DEV Community

foxgem
foxgem

Posted on

safe-signer: creating an ethers.Signer from the third party secret storages

If you need a wallet or singer in your backend server, this project is for you.

It aims to create an ethers.Signer from the third party secret storages. Currently, it supports:

  • Private key
    • This is only for testing purposes, not recommend in production environments.
  • Environment variables
  • AWS Secrets Manager
  • AWS Key Management Service (KMS)
  • Hashicorp Vault

NOTE:

Currently it supports ethers@^5 only.

How to use

Install

Node >= 16.

npm i @dteam/safe-signer
Enter fullscreen mode Exit fullscreen mode

Import

Javascript:

const SafeSigner = require('@dteam/safe-signer');
Enter fullscreen mode Exit fullscreen mode

Typescript:

import SafeSigner from '@dteam/safe-signer';
Enter fullscreen mode Exit fullscreen mode

Examples

  1. fromPrivateKey will return a Wallet.
const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromEnv will return a Wallet.
const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsSecretsManager will return a Wallet.
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
  {
    SecretId: 'FULL_ARN_FOR_SECRET',
    SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
  },
  {
    credentials: {
      accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
      secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
    },
    region: 'YOUR_REGION',
  }
);
Enter fullscreen mode Exit fullscreen mode
  1. fromHashicorpVault will return a Wallet.
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
  {
    // you can set to your own vault server
    // baseUrl: 'http://127.0.0.1:8200/v1',
    rootPath: 'secret',
    timeout: 6000,
    secretName: 'wallet-secret',
    secretKey: 'privateKey',
  },
  // login method can be any of the following:
  // {token: 'plaintext-token'}
  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
  // {cert: {certName: 'certName'}}
  // {k8s: {role: 'role', jwt: 'jwt'}}
  // {ldap: {username: 'user', password: 'password'}}
  // {userpass: {username: 'user', password: 'password'}}
  {token: 'vault-plaintext-token'},
  {secretName: 'wallet-secret', secretKey: 'privateKey'}
);
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsKms will return a Signer because you can't get the raw private key from AWS KMS.
const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
  credentials: {
    accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
    secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
  },
  region: 'YOUR_REGION',
});
Enter fullscreen mode Exit fullscreen mode

For more details, you can check its github repo: https://github.com/DTeam-Top/safe-signer

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs