Use Web3Signer with Azure Key Vault
Web3Signer supports using Azure Key Vault to sign payloads in the following ways:
- Using Azure Key Vault to perform the signing operation. Supports SECP256K1 signing keys only.
- Fetching the keys from Azure Key Vault and signing locally.
Web3Signer supports the following authentication modes:
- Azure Active Directory managed identity:
- System-assigned identities
- User-assigned identities
- Client secret.
The Azure Active Directory managed identity authentication modes can only be used when fetching keys from Azure Key Vault and signing locally with Web3Signer.
Store a private key in Azure Key Vault
Register Web3Signer as an application and add a signing key in Azure Key Vault.
Take note of the following to specify when configuring the signing key configuration file or bulk loading consensus layer signing keys:
Vault name, which is part of the URL (for example
Client credentials, which can include:
- Client ID
- Client secret
- Tenant ID
Depending on the authentication mode, not all client credentials are available.
Key name, which is the name of the secret.