DEV Community

foxgem
foxgem

Posted on

safe-signer: creating an ethers.Signer from the third party secret storages

#ethereum #web3 #wallet #security

If you need a wallet or singer in your backend server, this project is for you.

It aims to create an ethers.Signer from the third party secret storages. Currently, it supports:

  • Private key
    • This is only for testing purposes, not recommend in production environments.
  • Environment variables
  • AWS Secrets Manager
  • AWS Key Management Service (KMS)
  • Hashicorp Vault

NOTE:

Currently it supports ethers@^5 only.

How to use

Install

Node >= 16.

npm i @dteam/safe-signer
Enter fullscreen mode Exit fullscreen mode

Import

Javascript:

const SafeSigner = require('@dteam/safe-signer');
Enter fullscreen mode Exit fullscreen mode

Typescript:

import SafeSigner from '@dteam/safe-signer';
Enter fullscreen mode Exit fullscreen mode

Examples

  1. fromPrivateKey will return a Wallet. 
const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromEnv will return a Wallet. 
const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsSecretsManager will return a Wallet. 
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
  {
    SecretId: 'FULL_ARN_FOR_SECRET',
    SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
  },
  {
    credentials: {
      accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
      secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
    },
    region: 'YOUR_REGION',
  }
);
Enter fullscreen mode Exit fullscreen mode
  1. fromHashicorpVault will return a Wallet. 
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
  {
    // you can set to your own vault server
    // baseUrl: 'http://127.0.0.1:8200/v1',
    rootPath: 'secret',
    timeout: 6000,
    secretName: 'wallet-secret',
    secretKey: 'privateKey',
  },
  // login method can be any of the following:
  // {token: 'plaintext-token'}
  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
  // {cert: {certName: 'certName'}}
  // {k8s: {role: 'role', jwt: 'jwt'}}
  // {ldap: {username: 'user', password: 'password'}}
  // {userpass: {username: 'user', password: 'password'}}
  {token: 'vault-plaintext-token'},
  {secretName: 'wallet-secret', secretKey: 'privateKey'}
);
Enter fullscreen mode Exit fullscreen mode
  1. fromAwsKms will return a Signer because you can't get the raw private key from AWS KMS. 
const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
  credentials: {
    accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
    secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
  },
  region: 'YOUR_REGION',
});
Enter fullscreen mode Exit fullscreen mode

For more details, you can check its github repo: https://github.com/DTeam-Top/safe-signer

profile
Sentry
 Promoted

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

antonmartyniuk profile image

Ultimate Guide To Implementing 5 Caching Strategies in .NET

Anton Martyniuk -

githubopensource profile image

Revolutionize Your Secret Management with Infisical: The Open-Source Solution You've Been Waiting For!

GitHubOpenSource -

sfdcnews profile image

8 Uses for Agentforce, REST API Prompt Template Guide, Salesforce Support Their Partners?

SFDC News -

mikeyoung44 profile image

AI Models Tested on Chinese Dynasty Timeline Knowledge: New Benchmark Shows GPT-4 Leads at 75% Accuracy

Mike Young -