@mysten/kms

Sui KMS Signers

The Sui KMS Signers package provides a set of tools for securely signing transactions using Key Management Services (KMS) like AWS KMS.

Table of Contents

• AWS KMS Signer
  • Usage
  • API
    • fromKeyId
      • Parameters
      • Examples

AWS KMS Signer

The AWS KMS Signer allows you to leverage AWS's Key Management Service to sign Sui transactions.

Usage

import { AwsKmsSigner } from '@mysten/kms/aws';

const prepareSigner = async () => {
	const { AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, AWS_KMS_KEY_ID } = process.env;

	return AwsKmsSigner.fromKeyId(AWS_KMS_KEY_ID, {
		region: AWS_REGION,
		accessKeyId: AWS_ACCESS_KEY_ID,
		secretAccessKey: AWS_SECRET_ACCESS_KEY,
	});
};

API

fromKeyId

Create an AWS KMS signer from AWS Key ID and AWS credentials. This method initializes the signer with the necessary AWS credentials and region information, allowing it to interact with AWS KMS to perform cryptographic operations.

Parameters

• keyId string The AWS KMS key ID.
• options object An object containing AWS credentials and region.
  • region string The AWS region.
  • accessKeyId string The AWS access key ID.
  • secretAccessKey string The AWS secret access key.

Examples

const signer = await AwsKmsSigner.fromKeyId('your-kms-key-id', {
	region: 'us-west-2',
	accessKeyId: 'your-access-key-id',
	secretAccessKey: 'your-secret-access-key',
});

Returns Promise<AwsKmsSigner> An instance of AwsKmsSigner.

Notice: AWS Signer requires Node >=20 due to dependency on crypto