3
如何安全地创建服务端 Signer 或 Wallet?
source link: https://blog.dteam.top/posts/2023-05/safe-signer.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
如何安全地创建服务端 Signer 或 Wallet?
胡键 Posted at — May 6, 2023
阅读 19
在开发以太坊应用时难免会遇到后端服务也需要 wallet 的场景,此时如何安全地创建服务端 wallet 就成了首先要解决的问题。 safe-signer 为这个问题提供了便捷的解决方案,开发者可以通过它方便地从第三方安全存储(即私钥的保存地)创建出 ethers.Signer。当前版本支持:
- 私钥(仅限于测试,不建议用在生产环境中使用)
- AWS Secrets Manager
- AWS Key Management Service (KMS)
- Hashicorp Vault
目前仅支持
ethers@^5
。
Node >= 16.
npm i @dteam/safe-signer
Javascript:
const SafeSigner = require("@dteam/safe-signer");
Typescript:
import SafeSigner from "@dteam/safe-signer";
fromPrivateKey
,返回 Wallet。
const privateKeyWallet = await SafeSigner.fromPrivateKey("YOUR_PRIVATE_KEY");
fromEnv
,返回 Wallet。
const envWallet = await SafeSigner.fromEnv("ENV_VAR_FOR_PRIVATE_KEY");
fromAwsSecretsManager
,返回 Wallet。
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
{
SecretId: "FULL_ARN_FOR_SECRET",
SecretKeyName: "KEY_NAME_STORED_PRIVATE_KEY",
},
{
credentials: {
accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
},
region: "YOUR_REGION",
}
);
fromHashicorpVault
,返回 Wallet。
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
{
// you can set to your own vault server
// baseUrl: 'http://127.0.0.1:8200/v1',
rootPath: "secret",
timeout: 6000,
secretName: "wallet-secret",
secretKey: "privateKey",
},
// login method can be any of the following:
// {token: 'plaintext-token'}
// {appRole: {roleId: 'roleId', secretId: 'secretId'}}
// {cert: {certName: 'certName'}}
// {k8s: {role: 'role', jwt: 'jwt'}}
// {ldap: {username: 'user', password: 'password'}}
// {userpass: {username: 'user', password: 'password'}}
{ token: "vault-plaintext-token" },
{ secretName: "wallet-secret", secretKey: "privateKey" }
);
fromAwsKms
,返回 Signer,因为无法直接从 AWS KMS 获得私钥。
const awsKmsSigner = await SafeSigner.fromAwsKms("YOUR_AWS_KMS_KEY_ARN", {
credentials: {
accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
},
region: "YOUR_REGION",
});
觉得有帮助的话,不妨考虑购买付费文章来支持我们 🙂 :
付费文章Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK