signing-azure-keyvault-secp256k1-ethereum

step by step tutorial to sign ethereum transaction using azure keyvault, web3py and python3

Tests:

Credits

Javascript version: https://github.com/tmarkovski/ethereumjs-tx-keyvault/

Dependencies

Python 3 and requirements:

pip install -r requirements.txt

Known issues

Some crypto-related python libraries require some special dependencies

Ubuntu:

sudo apt-get install build-essential automake libtool pkg-config libffi-dev python-dev python-pip libsecp256k1-dev

MacOS:

brew install openssl libtool pkg-config automake
export LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include"

Tutorial

Create a Service Principal that would have access to your key

https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest

Create a Key Vault

Login on the Azure Portal ( https://portal.azure.com/ )

• Go to Key Vaults

• Create a new Keyvault

• Set up policies of your keyvault to the Service Principal

Create a SECP256K1 Key

• Go to your keyvault

• Create a new key and select SECP256k1 options

• Done

Create config.py

Copy the contents of config.py.sample to a new file named config.py and fill it with your secrets

Your service principal credentials:

• CLIENT_ID is a UUID
• PASSWORD is the password

The Vault details:

• TENANT_ID is the directory ID, available in the keyvault overview
• VAULT_URL is the Vault link, available in the keyvault overview as DNS Name

The Key details:

• KEY_NAME is the key name
• KEY_VERSION is the key version

Run the example

Run a ganache-cli instance

ganache-cli

Makes sure that the address has enough balance.

You might need to change the nonce manually (in the example.py) or replace it with getTransactionCount ( https://web3py.readthedocs.io/en/stable/web3.eth.html#web3.eth.Eth.getTransactionCount )

python3 example.py