0.0.1 • Published 11 months ago

@nexusmutual/ethers-v5-aws-kms-signer v0.0.1

Weekly downloads
-
License
MIT
Repository
github
Last release
11 months ago

Ethers v5 AWS KMS signer

AwsKmsSigner is an Ethers v5 signer implementation that utilizes AWS Key Management Service (KMS) for secure EVM transaction and message signing.

Install

npm install @nexusmutual/ethers-v5-aws-kms-signer

Usage

AwsKmsSigner instance:

  • AWS_REGION - The AWS region where the KMS key is located
  • AWS_KMS_KEY_ID - The ID of the AWS KMS key or 'alias/'
  • provider - Ethers provider instance
const awsKmsSigner = new AwsKmsSigner(AWS_REGION, AWS_KMS_KEY_ID, provider);

getAddress:

await awsKmsSigner.getAddress();

signTransaction

await awsKmsSigner.signTransaction(tx);

signMessage

await awsKmsSigner.signMessage(message);

Connect to a new provider

awsKmsSigner.connect(newProvider);

AWS Requirements

AWS KMS managed key:

In order to work properly AWS KMS managed key must be:

  • asymmetric
  • able to sign and verify
  • ECC_SECG_P256K1 or ECC_NIST_P256 specified

AWS IAM permissions

Client using the library should have the following IAM permissions to the key that it uses:

  - Effect: Allow
    Action:
      - 'kms:Sign'
      - 'kms:GetPublicKey'
    Resource: !Ref KMSKeyArn

AWS Credentials

The AWS Credentials should be set properly to access the given AWS KMS key, see here

Tests

npm test

To run end to end test set the following env vars:

  • TEST_KMS_REGION_ID - The AWS region where the KMS key is located
  • TEST_KMS_KEY_ID - The ID of the AWS KMS key
ethersasn1.js@aws-sdk/client-kms@ethersproject/providers
0.0.1

11 months ago

0.0.1-rc2

11 months ago

0.0.1-rc1

11 months ago