Use Web3Signer with AWS Key Management Service
Web3Signer supports execution layer signing with secp256k1 keys stored in AWS Key Management Service (KMS).
The AWS KMS documentation provides the information you need to get started.
Load keys from AWS KMS
Keys stored in AWS KMS can be loaded into Web3Signer by:
- Using a key configuration file.
- Bulk loading using the
eth1subcommand.
Cache AWS KMS when loading multiple keys
When loading multiple keys from AWS KMS, the AWS client is created each time. You can improve performance by caching and reusing the same AWS KMS for each key that uses the same access key ID and region.
Set the eth1 --aws-connection-cache-size
option to the maximum number of AWS KMS connections to cache.
The default is 1.