ethers-gcp-kms-signer
Installation
Cargo
cargo add ethers-gcp-kms-signer
Usage
Signer
use ethers::prelude::*;
use ethers_gcp_kms_signer::{GcpKeyRingRef, GcpKmsProvider, GcpKmsSigner};
let project_id = std::env::var("GOOGLE_PROJECT_ID").expect("GOOGLE_PROJECT_ID");
let location = std::env::var("GOOGLE_LOCATION").expect("GOOGLE_LOCATION");
let keyring = std::env::var("GOOGLE_KEYRING").expect("GOOGLE_KEYRING");
let key_name = std::env::var("GOOGLE_KEY_NAME").expect("GOOGLE_KEY_NAME");
let keyring = GcpKeyRingRef::new(&project_id, &location, &keyring);
let provider = GcpKmsProvider::new(keyring)
.await
.expect("Failed to create GCP KMS provider");
let signer = GcpKmsSigner::new(provider, key_name.to_string(), 1, 1)
.await
.expect("get key");
You can then use it as regular ethers signer:
let provider = Provider::<Http>::try_from(RPC_URL).unwrap().with_signer(signer);
Credentials
The library will attempt to load credentials in the typical fashion for GCP-
- If the application is running in a k8s cluster, it should automatically pick up credentials
- If the
GOOGLE_APPLICATION_CREDENTIALSenvironment is set, attempt to load a service account JSON from this path
Demo
An example app is included in the repo, with terraform manifests to provision a HSM-based key, create a service account with permission to sign using the key, and export a json key with the credentials of this service account.
First, init and apply the terraform:
$ cd example/terraform
$ terraform init
$ terraform apply
To export the service account key in a usable format:
$ cat service_account_key.json | jq -r | base64 -d > ../demo-app/service_account_key.json
To run the example:
❯ export GOOGLE_PROJECT_ID=<project_id>
❯ export GOOGLE_LOCATION=<location>
❯ export GOOGLE_KEYRING=<keyring-name>
❯ export GOOGLE_KEY_NAME=<key-name>
❯ export GOOGLE_APPLICATION_CREDENTIALS=service_account_key.json
❯ cargo run
Compiling demo-app v0.1.0 (/home/grw/src/ethers-gcp-kms-signer/example/demo-app)
Finished dev [unoptimized + debuginfo] target(s) in 6.14s
Running `target/debug/demo-app`
Created signer: GcpKmsSigner { ... }
Signer address: 0xa2e83c0ecc9ffeddb34e027bf3c44971c45fca12
Anvil running at `http://localhost:40023`
Sent 1 ETH to the signer
Sent 1 Wei from the signer
Signer balance: 999960621324999999
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
See CONTRIBUTING.md.
106 Dec 8, 2022
11 Jan 12, 2022
20 Nov 3, 2022
11 Nov 9, 2022
38 Dec 24, 2022
118 Dec 24, 2022
1 Nov 21, 2021
11 Sep 5, 2022
10 Sep 25, 2022
3 Dec 15, 2022
169 Jun 23, 2023
4 Dec 30, 2022
54 Apr 19, 2023
230 Apr 25, 2023
14 May 28, 2023
38 Sep 5, 2023
3 Sep 27, 2023
3k Jan 2, 2023
252 Dec 26, 2022