在开发以太坊应用时难免会遇到后端服务也需要 wallet 的场景,此时如何安全地创建服务端 wallet 就成了首先要解决的问题。 safe-signer 为这个问题提供了便捷的解决方案,开发者可以通过它方便地从第三方安全存储(即私钥的保存地)创建出 ethers.Signer。当前版本支持:
注意:
目前仅支持
ethers@^5
。
Node >= 16.
npm i @dteam/safe-signer
Javascript:
const SafeSigner = require("@dteam/safe-signer");
Typescript:
import SafeSigner from "@dteam/safe-signer";
fromPrivateKey
,返回 Wallet。const privateKeyWallet = await SafeSigner.fromPrivateKey("YOUR_PRIVATE_KEY");
fromEnv
,返回 Wallet。const envWallet = await SafeSigner.fromEnv("ENV_VAR_FOR_PRIVATE_KEY");
fromAwsSecretsManager
,返回 Wallet。const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
{
SecretId: "FULL_ARN_FOR_SECRET",
SecretKeyName: "KEY_NAME_STORED_PRIVATE_KEY",
},
{
credentials: {
accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
},
region: "YOUR_REGION",
}
);
fromHashicorpVault
,返回 Wallet。const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
{
// you can set to your own vault server
// baseUrl: 'http://127.0.0.1:8200/v1',
rootPath: "secret",
timeout: 6000,
secretName: "wallet-secret",
secretKey: "privateKey",
},
// login method can be any of the following:
// {token: 'plaintext-token'}
// {appRole: {roleId: 'roleId', secretId: 'secretId'}}
// {cert: {certName: 'certName'}}
// {k8s: {role: 'role', jwt: 'jwt'}}
// {ldap: {username: 'user', password: 'password'}}
// {userpass: {username: 'user', password: 'password'}}
{ token: "vault-plaintext-token" },
{ secretName: "wallet-secret", secretKey: "privateKey" }
);
fromAwsKms
,返回 Signer,因为无法直接从 AWS KMS 获得私钥。const awsKmsSigner = await SafeSigner.fromAwsKms("YOUR_AWS_KMS_KEY_ARN", {
credentials: {
accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
},
region: "YOUR_REGION",
});
觉得有帮助的话,不妨考虑购买付费文章来支持我们 🙂 :
付费文章