ethers-gcp-kms-signer
Installation
Cargo
cargo add ethers-gcp-kms-signer
Usage
Signer
use *;
use ;
let project_id = var.expect;
let location = var.expect;
let keyring = var.expect;
let key_name = var.expect;
let keyring = new;
let provider = new
.await
.expect;
let signer = new
.await
.expect;
You can then use it as regular ethers
signer:
let provider = try_from.unwrap.with_signer;
Credentials
The library will attempt to load credentials in the typical fashion for GCP-
- If the application is running in a k8s cluster, it should automatically pick up credentials
- If the
GOOGLE_APPLICATION_CREDENTIALS
environment is set, attempt to load a service account JSON from this path
Demo
An example app is included in the repo, with terraform manifests to provision a HSM-based key, create a service account with permission to sign using the key, and export a json key with the credentials of this service account.
First, init and apply the terraform:
$ cd example/terraform
$ terraform init
$ terraform apply
Output the service account credentials:
$ terraform output service_account_key > service_account_key.json
To export the service account key in a usable format:
$ cat service_account_key.json | jq -r | base64 -d > ../demo-app/service_account_key.json
To run the example:
❯ export GOOGLE_PROJECT_ID=<project_id>
❯ export GOOGLE_LOCATION=<location>
❯ export GOOGLE_KEYRING=<keyring-name>
❯ export GOOGLE_KEY_NAME=<key-name>
❯ export GOOGLE_APPLICATION_CREDENTIALS=service_account_key.json
❯ cargo run
Compiling demo-app v0.1.0 (/home/grw/src/ethers-gcp-kms-signer/example/demo-app)
Finished dev [unoptimized + debuginfo] target(s) in 6.14s
Running `target/debug/demo-app`
Created signer: GcpKmsSigner { ... }
Signer address: 0xa2e83c0ecc9ffeddb34e027bf3c44971c45fca12
Anvil running at `http://localhost:40023`
Sent 1 ETH to the signer
Sent 1 Wei from the signer
Signer balance: 999960621324999999
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
See CONTRIBUTING.md.