ethers-rs signer using GCP KMS

Overview

ethers-gcp-kms-signer

Crates.io Docs.rs CI

Installation

Cargo

cargo add ethers-gcp-kms-signer

Usage

Signer

use ethers::prelude::*;
use ethers_gcp_kms_signer::{GcpKeyRingRef, GcpKmsProvider, GcpKmsSigner};

let project_id = std::env::var("GOOGLE_PROJECT_ID").expect("GOOGLE_PROJECT_ID");
let location = std::env::var("GOOGLE_LOCATION").expect("GOOGLE_LOCATION");
let keyring = std::env::var("GOOGLE_KEYRING").expect("GOOGLE_KEYRING");
let key_name = std::env::var("GOOGLE_KEY_NAME").expect("GOOGLE_KEY_NAME");

let keyring = GcpKeyRingRef::new(&project_id, &location, &keyring);
let provider = GcpKmsProvider::new(keyring)
    .await
    .expect("Failed to create GCP KMS provider");
let signer = GcpKmsSigner::new(provider, key_name.to_string(), 1, 1)
    .await
    .expect("get key");

You can then use it as regular ethers signer:

let provider = Provider::<Http>::try_from(RPC_URL).unwrap().with_signer(signer);

Credentials

The library will attempt to load credentials in the typical fashion for GCP-

  • If the application is running in a k8s cluster, it should automatically pick up credentials
  • If the GOOGLE_APPLICATION_CREDENTIALS environment is set, attempt to load a service account JSON from this path

Demo

An example app is included in the repo, with terraform manifests to provision a HSM-based key, create a service account with permission to sign using the key, and export a json key with the credentials of this service account.

First, init and apply the terraform:

$ cd example/terraform
$ terraform init
$ terraform apply

To export the service account key in a usable format:

$ cat service_account_key.json | jq -r | base64 -d > ../demo-app/service_account_key.json

To run the example:

export GOOGLE_PROJECT_ID=<project_id>export GOOGLE_LOCATION=<location>export GOOGLE_KEYRING=<keyring-name>export GOOGLE_KEY_NAME=<key-name>export GOOGLE_APPLICATION_CREDENTIALS=service_account_key.json
❯ cargo run
   Compiling demo-app v0.1.0 (/home/grw/src/ethers-gcp-kms-signer/example/demo-app)
    Finished dev [unoptimized + debuginfo] target(s) in 6.14s
     Running `target/debug/demo-app`
Created signer: GcpKmsSigner { ... }
Signer address: 0xa2e83c0ecc9ffeddb34e027bf3c44971c45fca12
Anvil running at `http://localhost:40023`
Sent 1 ETH to the signer
Sent 1 Wei from the signer
Signer balance: 999960621324999999

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

See CONTRIBUTING.md.

You might also like...
Exploration of using Storage instead of Allocator to parameterize collections in Rust

storage-poc aims at exploring the usage of custom Storages, rather than custom Allocators. Goals This is a Proof-of-Concept aiming at: Demonstrating t

A CLI Twitter client using kuon
A CLI Twitter client using kuon

petit A TUI Twitter client using kuon Install Use cargo $ cargo install petit How to use # Login for twitter $ petit login # Tweet $ petit tweet "Thi

Fast Hilbert space-filling curve transformation using a LUT
Fast Hilbert space-filling curve transformation using a LUT

Fast Hilbert Fast Hilbert 2D curve computation using an efficient Lookup Table (LUT). Convert from discrete 2D space to 1D hilbert space and reverse V

QuickDash A modern alternative to QuickSFV using Rust.
QuickDash A modern alternative to QuickSFV using Rust.

QuickDash A modern alternative to QuickSFV using Rust. It's supports BLAKE3 and BLAKE2 hashes, CRC32, MD5, SHA1, SHA2, SHA3, xxHash The docs for user

shavee is a Program to automatically decrypt and mount ZFS datasets using Yubikey HMAC as 2FA or any USB drive with support for PAM to auto mount home directories.

shavee is a simple program to decrypt and mount encrypted ZFS user home directories at login using Yubikey HMAC or a Simple USB drive as 2FA written in rust.

Decrypt your LUKS partition using a FIDO2 compatible authenticator

fido2luks This will allow you to unlock your LUKS encrypted disk with an FIDO2 compatible key. Note: This has only been tested under Fedora 31, Ubuntu

Example crate using fltk-build

white-frame This is just an example showing the use of fltk-build to create native C/C++ FLTK and cfltk modules for fltk-rs. This repo contains 2 exam

A prototype project integrating jni rust into Kotlin and using protobuf to make them work together

KotlinRustProto a prototype project integrating jni rust into Kotlin and using protobuf to make them work together How to start add a RPC call in Droi

Port path module (and tests) of nodejs to rust using the same algorithms.

rusty_nodejs_path Port path module (and tests) of nodejs to rust using the same algorithms. crates.io Documents Progress posix path.basename(path[, ex

Comments
  • Bump tonic from 0.8.3 to 0.9.1

    Bump tonic from 0.8.3 to 0.9.1

    Bumps tonic from 0.8.3 to 0.9.1.

    Changelog

    Sourced from tonic's changelog.

    v0.9.1 (2023-04-03)

    Features

    • transport: Update rustls to 0.21 (#1340)

    v0.9.0 (2023-03-31)

    All tonic-* crates owned by this repository will now be versioned together to make it easier to understand which crate matches the core tonic crate version.

    Breaking Changes

    • All crates bumped to 2021 edition
    • tonic-health and tonic-reflection internal protobuf module renamed.
    • Default decoding message limit set to 4MiB by default.

    Bug Fixes

    Features

    • add GrpcMethod extension into request for client (#1275) (7a6b20d)
    • build: Builder: add {enum,message}_attributes (#1234) (ff642f9)
    • codec: Configure max request message size (#1274) (9f716d8), closes #1097
    • core: Default encoding/decoding limits (#1335) (ff33119)
    • reflection: Add dummy implementation for extension (#1209) (fdff111)
    • Rename api related to protobuf (#1224) (d2542dc)
    • tls: add an option for optional TLS client authentication (#1163) (773e4e1), closes #687
    • tonic: Use NamedService without transport feature (#1273) (5acde56)
    • transport: Add local_addr to Request o (#1327) (b54ce23)
    • transport: added support for EC keys (#1145) (17d6a4b), closes #1143
    • types: Add gRPC Richer Error Model support (Docs) (#1317) (69ce71e)
    • types: Add gRPC Richer Error Model support (Examples) (#1300) (d471212)
    • types: Add gRPC Richer Error Model support (Help) (#1293) (d6041a9)
    • types: Add gRPC Richer Error Model support (LocalizedMessage) (#1295) (d54d02d)
    • types: Add gRPC Richer Error Model support (PreconditionFailure) (#1276) (2378581)
    • types: Add gRPC Richer Error Model support (QuotaFailure) (#1204) (03b4735)
    • types: Add gRPC Richer Error Model support (ResourceInfo) (#1282) (7eeda24)
    • types: Add gRPC Richer Error Model support (RetryInfo) (#1095) (6cdb3d4)
    • types: add support for DebugInfo error message type (#1179) (3076e82)
    • types: Expose FILE_DESCRIPTOR_SET (#1210) (cc42d1f)
    • core: Make some functionality of Status public (#1256)
    • core: Expose Response#into_parts and Response#from_parts (#1263)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 2
  • Bump gcloud-sdk from 0.19.19 to 0.20.1

    Bump gcloud-sdk from 0.19.19 to 0.20.1

    Bumps gcloud-sdk from 0.19.19 to 0.20.1.

    Release notes

    Sourced from gcloud-sdk's releases.

    v0.20.1

    What's Changed

    Full Changelog: https://github.com/abdolence/gcloud-sdk-rs/compare/v0.19.19...v0.20.1

    Commits
    • c4bf983 (cargo-release) version 0.20.1
    • bfce241 Docs and examples fixes
    • d56f576 (cargo-release) start next development iteration 0.20.1-alpha.0
    • 9c6d741 (cargo-release) version 0.20.0
    • a9bd05d Update Rust crate prettyplease to 0.2 (#69)
    • 6f700df Update Rust crate tonic to 0.9 (#72)
    • 7129ad9 Update Rust crate syn to v2 (#68)
    • fea1fe5 Update Rust crate tonic-build to 0.9 (#73)
    • 51855c3 Google APIs updated at 2023-04-05 (#75)
    • 4166dcc Fixed cron for auto pr
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
Owner
null
Bitcoin PSBT signer, descriptor exporter and more for offline devices.

KeeChain Description KeeChain is a Bitcoin application to transform your offline computer in an AirGap Signing Device (aka Hardware Wallet). Getting s

Yuki Kishimoto 3 Dec 15, 2022
An open source, high performance limit order book for the Seaport smart contracts. Implemented in Rust using ethers-rs, this offers a turnkey option for digital asset marketplaces.

Quay Quay is an open source, high performance backend for the Seaport smart contracts. The project is implemented in Rust, using Postgres as a storage

Valorem Labs Inc. 169 Jun 23, 2023
Ethernaut solutions with ethers-rs

the full repository is using Ethers-rs for the finding of CTF unless requirement of smart contract like in case of re-entrancy. best way get good at e

Advock 4 Dec 30, 2022
An MEV back-running template for ethers-rs

MEV price prediction I show how to predict ChainLink price updates from the mempool. For the sake of illustration I work with AAVE V2 price oracles. E

Andrea Simeoni 54 Apr 19, 2023
An extensible and practical demonstration of constructing evm-based sandwich attacks built with ethers-rs and Huff language.

subway-rs • Construct evm-based sandwich attacks using Rust and Huff. Getting Started subway-rs is a port of libevm's original subway, implemented wit

refcell.eth 230 Apr 25, 2023
Ethers-rs CCIP-Read Middleware

Ethers-rs CCIP-Read Middleware Ready to dive into the world of cross-chain data access? Look no further! This Rust library provides an Ethers middlewa

Ethereum Name Service (ENS) 14 May 28, 2023
ethers-rs scripting boilerplate

ethers-rs script boilerplate ethers-rs is a great blockchain scripting framework! This repo contains the essentials I find are useful when reading/wri

null 38 Sep 5, 2023
Key derivation and cryptographic signing functionality for Ethereum applications (ethers-rs)

ethers-signer-factory ethers-signer-factory is a Rust crate that provides functions for key derivation and signing of Ethereum transactions and messag

Ilia 3 Sep 27, 2023
Safe, fast, small crypto using Rust

THE SOFTWARE IS PROVIDED "AS IS" AND BRIAN SMITH AND THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES

Brian Smith 3k Jan 2, 2023
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

x25519-dalek A pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek. This

dalek cryptography 252 Dec 26, 2022