Web3 signer that derives address and signs transactions using AWS KMS.
$ npm i @rumblefishdev/eth-signer-kms
aws-sdk
In order to work properly AWS KMS managed key must be:
- asymmetric
- able to sign and verify
- ECC_SECG_P256K1 specified
Client using the library should have the following IAM permissions to the key that it uses:
- Effect: Allow
Action:
- 'kms:Sign'
- 'kms:GetPublicKey'
Resource: !Ref KMSKeyArn
* Before use, make sure that AWS SDK is properly configured! Find out how to do it here.
KMSSigner is an ethers Signer instance that uses AWS KMS stored keys to sign ethereum transactions.
keyId can be obtained via KMS package of aws-sdk or directly via AWS console.
https://github.com/ethereumjs/ethereumjs-monorepo
| Parameter | Type | Default | Required | Description |
|---|---|---|---|---|
keyId |
string |
null |
[x] | Key ID of AWS KMS managed private key |
provider |
providers.Provider |
null |
[x] | Official doc |
kmsInstance |
AWS.KMS |
new AWS.KMS() |
[ ] | KMS instance from Official doc |
new KMSSigner(provider, keyId, kms)
await kmsSigner.signMessage(...)
await kmsSigner._signTypedData(...)
await getEthAddressFromKMS(...)
KMSProvider class became KMSSigner, as its instance no longer creates provider but receives one in constructor.
That approach extracts provider dependency from the package and as a result makes it more flexible in terms of use and testing.
| Parameter | Type | Default | Required | Description |
|---|---|---|---|---|
keyId |
string |
null |
[x] | Key ID of AWS KMS managed private key |
providerOrUrl |
string/object |
null |
[x] | Official doc |
chainSettings |
Common |
{} |
[ ] | Common object used to configure tx options. If chainId is not passed, it will be obtained automatically via eth_chainId. For details instructions please refer to Common and Tx official docs |
shareNonce |
boolean |
true |
[ ] | Official doc |
pollingInterval |
number |
4000 |
[ ] | Official doc |