DTeam 技术日志

Doer、Delivery、Dream

如何安全地创建服务端 Signer 或 Wallet?

胡键 Posted at — May 6, 2023 阅读

在开发以太坊应用时难免会遇到后端服务也需要 wallet 的场景,此时如何安全地创建服务端 wallet 就成了首先要解决的问题。 safe-signer 为这个问题提供了便捷的解决方案,开发者可以通过它方便地从第三方安全存储(即私钥的保存地)创建出 ethers.Signer。当前版本支持:

注意:

目前仅支持 ethers@^5

安装

Node >= 16.

npm i @dteam/safe-signer

导入

Javascript:

const SafeSigner = require("@dteam/safe-signer");

Typescript:

import SafeSigner from "@dteam/safe-signer";

用法示例

  1. fromPrivateKey,返回 Wallet。
const privateKeyWallet = await SafeSigner.fromPrivateKey("YOUR_PRIVATE_KEY");
  1. fromEnv,返回 Wallet。
const envWallet = await SafeSigner.fromEnv("ENV_VAR_FOR_PRIVATE_KEY");
  1. fromAwsSecretsManager,返回 Wallet。
const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
  {
    SecretId: "FULL_ARN_FOR_SECRET",
    SecretKeyName: "KEY_NAME_STORED_PRIVATE_KEY",
  },
  {
    credentials: {
      accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
      secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
    },
    region: "YOUR_REGION",
  }
);
  1. fromHashicorpVault,返回 Wallet。
const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
  {
    // you can set to your own vault server
    // baseUrl: 'http://127.0.0.1:8200/v1',
    rootPath: "secret",
    timeout: 6000,
    secretName: "wallet-secret",
    secretKey: "privateKey",
  },
  // login method can be any of the following:
  // {token: 'plaintext-token'}
  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
  // {cert: {certName: 'certName'}}
  // {k8s: {role: 'role', jwt: 'jwt'}}
  // {ldap: {username: 'user', password: 'password'}}
  // {userpass: {username: 'user', password: 'password'}}
  { token: "vault-plaintext-token" },
  { secretName: "wallet-secret", secretKey: "privateKey" }
);
  1. fromAwsKms,返回 Signer,因为无法直接从 AWS KMS 获得私钥。
const awsKmsSigner = await SafeSigner.fromAwsKms("YOUR_AWS_KMS_KEY_ARN", {
  credentials: {
    accessKeyId: "YOUR_AWS_ACCESS_KEY_ID",
    secretAccessKey: "YOUR_AWS_SECRET_ACCESS_KEY",
  },
  region: "YOUR_REGION",
});

觉得有帮助的话,不妨考虑购买付费文章来支持我们 🙂 :

付费文章

友情链接


相关文章