Sign ETH transactions with keys stored in AWS KMS.
Project description
Ethereum KMS Signer
Sign ETH transactions with keys stored in AWS KMS
- Free software: MIT
- Documentation: https://meetmangukiya.github.io/ethereum-kms-signer
Features
- Sign Transactions
Video Demo
Why?
In the crypto world, all the assets, tokens, crypto you might own is protected by the secrecy of the private key. This leads to a single point of failure in cases of leaking of private keys or losing keys because of lack of backup or any number of reasons. It becomes even harder when you want to share these keys as an organization among many individuals.
Using something like AWS KMS can help with that and can provide full benefits of all the security features it provides. Sigantures can be created without the key ever leaving the AWS's infrastructure and could be effectively shared among individuals.
This library provides a simple and an easy-to-use API for using AWS KMS to sign ethereum
transactions and an easy integration with web3.py making it practical for using KMS to
manage your private keys.
Quickstart
Get ethereum address from KMS key
from ethereum_kms_signer import get_eth_address
address = get_eth_address('THE-AWS-KMS-ID')
print(address)
Sign a transaction object with KMS key
from ethereum_kms_signer import sign_transaction
dai_txn = dai.functions.transfer(
web3.toChecksumAddress(to_address.lower()), amount
).buildTransaction(
{
"nonce": nonce,
}
)
# Signing the transaction with KMS key
signed_tx = sign_transaction(dai_txn, key_id)
# send transaction
tx_hash = web3.eth.sendRawTransaction(signed_tx.rawTransaction)
Provisioning AWS KMS key with terraform
An ECC_SECG_P256K1 key can be provisioned using terraform by using the following
configuration along with the aws provider. More details can be found on
provider docs
resource "aws_kms_key" "my_very_secret_eth_account" {
description = "ETH account #1"
key_usage = "SIGN_VERIFY"
customer_master_key_spec = "ECC_SECG_P256K1"
}
resource "aws_kms_alias" "my_very_secret_eth_account" {
name = "eth-account-1"
target_key_id = aws_kms_key.my_very_secret_eth_account.id
}
Examples
Few examples can be found here.
Credits
This package was created with Cookiecutter and the zillionare/cookiecutter-pypackage project template.
This article has served as a good resource for implementing the functionality
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ethereum_kms_signer-0.1.6.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 681f40e84fafd13e20cdecc27cec5af1f65a7d69de6b13b0df6934aa5d408748 |
|
| MD5 | 3b98c48884620224c85a45cb12dd6404 |
|
| BLAKE2b-256 | ee391c472f6d204aeae65e5b949997030aab3ad30f876abc4242577d28de2977 |
Hashes for ethereum_kms_signer-0.1.6-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3902609834836d1bf46e0e7175cdf71794db1eb789de69e0bf550bc796f94095 |
|
| MD5 | 1b324122889f81c4eaa2fb366232da7d |
|
| BLAKE2b-256 | 74a8c7d839b7f5e82fa80859bc33bcc63fa166f3bdc6b03008e1fc3d526e9429 |
