Export MetaMask Private Key and Import into Clef: A Secure Dev Guide

Overview

To use a MetaMask address as the genesis account for a private Ethereum network, you must export the account’s private key and import it into the Clef signing daemon. This enables Geth to sign transactions with the same address during local development.

Security Warning

Exporting a private key exposes the most sensitive credential of an account. If the 64‑character hexadecimal key is stored in plaintext, malware or an attacker can steal it, resulting in irreversible loss of any assets associated with the address. For development, always use a throw‑away account that holds no real funds.

Never export the private key of an account that holds real assets on an untrusted computer.

Step 1 – Export the Private Key from MetaMask

Unlock MetaMask – Enter the MetaMask password to open the wallet UI.

Select the target account – Ensure the account you wish to export (e.g., 0x3F…) is active.

Open account details – Click the three‑dot menu (⋮) in the top‑right corner and choose “Account detail”.

Show private key – In the popup, select “Detail”, scroll down and click the “Show private key” button.

Authenticate – Re‑enter the MetaMask password to confirm the operation.

Copy the key – After authentication, MetaMask displays the 64‑character private key with a copy button. Paste it into a temporary, encrypted text file; do not screenshot or transmit it.

Step 2 – Import the Private Key into Clef

Create a temporary key file

Create a plain‑text file, e.g., metamask_pk.txt.

Paste the copied private key into the file, ensuring no extra characters.

Store the file in a secure, temporary location.

Run the import command

# Adjust the paths to match your environment
clef importraw --keystore C:\Users\youruser\.clef\keystore C:\path\to\metamask_pk.txt

Open a command‑line terminal and execute the command, pointing to your Clef keystore directory and the temporary key file.

Set a Clef password

Your new account is "0x..."
Please give a password. Do not forget this password.
Password:
> ********
Repeat password:
> ********

Clef encrypts the imported key with the password you provide; this password will be required each time Geth requests a signature.

Delete the temporary file Immediately and permanently remove metamask_pk.txt after a successful import to minimise exposure.

Step 3 – Verify the Setup by Sending a Transaction

Restart Geth and Clef, then send a transaction from the Geth console:

// In Geth console
eth.sendTransaction({
  from: "0x...",
  to: "0xc4c5c88bed94f97d22e68dd02ba91d31c06c10cb",
  value: web3.toWei(10, "ether")
});

Geth forwards the request to Clef, which prompts for the password set in Step 2. After authorising, the transaction is broadcast.

Process Flowchart

Conclusion

Treat private keys as highly sensitive credentials.

Use separate, disposable accounts for development.

Destroy any plaintext copies of the key immediately after import.