@rumblefishdev/eth-signer-kms
v3.1.0
Published
Sign ethereum transaction/messages using KMS service from AWS
Downloads
3,869
Keywords
Readme
@rumblefishdev/eth-signer-kms
Web3 signer that derives address and signs transactions using AWS KMS.
Install
$ npm i @rumblefishdev/eth-signer-kms
Requirements
aws-sdk
In order to work properly AWS KMS managed key must be:
- asymmetric
- able to sign and verify
- ECC_SECG_P256K1 specified
IAM permissions
Client using the library should have the following IAM permissions to the key that it uses:
- Effect: Allow
Action:
- 'kms:Sign'
- 'kms:GetPublicKey'
Resource: !Ref KMSKeyArn
Usage
* Before use, make sure that AWS SDK is properly configured! Find out how to do it here.
KMSSigner is an ethers Signer
instance that uses AWS KMS stored keys to sign ethereum transactions.
keyId
can be obtained via KMS
package of aws-sdk
or directly via AWS console.
https://github.com/ethereumjs/ethereumjs-monorepo
Parameters:
| Parameter | Type | Default | Required | Description |
| ------ | ---- | ------- | ----------- | ----------- |
|keyId
|string
| null
| [x] | Key ID of AWS KMS managed private key |
| provider
| providers.Provider
| null
| [x] | Official doc |
|kmsInstance
| AWS.KMS
| new AWS.KMS()
| [ ] | KMS instance from Official doc
Examples
KmsSigner
new KMSSigner(provider, keyId, kms)
await kmsSigner.signMessage(...)
await kmsSigner._signTypedData(...)
function getEthAddressFromKMS
await getEthAddressFromKMS(...)
Migration from v1.7.0 to v2.0.0:
KMSProvider
class became KMSSigner
, as its instance no longer creates provider but receives one in constructor.
That approach extracts provider dependency from the package and as a result makes it more flexible in terms of use and testing.
Version 1.7.0:
| Parameter | Type | Default | Required | Description |
| ------ | ---- | ------- | ----------- | ----------- |
|keyId
|string
| null
| [x] | Key ID of AWS KMS managed private key |
| providerOrUrl
| string/object
| null
| [x] | Official doc |
|chainSettings
| Common
| {}
| [ ] | Common object used to configure tx options. If chainId is not passed, it will be obtained automatically via eth_chainId
. For details instructions please refer to Common and Tx official docs|
| shareNonce
| boolean
| true
| [ ] | Official doc |
| pollingInterval
| number
| 4000
| [ ] | Official doc |