The understanding is that in a context created with storage-mode set to default, identity.json is placed as a file and the json is looked at to check that the keyring has a pem, e.g. dfx deploy. If the principal needs to act as a sender, such as in a dfx deploy, it should be recovered from the pem in the keyring and used according to the above flow.
However, in the “default” context, this identity.json is not present. Is there some special specification?
Few descriptions of default context were found.
ls -1 ~/.config/dfx/identity/(context-name)
identity.json
wallets.json
ls -1 ~/.config/dfx/identity/default
identity.pem
I am in the process of building a tool that does canister create and canister install without using dfx. So I need to understand the specific behaviour of this default context and other special contexts.
plaintext: used for the default identity and if --storage-mode plaintext is specified. This puts an identity.pem file in the identity folder that contains the private key directly
keyring: used by default if keyring/keychain is accessible to dfx or if --storage-mode keyring is specified. This is the case that you already described
password-protected: used by default if keyring/keychain are not accessible or if --storage-mode password-protected is specified. It puts a .pem.encrypted file next to identity.json, which contains the nonce that is required (besides the password of course) to decrypt the private key
Does your tool want to use the same identities as dfx? Otherwise I wouldn’t bother with all this…