(copy and paste to a <key-export-file>)

secretcli keys export <key-alias>
Enter passphrase to encrypt the exported key:

-----BEGIN TENDERMINT PRIVATE KEY-----
kdf: bcrypt
salt: 893759B19955BA1302328B751361854F
type: secp256k1

5IZ1t7TJUL+D/MeiLmxxpucmMJxyNA2CEI4CiJAfrQe97gNtf3YFqZImSyr7yC05
jD3mmUNSch52z/w513Xmyui67YSvvCNYExGGc4g=
=JWtz
-----END TENDERMINT PRIVATE KEY-----

Import Key

You can import a key using the secretcli with:

secretcli keys import <key-alias> <key-export-file>
Enter passphrase to decrypt your key:

After importing your key, verify the key is imported with:

secretcli keys show test

- name: test
  type: local
  address: secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}'
  mnemonic: ""

\

There are three primary Secret Network address types:

1. Secret

2. Secretvaloper

3. Secretpub

Secret

Secret keys are for receiving and sending funds. They are made using:

secretcli keys add <name of key>

The command will generate an output similar to the following:

- name: test
  type: local
  address: secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}'
  mnemonic: ""


**Important** write this mnemonic phrase in a safe place.
It is the only way to recover your account if you ever forget your password.

become inspire first replace ask luxury extend member social donor expire lock correct buddy skull task dizzy rather injury decline series reflect piece dumb

An example of what a secret key looks like is:

• secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca

Secretvaloper

Secretvaloper keys are used to associate a validator to it's operator, and to invoke staking commands. To view an accounts secretvaloper key use:

secretcli keys show <account alias> --bech=val

The command will generate an output similar to the following:

- name: test
  type: local
  address: secretvaloper14c29nyq8e9jgpcpw55e3n7ea4aktxg4xnurynd
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"Ai2I8uRsSxk7QjpEWShNL97ZIdqzq/YE8ymkbCpybS5P"}'
  mnemonic: ""

An example of what a secretvaloper key looks like is:

• secretvaloper14c29nyq8e9jgpcpw55e3n7ea4aktxg4xnurynd

Secretpub

Secretpub keys are publicly available addresses that are distinct from the private / public key pair used for secret keys. They are primarily used by developers in Secret Network DApps, and by secretcli users to create multisig wallets with keys they do not own. To view an accounts secretpub key use:

secretcli keys show <account alias> --pubkey

The command will generate an output containing the corresponding accounts secretpub key:

{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}

There are differences between secretcli and secretd. secretd is a full node including the code running inside SGX, and secretcli is a command line interface (CLI) for sending and querying Secret Network transactions.

Why Make A Distinction Between secretcli And secretd?

Since secretd requires a full node with SGX capabilities, it's less user-friendly than secretcli because users must do the secondary step of installing SGX for its use. Most users interacting with the Secret Network using a CLI will not require a full node for sending and querying transactions and do not need to access a full node with the code running inside SGX.

A Better User Experience

The decision to make a distinction between secretcli and secretd was created to improve user experience. Installing SGX on Windows (hard), Mac (not supported), and desktop Linux (hard) is challenging and only required for specific use cases like running a full node, checking the status of a node, viewing public keys associated with a node, backing up mnemonics of a node, etc...

Local

Local key types are Secret Network keys owned by a secretcli user (i.e controls the private keys). Local accounts are made using the secretcli keys add <alias> command.

- name: test
  type: local # This is the 'local' key type
  address: secret1knpfllytv22umrlahglwmhjxkgavccjltxwnca
  pubkey: '{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}'
  mnemonic: ""

Multi

Multi key types, are Secret Network keys representing multi-signature wallet addresses. They are generated using the secretcli keys add --multisig=name1,name2,name3[...] --multisig-threshold=K command.

- name: test_multisig
  type: multi # This is the 'multi' key type
  address: secret1whdl9yjy8c7p3062xjehf2m69evljp8yfcv9zt
  pubkey: '{"@type":"/cosmos.crypto.multisig.LegacyAminoPubKey","threshold":2,"public_keys":[{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AiXwUPtwTJqxKZq/BjKi+7EFhqR2Aj9QT94lFzb5Ednp"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A7QMHOt+yLGddDxey51QLofwsTJWfqyzYmNOB9L1Oz1S"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}]}'
  mnemonic: ""

Offline

Offline key types are Secret Network keys that are imported into a secretcli users keyring, but NOT owned by the user. They are generated using the secretcli keys add <alias> --pubkey=<public_address_key> command.

- name: testpubkey
  type: offline # This is the 'offline' key type
  address: secret1kx668pa7py992x5m54zju9mn7ynruqtgp8lgge
  pubkey: '{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A2Wb8D5w+LKPNQ7z1VhiD5Q+8SnIFMMKjDyQXBhnlZwo\"}'
  mnemonic: ""

The secretcli (Secret Network Light Client) is a command-line interface tool for interacting with nodes running on the Secret Network blockchain. With the secretcli you can perform many important functions related to:

• Generating keys

• Creating multisig wallets

• Sending transactions

• Deploying and interacting with Secret Contracts

• Using governance

• and more...

To install the secretcli download the latest version here. Download the appropriate version of the secretcli based on the operating system you are using:

• secretcli-Linux

• secretcli-macOS

• secretcli-MacOS-arm64

• secretcli-Windows

Linux

After downloading secretcli-Linux you will need to navigate to the folder you have download it to make secretcli-Linux an executable program using a graphical user interface (GUI) or the command-line.

Note: Installing secretcli-Linux will ONLY give you access to the secretcli commands. For secretcli and secretd commands install one of the .deb packages.

GUI

Right click on the secretcli-Linux file and select 'Properties', then select 'Permissions', and then check the 'Allow executing the file as program' box beside the 'Execute' column.

Command-line

To make secretcli-Linux executable using the command-line navigate to where the file is located and use the following command:

chmod +x secretcli-Linux

Next Steps

You can now use the secretcli by using the following command inside of the folder it is located in with:

./secretcli-Linux

You will see some outputs related to available commands, flags, and usage.

It is recommended to rename seretcli-Linux to 'secretcli', and move the executable file into the correct location so it is automatically executable by typing secretcli anywhere within the command-line.

To achieve this use the following commands in the directory containing secretcli-Linux:

sudo mv secretcli-Linux /usr/local/bin/secretcli

Congrats! The secretcli is now installed!

Mac

Download the correct version of the secretcli for the Mac hardware on your system here. After downloading the secretcli there are two steps required to allow your system to execute the cli.

First, open your terminal application and navigate to the directory containing the secretcli file for your systems hardware. Once in the correct directory you will need to rename the file, and make the file executable using the following commands:

# for intel mac users use the command below 
mv secretcli-macOS secretcli

# for arm64 mac users use the command below 
mv secretcli-MacOS-arm64 secretcli

# Now make the file executable
chmod 755 secretcli

Mac users are required to perform another step after making the secretcli executable on their machines. This is because MacOs cannot recognize the developer of the secretcli file. Try running the following command in the directory containing the executable secretcli:

./secretcli

You will get a warning popup window with text similar to the following --> “secretcli” cannot be opened because the developer cannot be verified. There will be two options: move to trash or cancel. Select cancel.

You will see the text: "secretcli" was blocked from use because it is not from an identified developer. Click the 'Allow Anyway' button.

Now you should be able to use the secretcli when inside of the folder it is found in:

./secretcli 

You will see the following warning popup, click 'open'.

After clicking open you should see the following output in your terminal application:

The Secret Network App Daemon (server)

Usage:
  secretd [command]

Available Commands:
  add-genesis-account Add a genesis account to genesis.json
  auto-register       Perform remote attestation of the enclave
  check-enclave       Test enclave status
  collect-gentxs      Collect genesis txs and output a genesis.json file
  config              Create or query an application CLI configuration file
  configure-secret    After registration is successful, configure the secret node with the credentials file and the encrypted seed that was written on-chain
  debug               Tool for helping with debugging your application
  export              Export state to JSON
  gentx               Generate a genesis tx carrying a self delegation
  help                Help about any command
  init                Initialize private validator, p2p, genesis, and application configuration files
  init-bootstrap      Perform bootstrap initialization
  init-enclave        Perform remote attestation of the enclave
  keys                Manage your application's keys
  migrate             Migrate genesis to a specified target version
  parse               Verify and parse a certificate file
  query               Querying subcommands
  reset-enclave       Reset registration & enclave parameters
  rollback            rollback cosmos-sdk and tendermint state by one height
  rosetta             spin up a rosetta server
  start               Run the full node
  status              Query remote node for status
  tendermint          Tendermint subcommands
  tx                  Transactions subcommands
  validate-genesis    validates the genesis file at the default location or at the location passed as an arg
  version             Print the application binary version information

Flags:
      --bootstrap           Start the node as the bootstrap node for the network (only used when starting a new network)
  -h, --help                help for secretd
      --home string         directory for config and data (default "/Users/dawsonsewell/.secretd")
      --log_format string   The logging format (json|plain) (default "plain")
      --log_level string    The logging level (trace|debug|info|warn|error|fatal|panic) (default "info")
      --trace               print out full stack trace on errors

Use "secretd [command] --help" for more information about a command.

We recommend moving the secretcli into your path to be able to use it anywhere within your systems terminal application with:

mv secretcli /usr/local/bin

Congrats! The secretcli is now installed!

Windows (WSL)

secretcli-Linux is compatible for use within the Windows Subsystem for Linux (WSL). Follow the Linux Command-line instructions to install it.

Windows (Native)

After downloading secretcli-Windows you can now use the secretcli by using the following command inside of the folder it is located in:

./secretcli-Windows

You will see some outputs related to available commands, flags, and usage.

It is recommended to rename seretcli-Windows to 'secretcli.exe', and move the executable file to a location where it is automatically executable by typing secretcli anywhere within the command-line.

To achieve this use the following commands in a Powershell terminal, in the directory containing secretcli-Windows:

mkdir "$home\appdata\local\secretcli"
mv secretcli-Windows "$home/appdata/local/secretcli/secretcli.exe"
$old_path = [Environment]::GetEnvironmentVariable('path', 'user');
$new_path = $old_path + ';' + "$home\appdata\local\secretcli"
[Environment]::SetEnvironmentVariable('path', $new_path,'User');

Restart your terminal and test the installation by running:

secretcli

Update SecretCLI (Windows)

To update or install a different version of SecretCLI on Windows, download the release of secretcli-Windows and move it to the correct location:

mv secretcli-Windows "$home/appdata/local/secretcli/secretcli.exe"

The other commands do not need to be run again if they have already been run on your account.

Viewing Private Keys

If you check your private keys, you'll now see <key-alias>:

If you want to just see your secret address:

You can see all your available keys by typing:

Viewing Validator Keys

View the validator operator's address via:

View the validator pubkey for your node by typing:

Note: This is the Tendermint signing key, not the operator key you will use in delegation transactions.

Warning

We strongly recommend NOT using the same passphrase for multiple keys. The Tendermint team and the Interchain Foundation will not be responsible for the loss of funds.

Multisig transactions require signatures of multiple private keys, typically owned by multiple parties. A multisig transaction is initiated by any key holder, and at least one of them would need to import other parties' public keys into their Keybase and generate a multisig public key to finalize and broadcast multisig transactions.

Show Multisig Address

When a new multisig public key test_multisig is stored its address will be the signer of multisig transactions:

secretcli keys show test_multisig -a

secret1zy90yjysn579l65sj643tphq4pem6ufkl0djd6

View Multisig Threshold

You may also view multisig threshold, pubkey constituents and respective weights by viewing the JSON output of the key:

secretcli keys show test_multisig --pubkey

# You will see the output of the pubkey, look or "threshold"
'{"@type":"/cosmos.crypto.multisig.LegacyAminoPubKey","threshold":2,"public_keys":[{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AiXwUPtwTJqxKZq/BjKi+7EFhqR2Aj9QT94lFzb5Ednp"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A7QMHOt+yLGddDxey51QLofwsTJWfqyzYmNOB9L1Oz1S"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}]}'
  mnemonic: ""

The -p flag can be used interchangeably with the --pubkey flag to only show the output of pubkey information.

secretcli keys show test_multisig -p

Initiate Multisig Transaction

General usage of the secretcli for sending transactions uses the follow format:

secretcli tx bank send [from_key_or_address] [to_address] [amount] [flags]

Note: To be able to correctly test multisig transactions you will need tokens owned by the multisig wallet. Get testnet tokens using the faucet.

The first step to create a multisig transaction is to initiate it on behalf of the multisig address created above using the following command:

secretcli tx bank send 
    secret1zy90yjysn579l65sj643tphq4pem6ufkl0djd6 \ # From address
    secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs \ # To adress 
    1000uscrt \ # Amount being sent 
    --generate-only > unsignedTx.json # Json for account owner signing

# unsignedTx.json file contents 

{
  "body": {
    "messages": [
      {
        "@type": "/cosmos.bank.v1beta1.MsgSend",
        "from_address": "secret1zy90yjysn579l65sj643tphq4pem6ufkl0djd6",
        "to_address": "secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs",
        "amount": [
          {
            "denom": "uscrt",
            "amount": "1000"
          }
        ]
      }
    ],
    "memo": "",
    "timeout_height": "0",
    "extension_options": [],
    "non_critical_extension_options": []
  },
  "auth_info": {
    "signer_infos": [],
    "fee": {
      "amount": [
        {
          "denom": "uscrt",
          "amount": "50000"
        }
      ],
      "gas_limit": "200000",
      "payer": "",
      "granter": ""
    }
  },
  "signatures": [] # Notice that none of the multisg owners have signed yet

Signing Multisig Transactions

The file unsignedTx.json contains the unsigned transaction encoded in JSON. key1 can now sign the transaction with its own private key:

secretcli tx sign \ 
    unsignedTx.json \
    --multisig=test_multisig \
    --from=key1 \
    --output-document=key1Signature.json \
    --chain-id=pulsar-3 # This is the testnet chain-id

After generating the key1Signature.json file, other wallets making up the multisig need to use the unsignedTx.json to generate their own individual signed json files:

secretcli tx sign \ 
    unsignedTx.json \
    --multisig=test_multisig \
    --from=key2 \
    --output-document=key2Signature.json \
    --chain-id=pulsar-3

Since the 'k' value of test_multisig is set to 2, a third signature from the final key making up the wallet (key3) is not required to officially sign and broadcast the multisig transaction. Any the key holders of the multisig can now generate the multisig transaction by combining the required signature files:

secretcli tx multisign \
  unsignedTx.json \
  test_multisig \
  key1Signature.json key2Signature.json > signedTx.json

# signedTx.json contents 

{
  "body": {
    "messages": [
      {
        "@type": "/cosmos.bank.v1beta1.MsgSend",
        "from_address": "secret1zy90yjysn579l65sj643tphq4pem6ufkl0djd6",
        "to_address": "secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs",
        "amount": [
          {
            "denom": "uscrt",
            "amount": "1000"
          }
        ]
      }
    ],
    "memo": "",
    "timeout_height": "0",
    "extension_options": [],
    "non_critical_extension_options": []
  },
  "auth_info": {
    "signer_infos": [
      {
        "public_key": {
          "@type": "/cosmos.crypto.multisig.LegacyAminoPubKey",
          "threshold": 2,
          "public_keys": [
            {
              "@type": "/cosmos.crypto.secp256k1.PubKey",
              "key": "A2wRQgUwB6BMLcoa9acVrZ56EydgQMb0hJS1Fq6/nLPs"
            },
            {
              "@type": "/cosmos.crypto.secp256k1.PubKey",
              "key": "AxI12MHj4ZEPJd0eWIu25bNoTH6XyhY5MdsUIqqut3Fv"
            },
            {
              "@type": "/cosmos.crypto.secp256k1.PubKey",
              "key": "AzkEF0QT7qTvI/W3IO5lPQMUa9sR7Z29b4TT6k0Lo8Qe"
            }
          ]
        },
        "mode_info": {
          "multi": {
            "bitarray": {
              "extra_bits_stored": 3,
              "elems": "wA=="
            },
            "mode_infos": [
              {
                "single": {
                  "mode": "SIGN_MODE_LEGACY_AMINO_JSON"
                }
              },
              {
                "single": {
                  "mode": "SIGN_MODE_LEGACY_AMINO_JSON"
                }
              }
            ]
          }
        },
        "sequence": "0"
      }
    ],
    "fee": {
      "amount": [
        {
          "denom": "uscrt",
          "amount": "50000"
        }
      ],
      "gas_limit": "200000",
      "payer": "",
      "granter": ""
    }
  },
  "signatures": [
    "CkAJd+gSCrcPd8hlX2YT68bCALTi8+Rk0AVUGnMK7QAuFmrr2uACK9q2u4QQij49BXL6LaXEhZkUXFc3aCkMxmJFCkCEeY7AGFowB+GIBiZkEUsJg/RjM/cvqt/JvBcSYwDiS2EAMBMGItZNP/WdRX1pnbCWIHIo5Wqohc0qJ8WYfkm6"
  ]
}

Broadcasting Multisig Transactions

The transaction can now be broadcast to the network using the singed.json file:

secretcli tx broadcast signedTx.jshon

After executing the above command an output will be generated containing information about the transaction:

{
  "height": "0",
  "txhash": "52A1CB5C4049023A14616462A37A419240EBE99E7C941B7E9E17BD32FE92B134",
  "codespace": "sdk",
  "code": 19,
  "data": "",
  "raw_log": "",
  "logs": [],
  "info": "",
  "gas_wanted": "0",
  "gas_used": "0",
  "tx": null,
  "timestamp": "",
  "events": []
}

Broadcasted transactions can be viewed online using a Secret Network block explorer by searching for the transaction has (txhash). For example, the testnet transaction above can be viewed here.

Generating A Multisig Wallet

You can generate a multisig wallet using keys you own using the secretcli by:

secretcli keys add --multisig=acc1,acc2,acc3[...] \
    --multisig-threshold=K <new-key-alias>

The command above will generate an output similar to the following:

- name: test_multisig
  type: multi
  address: secret1whdl9yjy8c7p3062xjehf2m69evljp8yfcv9zt
  pubkey: '{"@type":"/cosmos.crypto.multisig.LegacyAminoPubKey","threshold":2,"public_keys":[{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AiXwUPtwTJqxKZq/BjKi+7EFhqR2Aj9QT94lFzb5Ednp"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A7QMHOt+yLGddDxey51QLofwsTJWfqyzYmNOB9L1Oz1S"},{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A0QMBqFY4J39i6NrH4qR5uOEnyytpkyeWFg/e0sPd8NJ"}]}'
  mnemonic: ""

Generating A Multisig Wallet With Keys You Do Not Own

You can generate multisig wallets with your own keys, and using other public keys you do not own using the secretcli:

# Add public keys of address you want to have on the multisig wallet to the 
# secretcli keyring 

secretcli keys add pub_addr_1 \ 
    --pubkey='{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"A3YmkInq4LS9XJzf+4Xk7SV9Pasybpoc4mNGrko4exyH"}'
    
secretcli keys add pub_addr_2 \
    --pubkey='{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"As3QBF2LipZdMUP7ICwS3wfkpybNImCq1uDVjSuUvQCg"}'

# Verify keys were added to secretcli keyring 
# Keys added to the keyring using public keys only will be of 'type: offline'

secretcli keys list

Now that all the keys are present in your local secretcli keyring, create a multisig wallet as you normally would with keys that you own:

secretcli keys add \
    test_multisig
    --multisig=test,pub_addr_1,pub_addr_2 
    --multisig-threshold=2

To confirm the multisig wallet was made with the correct addresses use:

secretcli keys show MULTISIG_NAME -a 

# You should see the multisig addresses as an output 

K Value

K is the minimum number of private keys that must have signed the transactions carrying the public key's address as a signer. Typically the K value will be lower than the total number of wallets associated with the multisig wallet, and high enough to require the majority of associated wallets to approve transactions.

Best Practices

For example, if there are 6 controlling addresses associated with a multisig wallet it would be poor practice for set the K value to 1, 2, 5, or 6. If the K value is too low (i.e 1 or 2) a minority of multisig members will be always in control of the multisig wallet; if any one or two members agree on making a transaction they will be able to even if the remaining 4-5 members do not agree with the transactions. If the K value is too high, and one or two of the members wallets on the multisig are lost or compromised no transactions with the multisig will be possible, and all associated assets held by the multisig wallet will be lost.

Multisig Flags

The --multisig flag must contain the name of public keys to be combined into a public key that will be generated and stored as new-key-alias in the local database.

All names supplied through --multisig must already exist in the local database. is set. The order of the supplied keys on the command line does not matter, i.e. the following commands generate two identical keys:

secretcli keys add --multisig=foo,bar,baz --multisig-threshold=2 <multisig-address>
secretcli keys add --multisig=baz,foo,bar --multisig-threshold=2 <multisig-address>

To make the multisig wallet keys get passed into the multisig wallet in a specific order (i.e the order they are given) the --nosort flag must be used:

secretcli keys add multisig_sorted \
    --multisig=pub_addr_2,test,pub_addr_1 \ 
    --multisig-threshold=2 \ 
    --nosort 

For demonstration purposes, the above command will produce a multisig wallet where each key is added in the exact order they are given to the public keys associated with the multisig wallet:

secretcli keys show multisig_sorted --pubkey | jq
{
  "@type": "/cosmos.crypto.multisig.LegacyAminoPubKey",
  "threshold": 2,
  "public_keys": [
    { # This is the public key associated with 'pub_addr_2'
      "@type": "/cosmos.crypto.secp256k1.PubKey",
      "key": "As3QBF2LipZdMUP7ICwS3wfkpybNImCq1uDVjSuUvQCg"
    },
    { # This is the public key associated with 'test'
      "@type": "/cosmos.crypto.secp256k1.PubKey",
      "key": "Ai2I8uRsSxk7QjpEWShNL97ZIdqzq/YE8ymkbCpybS5P"
    },
    { # This is the public key associated with 'pub_addr_1'
      "@type": "/cosmos.crypto.secp256k1.PubKey",
      "key": "A3YmkInq4LS9XJzf+4Xk7SV9Pasybpoc4mNGrko4exyH"
    }
  ]
}

Matching a Set of Events

Querying transaction commands use the following format:

secretcli query tx \
    --type=[hash|acc_seq|signature] \
    [hash|acc_seq|signature] \
    [flags]

Use the transaction search command to query for transactions matching a specific set of events, which are added on every transaction.

Each event contains a key-value pair in the form of {eventType}.{eventAttribute}={value}.

Events can be combined to query for more specific results using the & symbol.

You can query transactions by events as follows:

secretcli q txs --query "message.sender='secret1...'"

And for using multiple events:

secretcli q txs --query "message.sender='secret1...' AND message.action='/secret.compute.v1beta1.MsgInstantiateContract' "

The pagination is supported as well via page and limit:

secretcli q txs --query "message.sender='secret1...'" --page=1 --limit=20

Note: The action tag always equals the message type returned by the Type() function of the relevant message.

Events List

You can find a list of available events on each of the SDK modules:

• Staking events

• Governance events

• Slashing events

• Distribution events

• Bank events

Matching a Transaction Hash

You can query a single transaction by its hash using the following command:

secretcli q tx [hash]

Flags

There are four flags associated with querying Secret Network transactions using the secretcli.

Height

The --height [int] flag uses a specific height to query the state of the Secret Network (there will be an error if the node is pruning state).

Node

The --node [string] flag uses <host>:<port> to connect with the Tendermint RPC for a specific chain (default is "tcp://localhost:26657").

Type

The --type [string] flag is for querying a tx, and can be the 'hash' (default), 'acc_seq', or 'signature'.

Help

The --help flag will generate an output giving further details on flags to use with the tx class of secretcli commands, and information about global flags to use with the secretcli.

Testnet Faucet

On a testnet, getting tokens is usually done via a faucet. You can get tokens for testing purposes using the Secret Network faucet.

Query Account Balance

After receiving tokens to your address, you can view your account's balance by typing:

secretcli query bank balances <secret-address>

# secretcli query bank balances secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs | jq

{
  "balances": [
    {
      "denom": "uscrt",
      "amount": "99942000"
    }
  ],
  "pagination": {
    "next_key": null,
    "total": "0"
  }
}

Get your <secret-address> using:

# Use the -a flag to display the addres only
secretcli keys show -a <key-alias>

You can also supply your address with the following command:

# This grabs the desired acount address and uses it as an input to the 
# secretcli query bank balances command
secretcli query bank balances $(secretcli keys show -a <key-alias>)

Note: When querying an account balance with zero tokens, you will get the error: No account with address <secret-address> was found in the state. This can also happen if you fund the account before your node is fully synced. These are both normal.

Send Tokens

Use the following command to send tokens from one account to another:

secretcli tx bank send <sender-key-alias-or-address> <recipient-address> --fees=70000uscrt 10uscrt

Note: The amount argument accepts the format <value|coin_name>. You may want to cap the maximum gas consumed by transactions via the --gas flag.

If you pass --gas=auto, the gas supply is automatically estimated before transaction execution.

Inaccurate gas estimates may occur in-between the end of the simulation and the actual execution of a transaction. An adjustment needs to be applied on top of the original estimate for the transaction to be broadcasted successfully. Adjustment are controlled via the --gas-adjustment flag, with a default value of 1.0.

To view updated balances of origin and destination accounts use:

secretcli query bank balances <secret-address>
secretcli query bank balances <recipient-address>

Flags

Height

You can also check balances at any block height using the --height flag:

secretcli query bank balances <secret-address> --height=<block_height>

Example

secretcli query bank balances \ 
  secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs \
  --height=3415892 | jq

Example Output

{
  "balances": [
    {
      "denom": "uscrt",
      "amount": "2000"
    }
  ],
  "pagination": {
    "next_key": null,
    "total": "0"
  }
}

Note

You can add a note (previously called 'memo') to any transaction using the --note flag:

secretcli tx bank send \ 
    <sender-key-alias-or-address> \
    <recipient-address> \
    <amount> \ 
    --note '<note contents>'

 secretcli tx bank send \
    secret1kcy20p0cs2wakeqz00xgs5m0cmj65283xqmvfs \
    secret193w2cdzhjt9vf9ehw9clmmyg5jvnj7dslaqcd0 \
    10uscrt \
    --note 'Hello this is a test' | jq

confirm transaction before signing and broadcasting [y/N]: y

{
  "height": "0",
  "txhash": "9E41B419CAFDC245706B0B6C689299AFEF932F2864F88F6FBA417DE516F39B2A",
  "codespace": "",
  "code": 0,
  "data": "",
  "raw_log": "[]",
  "logs": [],
  "info": "",
  "gas_wanted": "0",
  "gas_used": "0",
  "tx": null,
  "timestamp": "",
  "events": []
}

Dry Run

You can simulate a transaction without actually broadcasting it by appending the --dry-run flag:

secretcli tx bank send \
  <sender-key-alias-or-address> \
  <recipient-address> \
  10uscrt \
  --chain-id=<chain-id> \
  --dry-run

// Some code

Generate Only

Furthermore, you can build a transaction and print its JSON format to STDOUT by appending --generate-only to the list of arguments:

secretcli tx bank send <sender-key-alias-or-address> <recipient-address> 10uscrt \
  --chain-id=<chain-id> \
  --generate-only > unsignedSendTx.json

secretcli tx sign \
  --chain-id=<chain-id> \
  --from=<key-alias> \
  unsignedSendTx.json > signedSendTx.json

Note: The --generate-only flag prevents secretcli from accessing the local keybase. When the flag is supplied <sender-key-alias-or-address> must be an address.

Validate Signatures

You can validate transaction signatures by typing the following:

secretcli tx validate-signatures --from=<key-alias> signedSendTx.json

Broadcast Signed Transaction

You can broadcast the signed transaction to a node by providing the JSON file using:

secretcli tx broadcast --node=<node> signedSendTx.json

A user can query and interact with the slashing module using the CLI. For more information about how slashing works on the Secret Network go to the Node Runners page and look for the 'Slashing For Downtime' section.

See Slashing for the official Cosmos Network module documentation.

Query

The query commands allow users to query slashing state:

secretcli query slashing --help

Available Commands:
  params        Query the current slashing parameters
  signing-info  Query a validator's signing information
  signing-infos Query signing information of all validators

Params

The params command allows users to query genesis parameters for the slashing module.

secretcli query slashing params -oj | jq

Example Output

{
  "signed_blocks_window": "22500",
  "min_signed_per_window": "0.500000000000000000",
  "downtime_jail_duration": "600s",
  "slash_fraction_double_sign": "0.050000000000000000",
  "slash_fraction_downtime": "0.000100000000000000"
}

Signed Blocks Window

signed_blocks_window, alongside min_signed_per_window is how validator uptime is calculated. With an average block time of 6 seconds, 22500 blocks is roughly 37 hours worth of blocks.

Min Signed Per Window

min_signed_per_window is a percentage. For Secret, that number is 50%. In other words, to become jailed, a validator must miss half of the 22500 blocks (as defined by signed_blocks_window) in order to become jailed. Given that 22500 blocks takes roughly 37 hours, it'd require missing nearly 18 hours of consecutive blocks to become jailed and incur a downtime slashing event.

Downtime Jail Duration

downtime_jail_duration is how many seconds must pass before a validator can become unjailed by running secretd tx slashing unjail --from {wallet}.

Slash Fraction Double Sign

slash_fraction_double_sign is the percent of all stake on the validator that is burned when a validator is slashed. For most networks including Secret, that value is 5%. Meaning, if 100 SCRT is delegated to the validator regardless of whether it's owned by the operator or delegators, 5 SCRT will be burned and permanently taken out of circulation.

Slash Fraction Downtime

slash_fraction_downtime is the percent of all stake on the validator that is burned when a validator is slashed. For most networks including Secret, that value is 0.01%. Meaning, if 100 SCRT is delegated to the validator regardless of whether it's owned by the operator or delegators, 0.01 SCRT will be burned and permanently taken out of circulation.

Signing-info

The signing-info command allows users to query signing-info of the validator using consensus public key.

secretcli query slashing signing-info [public-key]

Example

secretcli query slashing signing-info \
    '{ "@type": "/cosmos.crypto.ed25519.PubKey","key": "iKZCEP93nVojf2UhQh72yT+d3XEgRlrX1NZBtJJCL2o=" }' 

Example Output:

{
  "address": "secretvalcons1hgsv6kc667du838csfuy7swcdq2z5mdtuje4wa",
  "start_height": "3117888",
  "index_offset": "237143",
  "jailed_until": "1970-01-01T00:00:00Z",
  "tombstoned": false,
  "missed_blocks_counter": "38"
}

Signing-infos

The signing-infos command allows users to query signing infos of all validators.

secretcli query slashing signing-infos

Example Output

{
  "info": [
    // ...
    {
      "address": "secretvalcons1hgsv6kc667du838csfuy7swcdq2z5mdtuje4wa",
      "start_height": "3117888",
      "index_offset": "237143",
      "jailed_until": "1970-01-01T00:00:00Z",
      "tombstoned": false,
      "missed_blocks_counter": "38"
    },
    // ...
  ]
}

Transactions

The tx commands allow users to interact with the slashing module.

secretcli tx slashing --help

Unjail

The unjail command allows users to unjail a validator previously jailed for downtime.

secretcli tx slashing unjail --from mykey [flags]

Example

secretd tx slashing unjail --from mykey

Transactions can be broadcast using the following command:

secretcli tx broadcast tx_signed.json

Broadcast Mode

When broadcasting transactions, secretcli can accept a --broadcast-mode flag. The value of this flag can be sync (default), async.

• sync makes the client return a CheckTx response (default)

• async makes the client return immediately

On the Secret Network gas is a special unit used for tracking the the use of resources during code execution (usually paid by the transaction sender). Gas fees are normally paid to execute read / write commands, but can also be used to pay for more resource intensive computational tasks.

Gas primarily serves two purposes:

2. To prevent end-users from spamming and abusing the Secret Network. Most applications implement fee mechanisms to prevent spam, but the secretcli does not enforce gas pricing by default.

Each transaction supplies fees or gas prices, but never both.

Validator's have a minimum gas price (multi-denom) configuration used to determine if they should include a transaction in a block during CheckTx, where gasPrices >= minGasPrices.

Note: Transactions must supply fees greater than or equal to any fees set by validators. Validators may start to prioritize transactions by gasPrice in the mempool, increasing transaction priority based on fees or gas prices.

e.g.

or

Query Distribution Parameters

To check current distribution parameters, run:

Query Distribution Community Pool

To query all coins in the community pool under Governance control:

Query Outstanding Validator rewards

To check current outstanding (un-withdrawn) rewards, run:

Query Validator Commission

To check current outstanding commission for a validator, run:

Query Validator Slashes

To check historical slashes for a validator, run:

Query Delegator Rewards

To check current rewards for a delegation (were they to be withdrawn), run:

Query All Delegator Rewards

To check all current rewards for a delegation (were they to be withdrawn), run:

If you are running a full node or a validator node, view the status by typing:

secretcli status

# Use the -n, --node flag to connect to a
# specific node (default "tcp://localhost:26657")

Example output for secretcli status | jq:

{
  "NodeInfo": {
    "protocol_version": {
      "p2p": "8",
      "block": "11",
      "app": "0"
    },
    "id": "38bee11836e06fec5cb9b3eb6ca66a44abf6c2ea",
    "listen_addr": "174.138.172.52:26656",
    "network": "secret-4",
    "version": "0.34.19",
    "channels": "40202122233038606100",
    "moniker": "anode1-node02",
    "other": {
      "tx_index": "on",
      "rpc_address": "tcp://174.138.172.52:26657"
    }
  },
  "SyncInfo": {
    "latest_block_hash": "8B56C543B4D58378C514EFF0643A9FE392E31E4F35C10E57EF355D422E0BAD6D",
    "latest_app_hash": "72286A7DDA4DFC38737DC6B6381235003166C46A99DD77955801660669AC889D",
    "latest_block_height": "4060469",
    "latest_block_time": "2022-06-28T12:10:32.992861612Z",
    "earliest_block_hash": "C168FE742EC3DCD6911B31CEE7F0C58EF7621EB85E87193875CD9C2C7E74473C",
    "earliest_app_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855",
    "earliest_block_height": "813800",
    "earliest_block_time": "2021-11-10T15:00:00Z",
    "catching_up": false
  },
  "ValidatorInfo": {
    "Address": "FAABDCF81803E51DE9A7C6EA7447F1D403B50C1F",
    "PubKey": {
      "type": "tendermint/PubKeyEd25519",
      "value": "7eb9uBzsF2v83pT9JxTzE2B4cAdHpSfrF/tLUyIQQvU="
    },
    "VotingPower": "0"
  }
}

Uploading a Secret Contract

To upload a contract:

secretcli tx compute store ./contract.wasm.gz --from mykey --source "https://github.com/<username>/<repo>/tarball/<version>" --builder "enigmampc/secret-contract-optimizer:1.0.2"

• --source: Optional tarball of the source code, so your contract will be verifiable.

• --builder: Optional docker image used to compile ./contract.wasm.gz, so that your contract will be verifiable. This is important for reproducible builds so you should figure out the exact version of enigmampc/secret-contract-optimizer that you were using.

To get the contract's code ID:

secretcli q tx [hash]

This will output a long JSON output, like this:

{
  // [...]
  "logs": [
    {
      "msg_index": 0,
      "log": "",
      "events": [
        {
          "type": "message",
          "attributes": [
            {
              "key": "action",
              "value": "store-code"
            },
            {
              "key": "module",
              "value": "compute"
            },
            {
              "key": "signer",
              "value": "your secret address"
            },
            {
              "key": "code_id",
              "value": "your code id"
            }
          ]
        }
      ]
    }
  ],
  "gas_wanted": "5000000",
  "gas_used": "3720108",
  "tx": {
    "@type": "/cosmos.tx.v1beta1.Tx",
    "body": {
      "messages": [
        {
          "@type": "/secret.compute.v1beta1.MsgStoreCode",
          "sender": "your secret address",
          "wasm_byte_code": "...base64 encoded string of your contract's bytecode ...",
          "source": "",
          "builder": ""
        }
      ],
      "memo": "",
      "timeout_height": "0",
      "extension_options": [],
      "non_critical_extension_options": []
    },
  },
  // [...]
  "timestamp": "2022-06-23T13:52:35Z"
}

You will then find the code id under the logs.events array on the object with key code_id.

Instantiating a Secret Contract

In order to instantiate a contract, simply run the following command:

secretcli tx compute instantiate $CODE_ID "$INIT_INPUT_MSG" --from mykey --label "$UNIQUE_LABEL"

Where $CODE_ID is the code id that you got from the command above and $INIT_INPUT_MSG is a JSON encoded version of the init message required in your contract. This message will depend on your contract.

To get the contract's address:

secretcli q tx [hash]

You will find the contract address under logs.events.array on the object with key contract_address.

Executing a Secret Contract

Executing a contract is just as simple, simply use

secretcli tx compute execute $CONTRACT_ADDRESS "$EXEC_INPUT_MSG"

Where$CONTRACT_ADDRESS is the address you found above, and $EXEC_INPUT_MSG is the message containing the handle function you're trying to execute. This message will heavily depend on your contract, but generally the format follows the following pattern:

{
    "handler_name_as_snake_case": {
        "argumentA": "value for argument A",
        "argumentB": "value for argument B"
    }
}

You can also execute a function on a contract by using the contract's label over the address, like so:

secretcli tx compute execute --label "$UNIQUE_LABEL" "$EXEC_INPUT_MSG"

Please note that this is not recommended as its easy for someone to deploy a contract with a similar enough label where you could possibly execute the wrong contract by typoing, but it's much harder for the same thing to happen with an address.

Reading the Output of a Secret Contract Tx

In order to read the output of a transaction, such as the output of a handle function called by compute execute or a contract that has just been instantiated you would run the following

secretcli q compute tx $HASH

Where $HASH is your transaction hash.

Querying a Secret Contract

Querying a smart contract is just as easy, you just execute the following:

secretcli q compute query $CONTRACT_ADDRESS "$QUERY_INPUT_MSG"

Where$CONTRACT_ADDRESS is the address of your contract and $QUERY_INPUT_MSG is the query you're trying to run. The output will depend on your contract.

As of V1.7 of Secret Network users can enable autocompounding SCRT staking with their respective validators.

The autostake feature will claim rewards for you and automatically delegate them back to the same validator. To receive your liquid rewards you will have to unbond.

The minimum amount of staked SCRT to use this feature is 10 SCRT!

Query restake status

You can query the restaking situation per delegator and receive a list with validator addresses for which the user has turned this feature on.

Enable restake

One must be staked before one can activate restaking. The following command can be used to activate restaking for the stake that is with that validator as long more tokens are bonded than restake-threshold(currently 10000000 uSCRT = 10 SCRT).

Query restake Parameters

One can query the parameters for Restake using the command below

With the above command you will get the values for all parameters that can be set by Governance including:

• minimum_restake_threshold - # of uSCRT required to enable restake

• restake_period - The autocompouding frequency denominated in the # of blocks

On mainnet, you can delegate uscrt to a validator. These delegators can receive part of the validator's fee revenue. To learn more read about the Cosmos Token Model.

Query Validators

You can query the list of all validators of a specific chain:

secretcli q staking validators

If you want to get the information of a single validator you can check it with:

secretcli q staking validator <validator-address>

Note: _ A list of validators on the pulsar-3 Secret Network testnet can be found here._

Bond Tokensw

On the Secret Network mainnet, we delegate uscrt, where 1scrt = 1000000uscrt. Here's how you can bond tokens to a validator (i.e. delegate):

secretcli tx staking delegate \
	<validator-operator-address>
	<amount> \
	--from=<key-alias>

Example:

secretcli tx staking delegate \
	secretvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm \
	1000uscrt \
	--from <key-alias>

<validator-operator-address> is the operator address of the validator to which you intend to delegate. If you are running a full node, you can find this with:

secretcli keys show <key-alias> --bech val

Where <key-alias> is the name of the key you specified when you initialized secretd.

While tokens are bonded, they are pooled with all the other bonded tokens in the network. Validators and delegators obtain a percentage of shares that equal their stake in this pool.

Withdraw Rewards

To withdraw the delegator rewards:

secretcli tx distribution withdraw-rewards <validator-operator-address> --from <key-alias>

Query Delegations

Once you've submitted a delegation to a validator, you can see it's information by using the following command:

secretcli q staking delegation <delegator-address> <validator-operator-address>

Example:

secretcli q staking delegation \
	secret1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p \
	secretvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj

Or if you want to check all your current delegations with distinct validators:

secretcli q staking delegations <delegator-address>

Unbond Tokens

There currently is in place a 21 days unbonding rule, during which no rewards are handed out.

If for any reason the validator misbehaves, or you just want to unbond a certain amount of tokens, use this following command:

secretcli tx staking unbond \
  <validator-address> \
  10uscrt \
  --from=<key-alias> \
  --chain-id=<chain-id>

The unbonding will be automatically completed when the unbonding period passes.

Query Unbonding-Delegations

Once you begin an unbonding-delegation, you can see it's information by using the following command:

secretcli q staking unbonding-delegation <delegator-address> <validator-operator-address>

Or if you want to check all your current unbonding-delegations with distinct validators:

secretcli q staking unbonding-delegations <delegator-address>

Additionally, you can get all the unbonding-delegations from a particular validator:

secretcli q staking unbonding-delegations-from <validator-operator-address>

Redelegate Tokens

A redelegation is a type delegation that allows you to bond illiquid tokens from one validator to another:

secretcli tx staking redelegate \
  <src-validator-operator-address> \
  <dst-validator-operator-address> \
  10uscrt \
  --from=<key-alias> \
  --chain-id=<chain-id>

Here you can also redelegate a specific shares-amount or a shares-fraction with the corresponding flags.

The redelegation will be automatically completed when the unbonding period has passed.

Query Redelegations

Once you begin an redelegation, you can see it's information by using the following command:

secretcli q staking redelegation <delegator-address> <src-valoper-address> <dst-valoper-address>

Or if you want to check all your current unbonding-delegations with distinct validators:

secretcli q staking redelegations <delegator-address>

Additionally, you can get all the outgoing redelegations from a particular validator:

  secretcli q staking redelegations-from <validator-operator-address>

Query Parameters

Parameters define high level settings for staking. You can get the current values by using:

secretcli q staking params

With the above command you will get the values for:

• Unbonding time

• Maximum numbers of validators

• Coin denomination for staking

Example:

$ secretcli q staking params

{

"unbonding_time": "1814400000000000",

"max_validators": 50,

"max_entries": 7,

"historical_entries": 0,

"bond_denom": "uscrt"

}

All these values will be subject to updates though a governance process by ParameterChange proposals.

Query Pool

A staking Pool defines the dynamic parameters of the current state. You can query them with the following command:

secretcli q staking pool

With the pool command you will get the values for:

• Not-bonded and bonded tokens

• Token supply

• Current annual inflation and the block in which the last inflation was processed

• Last recorded bonded shares

Query Delegations To Validator

You can also query all of the delegations to a particular validator:

  secretcli q staking delegations-to <validator-operator-address>

Example:

$ secretcli q staking delegations-to secretvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj

\

Introduction

Governance is the process of Secret Network users coming to consensus on software upgrades, parameters of the mainnet, or signaling mechanisms through text proposals. This is done through voting on proposals, which will be submitted by SCRT holders on the mainnet.

The Voting Process

• Voting is done by bonded SCRT holders on a 1 bonded SCRT 1 vote basis.

• Delegators inherit the vote of their validator if they don't vote.

• Votes are tallied at the end of the voting period (1 week on mainnet) where each address can vote multiple times to update its Option value (paying the transaction fee each time), only the most recently cast vote will count as valid.

• Voters can choose between options Yes, No, NoWithVeto and Abstain.

• At the end of the voting period, a proposal is accepted IFF:

  • (YesVotes / (YesVotes+NoVotes+NoWithVetoVotes)) > 1/2 (threshold)

  • (NoWithVetoVotes / (YesVotes+NoVotes+NoWithVetoVotes)) < 1/3 (veto)

  • ((YesVotes+NoVotes+NoWithVetoVotes) / totalBondedStake) >= 1/3 (quorum)

For more information about the governance process and how it works, please check out the Governance module specification.

Setup

To setup governance the secretcli must be installed. You can get a detailed description of how to install the secretcli here.

Increasing Deposits

If the proposal you previously created didn't meet the MinDeposit requirement, you can still increase the total amount deposited to activate it.

Note: Proposals not meeting this requirement will be deleted after MaxDepositPeriod is reached.

Once the minimum deposit is reached, the proposal enters voting period:

secretcli tx gov 
    [proposal-id] \
    [deposit] \
    [flags]

Note: The regular flags for the tx command are applicable to gov deposit (--fees, --gas, --account-number --ledger, --node, etc...)

Returning Deposits

The only ways deposits won't be returned to their owners is:

1. If in the voting period the proposal gets 1/3 NoWithVeto out of all votes, excluding Abstain votes (So NoWithVeto needs to be 1/3 out of all Yes, No & NoWithVeto ).

2. If in the voting period less than 1/3 of voting power votes (== The proposal won't reach a quorum).

Anyone can deposit for a proposal, even if you have 0 SCRT tokens staked/delegated/bonded.

Querying Deposits

Once a new proposal is created, you can query all the deposits submitted to it:

secretcli query gov deposits \
    [proposal-id] \
    [flags]

You can also query a deposit submitted by a specific address:

secretcli query gov deposit \
    [proposal_id] \
    [depositor_address]

Flags

There are several flags to use with secretcli query gov deposit:

Flags:
      --count-total       
          count total number of records in deposits to query for
      --height int        
          Use a specific height to query state at (this can error if the node is pruning state)
  -h, --help              
      help for deposits
      --limit uint        
          pagination limit of deposits to query for (default 100)
      --node string       
          <host>:<port> to Tendermint RPC interface for this chain (default "tcp://localhost:26657")
      --offset uint       
          pagination offset of deposits to query for
      --page uint         
          pagination page of deposits to query for. This sets offset to a multiple of limit (default 1)
      --page-key string   
          pagination page-key of deposits to query for
      --reverse           
          results are sorted in descending order

Introduction

Note: Please remember through the duration of this guide that the secretcli counts SCRT in uscrt. 1 SCRT = 1,000,000 uscrt.

Modules

Various modules outside of governance may implement their own proposal types and handlers (eg. parameter changes), where the governance module itself supports Text proposals. Any module outside of governance has it's command mounted on top of submit-proposal.

Submit-Proposal

Proposals can be submitted using secretcli tx gov submit-proposal.

Using secretcli tx gov draft-proposal can help prepare a proposal. The tool will create a file containing the specified proposal message and it also helps with populating all the required proposal fields. You can always edit the file after you create it using draft-proposal

To submit a proposal:

metadata example:

Text

To submit a Text proposal:

You may also provide the proposal directly through the --proposal flag which points to a JSON file containing the proposal:

Where proposal.json is:

Param Change

Most cosmos-sdk modules allow changing their governance gated parameters using a MsgUpdateParams which is a new way of updating governance parameters. It is important to note that MsgUpdateParams requires all parameters to be specified in the proposal message.

We will use draft-proposal to help us create a proposal file that we will later submit.

After choosing the /cosmos.staking.v1beta1.MsgUpdateParams message, the applet will allow you to set the message fields and some other proposal details. Upon completion, the proposal will be available in the directory where you called the gaiad command inside the draft_proposal.json file.

Here is an example of the draft_proposal.json file:

Finally, we submit the proposal:

Subspaces, Keys and Values

Further Proposal Details

• The subspace is usually the ModuleName
• The key is usually defined in x/$MODULE_NAME/types/params.go
• The value's type is usually near the key definition
• ⚠️ subspace and key are case sensitive and value must be of the correct type and within the allowed bounds.

  • Proposals with errors on these inputs should not enter voting period (should not get deposits) or be voted on with NoWithVeto.

• ⚠️ Currently parameter changes are evaluated but not validated, so it is very important that any value change is valid (i.e. correct type and within bounds) for its respective parameter, eg. MaxValidators should be an integer and not a decimal.

• ⚠️ Proper vetting of a parameter change proposal should prevent this from happening (no deposits should occur during the governance process), but it should be noted regardless.

Known Constraints

Community Pool Spend

To submit a community pool spend proposal, you also must provide a proposal file as its contents are less friendly to secretcli input:

We can createproposal.json using tx gov draft-proposal

Software Upgrade

To submit a software upgrade proposal use:

We can createproposal.json using tx gov draft-proposal

Available Commands

Available Commands:
  deposit     Query details of a deposit
  deposits    Query deposits on a proposal
  param       Query the parameters (voting|tallying|deposit) of the governance process
  params      Query the parameters of the governance process
  proposal    Query details of a single proposal
  proposals   Query proposals with optional filters
  proposer    Query the proposer of a governance proposal
  tally       Get the tally of a proposal vote
  vote        Query details of a single vote
  votes       Query votes on a proposal

Querying Proposals

Query Using Proposal ID

Once created, you can now query information of the proposal:

secretcli query gov proposal <proposal_id>

# Output of querying for a proposal

content:
  '@type': /cosmos.gov.v1beta1.TextProposal
  description: "A description with line breaks \n and `code formatting`"
  title: My Cool Proposal
deposit_end_time: "2022-06-28T14:16:06.110227079Z"
final_tally_result:
  abstain: "0"
  "no": "0"
  no_with_veto: "0"
  "yes": "0"
proposal_id: "14"
status: PROPOSAL_STATUS_REJECTED
submit_time: "2022-06-28T13:16:06.110227079Z"
total_deposit:
- amount: "100000000"
  denom: uscrt
voting_end_time: "2022-06-28T14:16:06.110227079Z"
voting_start_time: "2022-06-28T13:16:06.110227079Z"

Query For All Proposals

You can query for all available proposals using:

secretcli query gov proposals

Query For Proposal Depositor

You can query for the proposal depositor using:

secretcli query gov deposit \
    [proposal-id] \
    [depositer-addr] \
    [flags]

Query For Proposal Depositors

You can query for the proposal depositors using:

secretcli query gov deposits \
    [proposal-id] \
    [flags]

Query For Proposal Voter

You can query for the proposal voter using:

secretcli query gov vote \
    [proposal-id] \
    [voter-addr] \
    [flags]

Query for Proposal Proposer

To query for the proposer of a given governance proposal use:

secretcli query gov proposer 
    [proposal-id] \
    [flags]

Query Proposal Tally Results

To check the current tally of a given proposal you can use the tally command:

secretcli query gov tally 
    [proposal-id] \
    [flags]

Query Governance Proposals

To check the current governance parameters run:

secretcli query gov params

deposit_params:
  max_deposit_period: "3600000000000"
  min_deposit:
  - amount: "10000000"
    denom: uscrt
tally_params:
  quorum: "0.334000000000000000"
  threshold: "0.500000000000000000"
  veto_threshold: "0.334000000000000000"
voting_params:
  voting_period: "3600000000000"

Querying Subsets of Governance Proposals

Voting

To query subsets of the governance parameters for voting run:

secretcli query gov param voting

voting_period: "3600000000000"

Tallying

To query subsets of the governance parameters for tallying run:

secretcli query gov param tallying

quorum: "0.334000000000000000"
threshold: "0.500000000000000000"
veto_threshold: "0.334000000000000000"

Deposit

To query subsets of the deposit governance parameters for voting run:

secretcli query gov param deposit

max_deposit_period: "3600000000000"
min_deposit:
- amount: "10000000"
  denom: uscrt

After a proposal's deposit reaches the MinDeposit value, the voting period opens. Bonded SCRT holders can then cast vote on it:

secretcli tx gov vote \
    [proposal-id] \
    [option] \
    [flags]

# Example
secretcli tx gov vote 1 yes --from [mykey]

Flags

Flags:
  -a, --account-number uint      The account number of the signing account (offline mode only)
  -b, --broadcast-mode string    Transaction broadcasting mode (sync|async|block) (default "sync")
      --dry-run                  ignore the --gas flag and perform a simulation of a transaction, but don't broadcast it
      --fee-account string       Fee account pays fees for the transaction instead of deducting from the signer
      --fees string              Fees to pay along with transaction; eg: 1.0uscrt
      --from string              Name or address of private key with which to sign
      --gas string               gas limit to set per-transaction; set to "auto" to calculate sufficient gas automatically (default 200000)
      --gas-adjustment float     adjustment factor to be multiplied against the estimate returned by the tx simulation; if the gas limit is set manually this flag is ignored  (default 1)
      --gas-prices string        Gas prices in decimal format to determine the transaction fee (e.g. 0.1uscrt) (default "0.25uscrt")
      --generate-only            Build an unsigned transaction and write it to STDOUT (when enabled, the local Keybase is not accessible)
  -h, --help                     help for vote
      --keyring-backend string   Select keyring's backend (os|file|kwallet|pass|test|memory) (default "os")
      --keyring-dir string       The client Keyring directory; if omitted, the default 'home' directory will be used
      --ledger                   Use a connected Ledger device
      --node string              <host>:<port> to tendermint rpc interface for this chain (default "tcp://localhost:26657")
      --note string              Note to add a description to the transaction (previously --memo)
      --offline                  Offline mode (does not allow any online functionality
  -s, --sequence uint            The sequence number of the signing account (offline mode only)
      --sign-mode string         Choose sign mode (direct|amino-json), this is an advanced feature
      --timeout-height uint      Set a block timeout height to prevent the tx from being committed past a certain height
  -y, --yes                      Skip tx broadcasting prompt confirmation

Secret Network minting is based on the Comos SDK. For more information on minting follow this link.

Available Commands

Params

You can query for minting/inflation parameters via:

secretcli q mint params

{
  "mint_denom": "uscrt",
  "inflation_rate_change": "0.130000000000000000",
  "inflation_max": "0.100000000000000000",
  "inflation_min": "0.050000000000000000",
  "goal_bonded": "0.670000000000000000",
  "blocks_per_year": "6311520"
}

Mint Denom

The denomination of the token being minted.

Inflation Rate Change

The rate of uscrt inflation changing over-time.

Inflation Max

The maximum inflation rate of uscrt tokens over the course of a year.

Inflation Min

The minimum inflation rate of uscrt tokens over the course of a year.

Goal Bonded

The desired % of uscrt tokens bonded from the supply.

Blocks Per Year

The number of minted blocks per year.

Inflation Value

To query for current inflation value:

secretcli q mint inflation

# Example inflation value 
0.053814121897161007

Annual Provisions Value

To query for current annual provisions value:

secretcli q mint annual-provisions

# Example annual provisions value
56489172247714019.069384966908845650