Skip to content
You are reading Web3Signer development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Use Web3Signer with Azure Key Vault

Web3Signer supports using Azure Key Vault to sign payloads in the following ways:

  • Using Azure Key Vault to perform the signing operation. Supports SECP256K1 signing keys only.
  • Fetching the keys from Azure Key Vault and signing locally.

Web3Signer supports the following authentication modes:

Important

The Azure Active Directory managed identity authentication modes can only be used when fetching keys from Azure Key Vault and signing locally with Web3Signer.

Store a private key in Azure Key Vault

Register Web3Signer as an application and add a signing key in Azure Key Vault.

Take note of the following to specify when configuring the signing key configuration file or bulk loading consensus layer signing keys:

  • Vault name, which is part of the URL (for example https://<vaultname>.vault.azure.net).
  • Client credentials, which can include:

    • Client ID
    • Client secret
    • Tenant ID

    Note

    Depending on the authentication mode, not all client credentials are available.

  • Key name, which is the name of the secret.

Questions or feedback? You can discuss issues and obtain free support on Web3Signer Discord channel.
For paid professional support by Consensys, contact us at [email protected].