If you need a wallet or singer in your backend server, this project is for you.
It aims to create an ethers.Signer from the third party secret storages. Currently, it supports:
- Private key
- This is only for testing purposes, not recommend in production environments.
- Environment variables
- AWS Secrets Manager
- AWS Key Management Service (KMS)
- Hashicorp Vault
NOTE:
Currently it supports
ethers@^5
only.
How to use
Install
Node >= 16.
npm i @dteam/safe-signer
Import
Javascript:
const SafeSigner = require('@dteam/safe-signer');
Typescript:
import SafeSigner from '@dteam/safe-signer';
Examples
-
fromPrivateKey
will return a Wallet.
const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
-
fromEnv
will return a Wallet.
const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
-
fromAwsSecretsManager
will return a Wallet.
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
{
SecretId: 'FULL_ARN_FOR_SECRET',
SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
},
{
credentials: {
accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
},
region: 'YOUR_REGION',
}
);
-
fromHashicorpVault
will return a Wallet.
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
{
// you can set to your own vault server
// baseUrl: 'http://127.0.0.1:8200/v1',
rootPath: 'secret',
timeout: 6000,
secretName: 'wallet-secret',
secretKey: 'privateKey',
},
// login method can be any of the following:
// {token: 'plaintext-token'}
// {appRole: {roleId: 'roleId', secretId: 'secretId'}}
// {cert: {certName: 'certName'}}
// {k8s: {role: 'role', jwt: 'jwt'}}
// {ldap: {username: 'user', password: 'password'}}
// {userpass: {username: 'user', password: 'password'}}
{token: 'vault-plaintext-token'},
{secretName: 'wallet-secret', secretKey: 'privateKey'}
);
-
fromAwsKms
will return a Signer because you can't get the raw private key from AWS KMS.
const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
credentials: {
accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
},
region: 'YOUR_REGION',
});
For more details, you can check its github repo: https://github.com/DTeam-Top/safe-signer
Top comments (0)