evm-signer

The evm-signer/ package contains libraries for signing messages and transactions with hardware security modules (HSMs). At this time, only GCP KMS-managed HSMs are supported, but we hope to add support for AWS Cloud HSM, Azure Dedicated HSM, and self-hosted HSMs.

Prerequisites

We'll assume that you've set up a Google Cloud account and created an HSM key with Purpose Asymmetric sign and with Algorithm Elliptic Curve secp256k1 - SHA256 Digest.

You'll need to set appropriate GOOGLE_APPLICATION_CREDENTIALS for submitting requests. The easiest way is to create a service account with the roles/cloudkms.signer and roles/cloudkms.publicKeyViewer minimum permission set.

You should add a new JSON key to your service account, and download it. Then set

$ export GOOGLE_APPLICATION_CREDENTIALS=key.json

pointing to the downloaded keyfile.

Installing

You can install with npm:

$ npm install @dropyacht/evm-signer