@nexusmutual/ethers-v6-aws-kms-signer v0.0.3

Ethers v6 AWS KMS signer

AwsKmsSigner is an Ethers v6 signer implementation that utilizes AWS Key Management Service (KMS) for secure EVM transaction and message signing.

Install

npm install @nexusmutual/ethers-v6-aws-kms-signer

Usage

AwsKmsSigner instance:

• AWS_REGION - The AWS region where the KMS key is located
• AWS_KMS_KEY_ID - The UUID of the AWS KMS key or 'alias/\'
• provider - Ethers provider instance

const awsKmsSigner = new AwsKmsSigner(AWS_REGION, AWS_KMS_KEY_ID, provider);

getAddress:

await awsKmsSigner.getAddress();

signTransaction

await awsKmsSigner.signTransaction(tx);

signMessage

await awsKmsSigner.signMessage(message);

Connect to a new provider

awsKmsSigner.connect(newProvider);

AWS Requirements

AWS KMS managed key:

In order to work properly AWS KMS managed key must be:

• asymmetric
• able to sign and verify
• ECC_SECG_P256K1 or ECC_NIST_P256 specified

AWS IAM permissions

Client using the library should have the following IAM permissions to the key that it uses:

  - Effect: Allow
    Action:
      - 'kms:Sign'
      - 'kms:GetPublicKey'
    Resource: !Ref KMSKeyArn

AWS Credentials

The AWS Credentials should be set properly to access the given AWS KMS key, see here

Set env vars:

• AWS_ACCESS_KEY_ID - The AWS credentials key ID
• AWS_SECRET_ACCESS_KEY - The AWS credentials secret access key

Tests

npm test

To run end to end test set the following env vars:

• TEST_KMS_REGION_ID - The AWS region where the KMS key is located
• TEST_KMS_KEY_ID - The ID of the AWS KMS key