A not very complete library for using Google KMS with Ethers.js. Signing stuff works. I started building out logic for managing different keys on GCP and never got around to finishing it.
Tests are currently set up with a GCP account that no longer exists so the test file will need to be updated to be run.
Refer to ethers.js documentation for Signers.
You can use KmsSigner.sendTransaction(tx: TransactionRequest) to send a transaction. Many of the properties on TransactionRequest are optional but in produciton its recommended that you set them explicitly if you have the available values to save the Signer from making additional network requests to set the values.
Values we recommend to set explicitly:
- maxFeePerGas
- maxPriorityFeePerGas
- nonce
- chainId
-
Google application credentials must including
Cloud KMS CryptoKey SignerandCloud KMS CryptoKey Public Key Viewer. More on KMS roles here -
There's a default field on the key
destroyScheduledDuration: { seconds: '86400', nanos: 0 },which sounds like KMS will destroy the key after that duration. This would contradicts GCP's documentation around asymmetric key rotation. We'll want to make sure that the keys we're using are never destroyed because that would result in a loss of our funds.
yarn or npm i
yarn start or npm run start
yarn build or npm run build