Is it possible to make a Solana program the signer for a transaction?

Question

I'm trying to write a Solana program with one instruction, MintOne, that mints a single token to a provided account.

It seems I need to do something like this:

1. Create a token with the spl-token CLI
2. Authorize the program as a minting authority for the token
3. The program then "self signs" the MintTo transaction

Conceptually, I am having a hard time with 3. Is it even possible for a program to sign a transaction? The private key is not on chain, so I don’t know how it would work.

Is it possible for a Solana program to be a signer? If not, how is this type of use case usually solved?

Answer 1

Is it possible for a Solana program to be a signer?

Not directly, no.

Any time where you would want a Solana program to sign a transaction, use a Program Derived Address (PDA) instead. PDAs are just like public keys, so they can be mint authorities or anything else that an account address can be. PDAs allow a program to "fake" a signature on a transaction.

For this use case, you can do this:

1. Create a token with the spl-token CLI
2. Generate a PDA for the deployed program using a particular seed
3. Authorize that PDA to be the mint authority for the token
4. The program then uses invoke_signed or CpiContext::new_with_signer (if you're using Anchor) with that PDA

This is secure because the Solana allows only that program to "fake" the PDA signature.