DEV Community

foxgem
foxgem

Posted on

safe-signer: creating an ethers.Signer from the third party secret storages

#ethereum #web3 #wallet #security

If you need a wallet or singer in your backend server, this project is for you.

It aims to create an ethers.Signer from the third party secret storages. Currently, it supports:

  • Private key
    • This is only for testing purposes, not recommend in production environments.
  • Environment variables
  • AWS Secrets Manager
  • AWS Key Management Service (KMS)
  • Hashicorp Vault

NOTE:

Currently it supports ethers@^5 only.

How to use

Install

Node >= 16.

npm i @dteam/safe-signer
Enter fullscreen mode Exit fullscreen mode

Import

Javascript:

const SafeSigner = require('@dteam/safe-signer');
Enter fullscreen mode Exit fullscreen mode

Typescript:

import SafeSigner from '@dteam/safe-signer';
Enter fullscreen mode Exit fullscreen mode

Examples

  1. fromPrivateKey will return a Wallet. 
const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromEnv will return a Wallet. 
const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsSecretsManager will return a Wallet. 
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
  {
    SecretId: 'FULL_ARN_FOR_SECRET',
    SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
  },
  {
    credentials: {
      accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
      secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
    },
    region: 'YOUR_REGION',
  }
);
Enter fullscreen mode Exit fullscreen mode
  1. fromHashicorpVault will return a Wallet. 
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
  {
    // you can set to your own vault server
    // baseUrl: 'http://127.0.0.1:8200/v1',
    rootPath: 'secret',
    timeout: 6000,
    secretName: 'wallet-secret',
    secretKey: 'privateKey',
  },
  // login method can be any of the following:
  // {token: 'plaintext-token'}
  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
  // {cert: {certName: 'certName'}}
  // {k8s: {role: 'role', jwt: 'jwt'}}
  // {ldap: {username: 'user', password: 'password'}}
  // {userpass: {username: 'user', password: 'password'}}
  {token: 'vault-plaintext-token'},
  {secretName: 'wallet-secret', secretKey: 'privateKey'}
);
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsKms will return a Signer because you can't get the raw private key from AWS KMS. 
const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
  credentials: {
    accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
    secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
  },
  region: 'YOUR_REGION',
});
Enter fullscreen mode Exit fullscreen mode

For more details, you can check its github repo: https://github.com/DTeam-Top/safe-signer

profile
AWS
 Promoted

AWS Q Developer image

Meet your AI code assistant

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

antonmartyniuk profile image

Ultimate Guide To Implementing 5 Caching Strategies in .NET

Anton Martyniuk -

githubopensource profile image

Revolutionize Your Secret Management with Infisical: The Open-Source Solution You've Been Waiting For!

GitHubOpenSource -

sfdcnews profile image

8 Uses for Agentforce, REST API Prompt Template Guide, Salesforce Support Their Partners?

SFDC News -

mikeyoung44 profile image

AI Models Tested on Chinese Dynasty Timeline Knowledge: New Benchmark Shows GPT-4 Leads at 75% Accuracy

Mike Young -