DEV Community

foxgem
foxgem

Posted on

safe-signer: creating an ethers.Signer from the third party secret storages

If you need a wallet or singer in your backend server, this project is for you.

It aims to create an ethers.Signer from the third party secret storages. Currently, it supports:

  • Private key
    • This is only for testing purposes, not recommend in production environments.
  • Environment variables
  • AWS Secrets Manager
  • AWS Key Management Service (KMS)
  • Hashicorp Vault

NOTE:

Currently it supports ethers@^5 only.

How to use

Install

Node >= 16.

npm i @dteam/safe-signer
Enter fullscreen mode Exit fullscreen mode

Import

Javascript:

const SafeSigner = require('@dteam/safe-signer');
Enter fullscreen mode Exit fullscreen mode

Typescript:

import SafeSigner from '@dteam/safe-signer';
Enter fullscreen mode Exit fullscreen mode

Examples

  1. fromPrivateKey will return a Wallet.
const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromEnv will return a Wallet.
const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsSecretsManager will return a Wallet.
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
  {
    SecretId: 'FULL_ARN_FOR_SECRET',
    SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
  },
  {
    credentials: {
      accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
      secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
    },
    region: 'YOUR_REGION',
  }
);
Enter fullscreen mode Exit fullscreen mode
  1. fromHashicorpVault will return a Wallet.
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
  {
    // you can set to your own vault server
    // baseUrl: 'http://127.0.0.1:8200/v1',
    rootPath: 'secret',
    timeout: 6000,
    secretName: 'wallet-secret',
    secretKey: 'privateKey',
  },
  // login method can be any of the following:
  // {token: 'plaintext-token'}
  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
  // {cert: {certName: 'certName'}}
  // {k8s: {role: 'role', jwt: 'jwt'}}
  // {ldap: {username: 'user', password: 'password'}}
  // {userpass: {username: 'user', password: 'password'}}
  {token: 'vault-plaintext-token'},
  {secretName: 'wallet-secret', secretKey: 'privateKey'}
);
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsKms will return a Signer because you can't get the raw private key from AWS KMS.
const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
  credentials: {
    accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
    secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
  },
  region: 'YOUR_REGION',
});
Enter fullscreen mode Exit fullscreen mode

For more details, you can check its github repo: https://github.com/DTeam-Top/safe-signer

Top comments (0)