# Unblock Mainnet RPC 403 (Private Key Restriction) **Issue:** `ETHEREUM_MAINNET_RPC` returns **403** with body: *"private key only is enabled in Project ID settings"*. Forge/cast cannot send transactions with your deployer key. **Cause:** Some RPC providers (e.g. Infura, Alchemy) can restrict a project so that **only their SDK/wallet can use the API key**; raw `eth_sendTransaction` or private-key signing from scripts is rejected. --- ## One-step fix Set `ETHEREUM_MAINNET_RPC` in `smom-dbis-138/.env` (and root `.env` if used) to a Mainnet URL that **allows raw private key** (or `eth_sendTransaction` from your IP). Then re-run the deploy. ### Option A — Same provider, disable restriction - **Infura:** Dashboard → Project → Settings → ensure **"Restrict to SDK / wallet only"** (or similar) is **off** for the project used in the URL. - **Alchemy:** Dashboard → App → Settings → check **API key restrictions**; allow the methods your scripts need (e.g. full access or no "private key only" restriction). Then keep using the same URL, e.g. `ETHEREUM_MAINNET_RPC=https://mainnet.infura.io/v3/YOUR_PROJECT_ID` ### Option B — Use a different RPC (no key restriction) Examples (no API key or key without private-key restriction): - `ETHEREUM_MAINNET_RPC=https://eth.llamarpc.com` - `ETHEREUM_MAINNET_RPC=https://rpc.ankr.com/eth` - `ETHEREUM_MAINNET_RPC=https://ethereum.publicnode.com` **(in use:** set in smom-dbis-138/.env and used for Trustless Mainnet deploy) - Or any other public/mainnet RPC that accepts `eth_sendTransaction` or signing with your key. **Security:** Prefer a project-specific URL (Option A) over a shared public RPC when possible. --- ## After unblocking 1. **Trustless Mainnet deploy:** `cd smom-dbis-138 && source .env && forge script script/bridge/trustless/DeployTrustlessBridge.s.sol:DeployTrustlessBridge --rpc-url "$ETHEREUM_MAINNET_RPC" --broadcast --via-ir` 2. **Trustless liquidity (phase6-provide-liquidity.sh):** Ensure `LIQUIDITY_POOL`, `RESERVE_SYSTEM`, `ETHEREUM_MAINNET_RPC`, `LIQUIDITY_AMOUNT`, `RESERVE_AMOUNT` are set, then run the script. --- **Refs:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C | [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md)