This project provides a way to sign EVM transactions using AWS KMS (Key Management Service) with an asymmetric key. It leverages AWS KMS to secure private key management while enabling EVM-compatible signatures.
For a deeper understanding of the underlying mechanics, refer to the detailed guide.
Before getting started, ensure you have the following:
Note: Ensure you are running these commands in a bash terminal with your AWS credentials configured.
Create a .env file at the root of the project based on the provided .env.example template.
cp .env.example .envReplace the placeholder values in the .env file with your own configuration:
AWS_REGION- The AWS region where your KMS key is located.KMS_KEY_ID- The ID of the KMS Asymmetric key used for signing (If you already have a KMS key).RPC_PROVIDER_URL- The URL of the Ethereum-compatible RPC provider. You can use Hardhat's default URL (http://localhost:8545) for local testing.
Run the following command to install the project dependencies:
npm installIf you don't already have an AWS KMS key, you can create one by running:
npm run create-keyOnce the key is created, update your .env file with the KMS_KEY_ID value.
This test will deploy a simple smart contract, sign a transaction using KMS, and broadcast it to your RPC_PROVIDER_URL.
npm run test -- --silent --verboseYou can retrieve the public key and address of the KMS key by running the get-key-info script.
npm run get-key-infoYou can sign a custom transaction by running the sign-transaction script. First, update the transaction object in the ./scripts/sign-transaction.mjs file with the transaction details.
npm run sign-tx