tezos-kms
is a typescript library which provides functionality for using keys stored in AWS KMS for operations in Tezos.
In order to use keys you will need to configure a key in AWS KMS. Steps 1-12 of the Harbinger Setup Guide provide a brief overview of how to achieve this.
import { TezosKmsClient } from '@tacoinfra/tezos-kms'
const awsKeyId = 'x' // Place your key here.
const awsRegion = 'eu-west-1'
const kmsClient = new TezosKmsClient(awsKeyId, awsRegion)
console.log(await kmsClient.getPublicKey()) // sppk...
console.log(await kmsClient.getPublicKeyHash()) // tz2...
const bytes = Buffer.from('deadbeef', 'hex')
console.log(await kmsClient.signOperation(bytes)) // <bytes>
console.log(await kmsClient.signOperationBase58(bytes)) // spsig...
An example is given in tests. However, TezosKmsSigner
may be exported by this module in the future.
$ npm i
$ npm run build
Correct tests with, particularly, mocks for responses from AWS are a TODO. Tests can be launched now following these steps:
- Create a .env file and add these variables:
KMS_KEY_ID
- id of KMS key.AWS_REGION
- AWS region to use for getting the key.SEND_TEZ_DESTINATION
- destination of test transfer of 1 mutez.RPC_URL
- URL of RPC for the network where transfer should be made.AWS_ACCESS_KEY_ID
- access key ID of AWS accountAWS_SECRET_ACCESS_KEY
- secret access key of AWS account
- Get PKH of the account which corresponds to your KMS key using this command:
npm run get-kms-pkh <kms-key-id> <aws-region>
- If the balance of account is too low to pay for transfer of 1 mutez, transfer some TEZ to the account to enable it to pay.
- Run tests with command
npm run test
Harbinger is written and maintained by Luke Youngblood and Keefer Taylor.