Document bulk loading secp keys in AWS for eth1 mode

Question

Document bulk loading secp keys in AWS for eth1 mode

alexandratran opened this issue 9 months ago · comments

Alexandra Tran Carrillo commented 9 months ago

Document bulk loading secp keys in AWS for eth1 mode. New CLI options:

--aws-kms-enabled
--aws-kms-auth-mode
--aws-kms-access-key-id
--aws-kms-secret-access-key
--aws-kms-region
--aws-endpoint-override
--aws-kms-tag-names-filter
--aws-kms-tag-values-filter
--aws-connection-cache-size

See Consensys/web3signer#889 for more information.

MadelineMurray · Answer 1 · Wed Nov 29 2023 13:30:53 GMT+0800 (China Standard Time)

Have added options and am waiting for some guidance from @usmansaleem on the following:

The Azure Key Vault docs for Web3Signer indicate:
Register Web3Signer as an application by authenticating to Azure Key Vault
Add signing key in Azure Key Vault
Set of values to take note of to use in Web3Signer

I’m not sure how to map this exactly to AWS KMS but my best guesses are:
Register Web3Signer as an application by authenticating to AWS KMS
Create key policy for the signing key
Take note of the following to use in Web3Signer: AWS Access Key ID and AWS KMS secret access key.

If you could let me know what I’ve got wrong, or needs adding to my AWS KMS guesses, that’d be great thank you.