This is a fork of @rumblefishdev/eth-signer-kms. We thank the original developer for his work in building this library.
Web3 signer that derives address and signs transactions using AWS KMS.
$ npm i @mon-studios/kms-signer
aws-sdk
In order to work properly AWS KMS managed key must be:
- asymmetric
- able to sign and verify
- ECC_SECG_P256K1 specified
Client using the library should have the following IAM permissions to the key that it uses:
- Effect: Allow
Action:
- 'kms:Sign'
- 'kms:GetPublicKey'
Resource: !Ref KMSKeyArn
* Before use, make sure that AWS SDK is properly configured! Find out how to do it here.
KMSSigner is an ethers Signer
instance that uses AWS KMS stored keys to sign ethereum transactions.
keyId
can be obtained via KMS
package of aws-sdk
or directly via AWS console.
https://github.com/ethereumjs/ethereumjs-monorepo
Parameter | Type | Default | Required | Description |
---|---|---|---|---|
keyId |
string |
null |
[x] | Key ID of AWS KMS managed private key |
provider |
providers.Provider |
null |
[x] | Official doc |
kmsInstance |
AWS.KMS |
new AWS.KMS() |
[ ] | KMS instance from Official doc |
For working examples, refer to the tests.
- KmsSigner initialization
new KMSSigner(provider, keyId, kms)
- signMessage
await kmsSigner.signMessage(...)
- _signTypedData
await kmsSigner._signTypedData(...)
- getEthAddressFromKMS
await getEthAddressFromKMS(...)