## The .env Pledge We've seen that nearly half a billion dollars was lost in private key leaks in the past year. It's important to reiterate this. We need to be good at storing and securing private keys. There's a pledge called the .env pledge. It's a simple concept, but it's important to understand every single line. I'll read the pledge to you now. **The Pledge** I solemnly swear, that I will never place a private key or secret phrase or mnemonic in a .env file that is associated with real funds. I will only place private keys in a .env file that have ONLY testnet ETH, LINK, or other cryptocurrencies. When I'm testing and developing, I will use a different wallet than the one associated with my real funds. I am aware that if I forget a .gitignore and push my key/phrase up to GitHub even for a split-second, or show my key/phrase to the internet for a split-second, it should be considered compromised and I should move all my funds immediately. If I am unsure if my account has real funds in it, I will assume it has real funds in it. If I assume it has real funds in it, I will not use it for developing purposes. I am aware that even if I hit add account on my metamask (or other ETH wallet) I will get a new private key, but it will share the same secret phrase/mnemonic of the other accounts generated in that metamask (or other ETH wallet). **How to Take the Pledge** Please take a look at the ["THE .ENV PLEDGE"](envpledge.cyfrin.io). This began as a simple commitment on GitHub, but is now a permanent oath on-chain. Please read through the pledge and mint your own personalized soul-bound NFT to show people your commitment to safe practices. Stay safe!

The .env Pledge

We've seen that nearly half a billion dollars was lost in private key leaks in the past year. It's important to reiterate this. We need to be good at storing and securing private keys.

There's a pledge called the .env pledge. It's a simple concept, but it's important to understand every single line.

I'll read the pledge to you now.

The Pledge

I solemnly swear, that I will never place a private key or secret phrase or mnemonic in a .env file that is associated with real funds.

I will only place private keys in a .env file that have ONLY testnet ETH, LINK, or other cryptocurrencies.

When I'm testing and developing, I will use a different wallet than the one associated with my real funds.

I am aware that if I forget a .gitignore and push my key/phrase up to GitHub even for a split-second, or show my key/phrase to the internet for a split-second, it should be considered compromised and I should move all my funds immediately.

If I am unsure if my account has real funds in it, I will assume it has real funds in it. If I assume it has real funds in it, I will not use it for developing purposes.

I am aware that even if I hit add account on my metamask (or other ETH wallet) I will get a new private key, but it will share the same secret phrase/mnemonic of the other accounts generated in that metamask (or other ETH wallet).

How to Take the Pledge

Please take a look at the "THE .ENV PLEDGE". This began as a simple commitment on GitHub, but is now a permanent oath on-chain. Please read through the pledge and mint your own personalized soul-bound NFT to show people your commitment to safe practices. Stay safe!

Pledge

A detailed guide to taking the .env pledge, a commitment to securing your private keys. The lesson covers the common mistakes developers make when storing private keys, the risks involved, and provides three secure methods of encrypting your private keys.

Give us feedback

Course Overview

About the course

What you'll learn

Python basics

Introduction to Web3.py

Introduction to Titanoboa

Introduction to Moccasin

How to create an ERC-20

How to test Python code and Vyper smart contract

How to deploy Vyper smart contracts on ZKsync using Moccasin

Course Description

Who is this course for?

Software engineers
Web3 developers
Finance developers
AI developers
Everyone interested in learning Python and smart contracts

Potential Careers

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

On-chain Data Analyst

$59,000 - $139,000 (avg. salary)

DeFi Developer

$75,000 - $200,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Meet your instructors

Patrick Collins

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Last updated on November 7, 2025

Thanks for checking us out

Sign up for free to continue your blockchain learning!

Start learning for free

Start for free

Vyper Smart Contract Developer Intermediate Python and Vyper

Section 1: Python In Updraft

Duration: 2h 21min

Section 2: Web3py

Duration: 1h 51min

1. A Message From Gmx

Learn more about GMX @ https://gmx.io. Duration: 0min

A practical guide to deploying your first smart contract with web3.py - This lesson walks you through how to deploy your smart contract using web3.py, including building a transaction, encrypting your private key, and deploying to the blockchain. Duration: 5min

A comprehensive guide to deploying a Vyper contract from Python code. This lesson covers how to leverage the UV tool to create a project structure and deploy your smart contract to a local blockchain. Duration: 6min

4. Vyper Extension

A comprehensive guide to using the Vyper VS Code Extension. This lesson demonstrates how to install the extension, integrate it with VS Code, and leverage its syntax highlighting and error detection features for efficient Vyper development. Duration: 2min

5. Compile Python

A practical guide to compiling a Vyper contract using the terminal - This lesson demonstrates two ways to install the Vyper compiler using your terminal (pipx install Vyper or uv tool install Vyper), explains how to check the compiler version, and provides a detailed explanation of the bytecode that is generated when you compile a Vyper contract. Duration: 3min

6. Virtual Environments

A comprehensive guide to understanding isolated virtual environments (UV tool install) - This lesson covers the basics of virtual environments, demonstrating how to install a Python tool into a virtual environment, and how the process differs from installing the tool into the global Python environment. It also explains why this approach is recommended. Duration: 8min

A practical guide to deploying a Vyper smart contract using Python. The lesson covers creating a new Python file for deployment, using the __name__ and __main__ convention, and activating the virtual environment. Duration: 4min

8. Vyper Package

A practical guide to using the Vyper compiler as a Python package. This lesson walks you through installing the Vyper package as a dependency, importing and using the compile_code function, and reading Vyper code from a file. Duration: 5min

A helpful guide to telling VS Code what your Python environment is. This lesson covers the basics of managing your Python environments in VS Code, including how to find the active environment, select a different interpreter, and manage your project dependencies. Duration: 3min

A comprehensive introduction to Web3.py - Learn how to interact with the Ethereum blockchain using Python. This lesson introduces web3.py, a Python library for interacting with Ethereum, and shows how to create a contract object, deploy a contract, and interact with a contract instance. Duration: 6min

A powerful Python tip to learn breakpoint() - Learn how to use the breakpoint() function to pause Python code execution and enter a debug shell to inspect variables, execute code, and troubleshoot problems. Duration: 2min

A practical guide to installing Anvil for your local blockchain. This lesson teaches you how to set up Anvil, a powerful tool for Ethereum application development, and how to use its features. Duration: 5min

A practical guide to using Anvil for testing your smart contracts - The lesson demonstrates how to run an Anvil instance for testing a Vyper smart contract. It covers the basics of interacting with the Anvil node, including connecting to it from your VS code and understanding its output. Duration: 2min

A comprehensive guide to building and signing Ethereum transactions. The lesson covers the essential components of a transaction, including the sender, recipient, value, nonce, gas limit, and the signing process. Duration: 5min

A detailed guide to crafting a manually created transaction (tx) in Python. The lesson covers how to set up a transaction object, understand the parameters of a transaction, and use the `build_transaction()` function to automatically populate a transaction. Duration: 5min

A practical guide to deploying a contract to the EVM - The video demonstrates the importance of having the "to" field blank in a transaction when deploying a contract to the EVM. It also explains why this field is important and how to update it to send data to a specific address. Duration: 2min

A practical guide to setting the transaction nonce - This lesson demonstrates how to set the nonce for a transaction in Python, which is a unique identifier for the transaction. It explains the process of obtaining the nonce using web3.py and explores ways to customize the transaction object. Duration: 5min

A comprehensive guide to signing a transaction object using Web3.py. The lesson demonstrates the importance of signing transactions with private keys for blockchain security and shows how to implement this process in Python code. Duration: 3min

19. Private Key Promise

A simple promise to secure your private keys - This video lesson emphasizes the importance of protecting private keys in the world of Web3. It provides a concrete example of how new developers often make mistakes when handling private keys, leading to potential loss of funds. Duration: 2min

A comprehensive guide to loading environment variables in Python. The lesson covers the basics of setting up a .env file to securely store sensitive information, installing the python-dotenv package, and utilizing OS.getenv to read values from the .env file. Duration: 4min

A comprehensive guide to sending signed transactions and encrypting your private key. The lesson covers using Web3py to send transactions to an RPC URL and how to get a transaction hash in response. It also demonstrates how to use Web3py’s wait_for_transaction_receipt to ensure the transaction is confirmed and shows you how to retrieve the contract address. Duration: 3min

A practical guide to encrypting your keys in Python - This lesson will teach you how to encrypt your private key using Python and the getpass library. You'll learn to avoid storing your private key in plain text, and instead create a new file that will store it in an encrypted form. Duration: 9min

Duration: 5min

A detailed guide to taking the .env pledge, a commitment to securing your private keys. The lesson covers the common mistakes developers make when storing private keys, the risks involved, and provides three secure methods of encrypting your private keys. Duration: 6min

A practical workshop on deploying a Vyper smart contract to a tenderly RPC URL. This lesson explains the process of deploying a smart contract to a tenderly RPC URL, and how to interact with the contract on the blockchain. Duration: 4min

A comprehensive recap of deploying a Vyper smart contract - This lesson covers how to deploy a smart contract using the Vyper package in a Python script. Topics include compiling, connecting to an RPC URL, building the transaction, decrypting the private key, signing the transaction, and sending it to the blockchain. Duration: 7min

Section 3: Boa Favs

Duration: 59min

Section 4: Mox Favs

Duration: 2h 23min

Section 5: Mox Five

Duration: 53min

Section 6: Mox Coffee

Duration: 2h 25min

Section 7: Mox HTML

Duration: 29min

Section 8: Mox ERC20

Duration: 1h 54min

Section 9: How To Get Hired

Duration: 12min

Give us feedback!

Course Overview

About the course

What you'll learn

Python basics

Introduction to Web3.py

Introduction to Titanoboa

Introduction to Moccasin

How to create an ERC-20

How to test Python code and Vyper smart contract

How to deploy Vyper smart contracts on ZKsync using Moccasin

Course Description

Who is this course for?

Software engineers
Web3 developers
Finance developers
AI developers
Everyone interested in learning Python and smart contracts

Potential Careers

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

On-chain Data Analyst

$59,000 - $139,000 (avg. salary)

DeFi Developer

$75,000 - $200,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Meet your instructors

Patrick Collins

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Last updated on November 7, 2025