Deployment Basics
7 examples to get you started with program deployment - 4 basic and 3 intermediate. Covers BPF loader, program/buffer accounts, deploy commands, and upgrade authority on Agave 4.1.1.
Prerequisites
- Solana CLI 3.0.10 installed and funded wallet on devnet.
- Built program artifact:
anchor buildproducestarget/deploy/*.so.
solana config set --url devnet
solana airdrop 2
anchor buildBasic Examples
1. Inspect a Program Account
Deployed programs are executable accounts owned by the BPF loader.
solana program show <PROGRAM_ID>- Shows program data address, authority, and last deploy slot.
ProgramDataaccount holds ELF bytes and upgrade authority pubkey.- Executable flag is true on program account.
Related: Deploying Programs
2. Deploy with Solana CLI
Standard deploy uploads .so to buffer then copies to program account.
solana program deploy target/deploy/my_program.so \
--program-id target/deploy/my_program-keypair.json- Costs rent for program data account proportional to
.sosize. - Keypair JSON defines program address (or generate new).
- Default uses upgradeable loader on modern CLI.
Related: Program Upgrades
3. Deploy with Anchor
Anchor wraps build + deploy in workspace workflow.
anchor deploy --provider.cluster devnet- Uses
Anchor.tomlwallet as payer and upgrade authority by default. - Program IDs must match
declare_id!in Rust source. anchor keys syncupdates keypair paths inAnchor.toml.
4. Read Upgrade Authority
Whoever holds upgrade authority can replace program bytecode.
solana program show <PROGRAM_ID> | grep AuthorityNonemeans immutable program (authority revoked).- Authority should migrate to multisig before mainnet TVL.
- Losing authority private key bricks upgrade path forever.
Related: Making Programs Immutable
Intermediate Examples
5. Buffer Account Workflow
Large programs deploy via intermediate buffer to allow resume on failure.
solana program write-buffer target/deploy/my_program.so
solana program deploy --buffer <BUFFER_ADDRESS> --program-id <PROGRAM_ID>- Buffer holds partial uploads during deploy.
- Useful on flaky networks or large artifacts.
- Close buffer to reclaim rent after successful deploy.
6. Verify Executable Hash
Compare local build to on-chain program with solana-verify.
solana-verify get-executable-hash target/deploy/my_program.so
solana-verify get-program-hash <PROGRAM_ID> --url devnet- Hashes must match after reproducible build pipeline.
- Publish hash with release tag for auditors.
Related: Verifiable Builds
7. Governance-Gated Authority
Production upgrade authority on Squads multisig.
solana program set-upgrade-authority <PROGRAM_ID> --new-upgrade-authority <SQUADS_MULTISIG>- Upgrades become multisig proposals, not single-key CLI.
- Document proposal template and testing requirements.
Related: Governance-Gated Upgrades
Stack versions: This page was written for Agave 4.1.1, Solana CLI 3.0.10, Anchor 0.32.1, anchor-lang 0.32.1, Rust 1.91.1, @solana/kit 7.0.0, Surfpool 0.12.0, and LiteSVM 0.6.x.