Use Web3Signer with AWS Key Management Service

Web3Signer supports execution layer signing with secp256k1 keys stored in AWS Key Management Service (KMS).

The AWS KMS documentation provides the information you need to get started.

Load keys from AWS KMS

Keys stored in AWS KMS can be loaded into Web3Signer by:

Using a key configuration file.
Bulk loading using the eth1 subcommand.

When loading multiple keys from AWS KMS, the AWS client is created each time. You can improve performance by caching and reusing the same AWS KMS for each key that uses the same access key ID and region.

Set the eth1 --aws-connection-cache-size option to the maximum number of AWS KMS connections to cache. The default is 1.

Use Web3Signer with AWS Key Management Service

Load keys from AWS KMS​

Cache AWS KMS when loading multiple keys​

Load keys from AWS KMS

Cache AWS KMS when loading multiple keys