Ethereum KMS Signer

Sign ETH transactions with keys stored in AWS KMS

Free software: MIT
Documentation: https://meetmangukiya.github.io/ethereum-kms-signer

Features

Sign Transactions

Video Demo

Why?

In the crypto world, all the assets, tokens, crypto you might own is protected by the secrecy of the private key. This leads to a single point of failure in cases of leaking of private keys or losing keys because of lack of backup or any number of reasons. It becomes even harder when you want to share these keys as an organization among many individuals.

Using something like AWS KMS can help with that and can provide full benefits of all the security features it provides. Sigantures can be created without the key ever leaving the AWS's infrastructure and could be effectively shared among individuals.

This library provides a simple and an easy-to-use API for using AWS KMS to sign ethereum transactions and an easy integration with web3.py making it practical for using KMS to manage your private keys.

Quickstart

Get ethereum address from KMS key

from ethereum_kms_signer import get_eth_address
address = get_eth_address('THE-AWS-KMS-ID')
print(address)

Sign a transaction object with KMS key

from ethereum_kms_signer import sign_transaction

dai_txn = dai.functions.transfer(
    web3.toChecksumAddress(to_address.lower()), amount
).buildTransaction(
    {
        "nonce": nonce,
    }
)

# Signing the transaction with KMS key
signed_tx = sign_transaction(dai_txn, key_id)

# send transaction
tx_hash = web3.eth.sendRawTransaction(signed_tx.rawTransaction)

Provisioning AWS KMS key with terraform

An ECC_SECG_P256K1 key can be provisioned using terraform by using the following configuration along with the aws provider. More details can be found on provider docs

resource "aws_kms_key" "my_very_secret_eth_account" {
    description                 = "ETH account #1"
    key_usage                   = "SIGN_VERIFY"
    customer_master_key_spec    = "ECC_SECG_P256K1"
}

resource "aws_kms_alias" "my_very_secret_eth_account" {
    name            = "eth-account-1"
    target_key_id   = aws_kms_key.my_very_secret_eth_account.id
}

Examples

Few examples can be found here.

Credits

This package was created with Cookiecutter and the zillionare/cookiecutter-pypackage project template.

This article has served as a good resource for implementing the functionality

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
.github		.github
docs		docs
ethereum_kms_signer		ethereum_kms_signer
examples		examples
tests		tests
.coveragerc		.coveragerc
.editorconfig		.editorconfig
.flake8		.flake8
.gitignore		.gitignore
.isort.cfg		.isort.cfg
.pre-commit-config.yaml		.pre-commit-config.yaml
.rgignore		.rgignore
AUTHORS.md		AUTHORS.md
CONTRIBUTING.md		CONTRIBUTING.md
HISTORY.md		HISTORY.md
LICENSE		LICENSE
README.md		README.md
mkdocs.yml		mkdocs.yml
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
pyrightconfig.json		pyrightconfig.json
tox.ini		tox.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Ethereum KMS Signer

Features

Video Demo

Why?

Quickstart

Get ethereum address from KMS key

Sign a transaction object with KMS key

Provisioning AWS KMS key with terraform

Examples

Credits

About

Releases 7

Packages

Contributors 2

Languages

License

meetmangukiya/ethereum-kms-signer

Folders and files

Latest commit

History

Repository files navigation

Ethereum KMS Signer

Features

Video Demo

Why?

Quickstart

Get ethereum address from KMS key

Sign a transaction object with KMS key

Provisioning AWS KMS key with terraform

Examples

Credits

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 7

Packages 0

Contributors 2

Languages

Packages