### Install viem-kms-signer Source: https://github.com/jackchuma/viem-kms-signer/blob/main/README.md Installs the viem-kms-signer package using npm. This is the initial step before using the library in your project. ```sh npm i viem-kms-signer ``` -------------------------------- ### Get Viem Account from KmsSigner Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Obtains a Viem LocalAccount instance from the KmsSigner. This account is configured to use AWS KMS for all signing operations and can be directly used with Viem clients. ```typescript import { KmsSigner } from 'viem-kms-signer'; import { createWalletClient, http } from 'viem'; import { mainnet } from 'viem/chains'; const kmsCredentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); const client = createWalletClient({ account, chain: mainnet, transport: http() }); // Account address derived from KMS public key console.log('Account address:', account.address); // Output: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb ``` -------------------------------- ### Initialize KmsSigner with AWS Credentials Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Creates a KmsSigner instance using provided AWS credentials and KMS key information. This is the primary entry point for utilizing the library's signing capabilities. ```typescript import { KmsSigner } from 'viem-kms-signer'; const kmsCredentials = { accessKeyId: 'AKIAIOSFODNN7EXAMPLE', secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' }; const signer = new KmsSigner(kmsCredentials); ``` -------------------------------- ### Initialize KmsSigner with AWS KMS Credentials Source: https://github.com/jackchuma/viem-kms-signer/blob/main/README.md Demonstrates how to initialize the KmsSigner using AWS KMS credentials including access key ID, secret access key, region, and KMS key ID. This signer can then be used to obtain a Viem account instance. ```typescript import { KmsSigner } from 'viem-kms-signer'; const kmsCredentials = { accessKeyId: 'AKIAxxxxxxxxxxxxxxxx', // credentials for your IAM user with KMS access secretAccessKey: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', // credentials for your IAM user with KMS access region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/123a1234-1234-4111-a1ab-a1abc1a12b12', }; const signer = new KmsSigner(kmsCredentials); // Returns a custom viem account instance const account = await signer.getAccount(); ``` -------------------------------- ### Complete KMS Signing Workflow with Viem in TypeScript Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt This snippet demonstrates a full Ethereum interaction workflow using the viem-kms-signer for secure signing via AWS KMS, integrated with Viem's public and wallet clients. It requires AWS credentials in environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, KMS_KEY_ID) and depends on viem and viem-kms-signer libraries. Inputs include recipient address and amount; outputs are console logs of balance, transaction hash, confirmation details, and error handling for insufficient funds or other issues. Limitations include dependency on AWS KMS availability and mainnet configuration. ```typescript import { KmsSigner } from 'viem-kms-signer'; import { createPublicClient, createWalletClient, http, parseEther, formatEther } from 'viem'; import { mainnet } from 'viem/chains'; const kmsCredentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, region: 'us-east-1', keyId: process.env.KMS_KEY_ID }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); const publicClient = createPublicClient({ chain: mainnet, transport: http() }); const walletClient = createWalletClient({ account, chain: mainnet, transport: http() }); try { // Check balance const balance = await publicClient.getBalance({ address: account.address }); console.log('Balance:', formatEther(balance), 'ETH'); // Prepare transaction const recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; const amount = parseEther('0.1'); // Get current gas price const gasPrice = await publicClient.getGasPrice(); // Send transaction const hash = await walletClient.sendTransaction({ to: recipient, value: amount, gas: 21000n, gasPrice }); console.log('Transaction sent:', hash); // Wait for confirmation const receipt = await publicClient.waitForTransactionReceipt({ hash }); console.log('Transaction confirmed in block:', receipt.blockNumber); console.log('Status:', receipt.status === 'success' ? 'Success' : 'Failed'); console.log('Gas used:', receipt.gasUsed.toString()); } catch (error) { if (error.message.includes('insufficient funds')) { console.error('Insufficient balance for transaction'); } else { console.error('Transaction error:', error); } } ``` -------------------------------- ### Use Viem KMS Signer with Temporary AWS Credentials Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Configures viem-kms-signer with temporary AWS credentials obtained from STS (Security Token Service) for enhanced security and temporary access patterns. This method is recommended for production environments. ```typescript import { KmsSigner } from 'viem-kms-signer'; import { STSClient, AssumeRoleCommand } from '@aws-sdk/client-sts'; // Assume role to get temporary credentials const stsClient = new STSClient({ region: 'us-east-1' }); const assumeRoleCommand = new AssumeRoleCommand({ RoleArn: 'arn:aws:iam::123456789012:role/EthereumSignerRole', RoleSessionName: 'ethereum-signing-session' }); const { Credentials } = await stsClient.send(assumeRoleCommand); const kmsCredentials = { accessKeyId: Credentials.AccessKeyId, secretAccessKey: Credentials.SecretAccessKey, sessionToken: Credentials.SessionToken, region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); console.log('Temporary credential account:', account.address); // Session credentials automatically expire based on STS configuration ``` -------------------------------- ### Sign and Send Ethereum Transaction with KmsSigner Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Signs and sends an Ethereum transaction using a KMS-backed account obtained from KmsSigner. The account's signTransaction method handles the serialization and cryptographic signing via AWS KMS. ```typescript import { KmsSigner } from 'viem-kms-signer'; import { createWalletClient, http, parseEther } from 'viem'; import { sepolia } from 'viem/chains'; const kmsCredentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, region: 'eu-west-1', keyId: 'arn:aws:kms:eu-west-1:123456789012:key/abcd1234-ab12-cd34-ef56-123456789012' }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); const client = createWalletClient({ account, chain: sepolia, transport: http() }); const transaction = { to: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', value: parseEther('0.01'), gas: 21000n, maxFeePerGas: parseEther('0.00000002'), maxPriorityFeePerGas: parseEther('0.000000001'), nonce: 5 }; try { const hash = await client.sendTransaction(transaction); console.log('Transaction hash:', hash); // Output: 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef } catch (error) { console.error('Transaction failed:', error); } ``` -------------------------------- ### Sign Message with Viem KMS Signer Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Signs arbitrary messages using the EIP-191 personal sign format with viem-kms-signer. The signature can be verified on-chain or off-chain. It requires AWS KMS credentials and the 'viem' library for verification. ```typescript import { KmsSigner } from 'viem-kms-signer'; import { verifyMessage } from 'viem'; const kmsCredentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); const message = 'Welcome to MyDApp. Sign this message to authenticate.'; try { const signature = await account.signMessage({ message }); console.log('Signature:', signature); // Output: 0x1234...abcd (132 character hex string) // Verify the signature const isValid = await verifyMessage({ address: account.address, message, signature }); console.log('Signature valid:', isValid); // Output: true } catch (error) { console.error('Message signing failed:', error); } ``` -------------------------------- ### Retrieve Ethereum Address from KmsSigner Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Fetches the Ethereum address associated with the KMS public key. The address is cached after the first retrieval to optimize performance by avoiding repeated KMS API calls. ```typescript import { KmsSigner } from 'viem-kms-signer'; const kmsCredentials = { region: 'us-west-2', keyId: 'alias/ethereum-signing-key', accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY }; const signer = new KmsSigner(kmsCredentials); try { const address = await signer.getAddress(); console.log('Ethereum Address:', address); // Output: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb // Subsequent calls return cached value without KMS API call const cachedAddress = await signer.getAddress(); } catch (error) { console.error('Failed to retrieve address:', error); } ``` -------------------------------- ### Sign Typed Data (EIP-712) with Viem KMS Signer Source: https://context7.com/jackchuma/viem-kms-signer/llms.txt Signs structured data according to the EIP-712 specification using viem-kms-signer. This is commonly used for permit functions and meta-transactions. It requires AWS KMS credentials. ```typescript import { KmsSigner } from 'viem-kms-signer'; const kmsCredentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, region: 'us-east-1', keyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' }; const signer = new KmsSigner(kmsCredentials); const account = await signer.getAccount(); const domain = { name: 'MyToken', version: '1', chainId: 1, verifyingContract: '0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC' }; const types = { Permit: [ { name: 'owner', type: 'address' }, { name: 'spender', type: 'address' }, { name: 'value', type: 'uint256' }, { name: 'nonce', type: 'uint256' }, { name: 'deadline', type: 'uint256' } ] }; const message = { owner: account.address, spender: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', value: BigInt('1000000000000000000'), nonce: 0, deadline: BigInt(Math.floor(Date.now() / 1000) + 3600) }; try { const signature = await account.signTypedData({ domain, types, primaryType: 'Permit', message }); console.log('EIP-712 Signature:', signature); // Output: 0xabcd...1234 (132 character hex string) } catch (error) { console.error('Typed data signing failed:', error); } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.