Store signing keys
Web3Signer supports BLS12-381 (Eth2) or secp256k1 (Eth1) signing keys stored in the following ways:
| Key storage | SECP256K1 | BLS |
|---|---|---|
| Raw files | x | x |
| Keystore files | x | x |
| Vaults | ||
| Hashicorp Vault | x | x |
| Azure Key Vault | x | x |
| AWS Secrets Manager | x | |
| AWS KMS | x | |
| GCP Secret Manager | x | |
| Hardware Security Modules (HSMs) | ||
| YubiHSM 2 | x | x |
| USB Armory Mk II | x | x |
Web3Signer supports Eth1 signing from HSMs and vaults, but must load private keys into memory for Eth2 signing.
Follow best practices when storing private keys.
After storing keys, load keys into Web3Signer.