woj
@woj.eth
can you use aws kms to store ethereum/solana keys? did anyone see it in prod?
14 replies
0 recast
40 reactions
Haardik
@haardikkk
Yeah all major cloud providers should support it. You can store them in kms and use smth like consensys/web3signer for evm side of things to do remote signing without loading the priv key directly in memory. There's probably some solana equivalent too
0 reply
0 recast
4 reactions
Tayyab - d/acc
@tayyab
AWS “kill my self” is my favorite service from them
1 reply
0 recast
3 reactions
scottrepreneur
@scottrepreneur.eth
Common approach + hashicorp vault
0 reply
0 recast
2 reactions
Joe Petrich 🟪
@jpetrich
I've done it with GCP and open sourced it because there were no public examples using go. Maybe it helps: https://github.com/courtyard-nft/go-kms-signer
0 reply
0 recast
1 reaction
christopher
@christopher
https://farcaster.xyz/dwr.eth/0xb33b8e12
0 reply
0 recast
0 reaction
Ayann 🎩
@ayann
Yes, it’s possible to store Ethereum or Solana private keys using AWS KMS, but not directly. This is usually done through custom integration. n also the key formats used by Ethereum (secp256k1) and Solana (ed25519) are not natively supported by AWS KMS. whatever, some companies successfully use it in production by implementing custom code and external libraries. coinbase uses a mix of CloudHSM also metamask supports AWS KMS integration for enterprise key storage.
0 reply
0 recast
0 reaction
Corbin Page
@corbin.eth
Ya this is pretty common 👍
0 reply
0 recast
0 reaction
Samuel ツ
@samuellhuber.eth
Cc @payton
0 reply
0 recast
0 reaction
Koolkheart
@koolkheart.eth
Never thought about this or come close, I’ll wait to see what people say and do my research too… when’s your flight?
0 reply
0 recast
0 reaction
Dylan
@elffjs
AWS has a series of blog posts about this. I think this was enough to get us going, though it’s wordy. https://aws.amazon.com/blogs/web3/use-key-management-service-aws-kms-to-securely-manage-ethereum-accounts-part-1/
1 reply
0 recast
0 reaction
Harris
@harris-
I think alloy gives you an AWS signer using this, never used it myself https://github.com/alloy-rs/alloy/tree/main/crates/signer-aws
0 reply
0 recast
0 reaction
Trupty Somaiah 🦉
@trupty
pls don’t kys
1 reply
0 recast
1 reaction
ndx 🐉
@ndx.eth
not your key management service not your keys not your coins but really can prob use KMS or Secrets Manager. SM uses KMS behind the scenes anyway. depends on if you’re talking about a small set of keys for services that need priv keys or if you’re talking managing keys for all users
0 reply
0 recast
0 reaction
Pearleyy
@peepee2
wait 😭😭 did I just read what I read? Or is there another term😭 Also, are you kidding?
0 reply
0 recast
0 reaction
