Documentation ¶
Overview ¶
Package awskms uses the Amazon Web Services' Key Management Service to provide a signing interface for EVM-compatible transactions.
Rather than directly accessing a private key to sign a transaction, the client makes calls to the remote AWS KMS to do so and the private key never leaves the KMS.
Index ¶
- type AmazonKMSClient
- func (c AmazonKMSClient) GetAddress() common.Address
- func (c AmazonKMSClient) GetDefaultEVMTransactor() *bind.TransactOpts
- func (c AmazonKMSClient) GetEVMSignerFn() bind.SignerFn
- func (c AmazonKMSClient) GetPublicKey() (*ecdsa.PublicKey, error)
- func (c AmazonKMSClient) HasSignedTx(tx *types.Transaction) (bool, error)
- func (c AmazonKMSClient) SignHash(digest common.Hash) ([]byte, error)
- func (c *AmazonKMSClient) WithChainID(chainID *big.Int)
- func (c *AmazonKMSClient) WithSigner(signer types.Signer)
- type Config
- type StaticCredentialsConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AmazonKMSClient ¶
type AmazonKMSClient struct {
// contains filtered or unexported fields
}
AmazonKMSClient implements basic functionalities of an Amazon Web Services' KMS client for signing transactions.
func NewAmazonKMSClient ¶
func NewAmazonKMSClient(ctx context.Context, cfg Config, kmsClient *kms.Client, txSigner ...types.Signer) (*AmazonKMSClient, error)
NewAmazonKMSClient creates a new AWS KMS client with the given config.
If txSigner is not provided, the signer will be initiated as a types.NewLondonSigner(cfg.ChainID). Note that only the first value of txSigner is used.
Example:
ctx := context.Background() cfg := Config{ KeyID: "YOUR_KEY_ID_HERE", ChainID: 1, } awsCfg, err := config.LoadDefaultConfig(ctx, config.WithRegion("AWS_REGION"), config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider( "ACCESS_KEY_ID", "SECRET_ACCESS_KEY", "SESSION", )), ) if err != nil { panic(err) } kmsClient := kms.NewFromConfig(awsCfg) c, err = NewAmazonKMSClient(ctx, cfg, kmsClient) if err != nil { panic(err) }
func NewAmazonKMSClientWithStaticCredentials ¶ added in v0.2.0
func NewAmazonKMSClientWithStaticCredentials(ctx context.Context, cfg StaticCredentialsConfig, txSigner ...types.Signer) (*AmazonKMSClient, error)
NewAmazonKMSClientWithStaticCredentials is an alternative of NewAmazonKMSClient but uses a StaticCredentialsConfig.
func (AmazonKMSClient) GetAddress ¶
func (c AmazonKMSClient) GetAddress() common.Address
GetAddress returns the EVM address of the current signer.
func (AmazonKMSClient) GetDefaultEVMTransactor ¶
func (c AmazonKMSClient) GetDefaultEVMTransactor() *bind.TransactOpts
GetDefaultEVMTransactor returns the default KMS-backed instance of bind.TransactOpts. Only `Context`, `From`, and `Signer` fields are set.
func (AmazonKMSClient) GetEVMSignerFn ¶
func (c AmazonKMSClient) GetEVMSignerFn() bind.SignerFn
GetEVMSignerFn returns the EVM signer using the AWS KMS.
func (AmazonKMSClient) GetPublicKey ¶
func (c AmazonKMSClient) GetPublicKey() (*ecdsa.PublicKey, error)
GetPublicKey returns the public Key corresponding to the given keyId.
func (AmazonKMSClient) HasSignedTx ¶
func (c AmazonKMSClient) HasSignedTx(tx *types.Transaction) (bool, error)
HasSignedTx checks if the given tx is signed by the current AmazonKMSClient.
func (AmazonKMSClient) SignHash ¶
func (c AmazonKMSClient) SignHash(digest common.Hash) ([]byte, error)
SignHash calls the remote AWS KMS to sign a given digested message. Although the AWS KMS does not support keccak256 hash function (it uses SHA256 instead), it will not care about which hash function to use if you send the hash of message to the KMS.
func (*AmazonKMSClient) WithChainID ¶ added in v0.2.0
func (c *AmazonKMSClient) WithChainID(chainID *big.Int)
WithChainID assigns given chainID (and updates the corresponding signer) to the AmazonKMSClient.
func (*AmazonKMSClient) WithSigner ¶ added in v0.1.1
func (c *AmazonKMSClient) WithSigner(signer types.Signer)
WithSigner assigns the given signer to the AmazonKMSClient.
type Config ¶
type Config struct { // KeyID is the ID of the working AWS KMS key. KeyID string `json:"KeyID"` // ChainID is the ID of the target EVM chain. // // See https://chainlist.org. ChainID uint64 `json:"ChainID"` }
Config represents required information to create an AWS KMS client.
func LoadConfigFromFile ¶
LoadConfigFromFile loads the config from the given config file.
type StaticCredentialsConfig ¶ added in v0.2.0
type StaticCredentialsConfig struct { Config // Region is the region of the AWS KMS Key. Region string `json:"Region"` // AccessKeyID is the access key ID of the given account for the sake of connecting to the remote AWS client. AccessKeyID string `json:"AccessKeyID"` // SecretAccessKey is the secret key for the AccessKeyID. SecretAccessKey string `json:"SecretAccessKey"` // SessionToken is the session ID. SessionToken string `json:"SessionToken,omitempty"` }
StaticCredentialsConfig consists of AWS KMS Config with static credentials.
Example:
scConfig = StaticCredentialsConfig{ KeyID: "KEY_ID", ChainID: 0, Region: "REGION_ID", AccessKeyID: "ACCESS_KEY_ID", SecretAccessKey: "SECRET_ACCESS_KEY", SessionToken: "SESSION_TOKEN", }
func LoadStaticCredentialsConfigConfigFromFile ¶ added in v0.2.0
func LoadStaticCredentialsConfigConfigFromFile(filePath string) (*StaticCredentialsConfig, error)
LoadStaticCredentialsConfigConfigFromFile loads a static credential config from the given config file.
func (StaticCredentialsConfig) IsValid ¶ added in v0.2.0
func (cfg StaticCredentialsConfig) IsValid() (bool, error)