first commit

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+insert_final_newline = true

.eslintignore

@@ -0,0 +1 @@
+dist/

.eslintrc.json

@@ -0,0 +1,6 @@
+{
+  "extends": "./node_modules/gts/",
+  "rules": {
+    "node/no-extraneous-import": "off"
+  }
+}

.gitignore

@@ -0,0 +1,6 @@
+node_modules
+dist
+.nyc_output
+*.tgz
+.vscode
+coverage

.prettierrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+  ...require('gts/.prettierrc.json')
+}

LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2022 DTeam
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,122 @@
+# safe-signer
+
+**If you need a wallet or singer in your backend server, this project is for you.**
+
+It aims to create an [ethers.Signer](https://docs.ethers.org/v5/api/signer/#Signer) from third party secret storages. Currently, it supports:
+
+- Private key
+  - This is only for testing purposes, not recommend in production environments.
+- Environment variables
+- AWS Secrets Manager
+- AWS Key Management Service (KMS)
+- Hashicorp Vault
+
+NOTE:
+
+> Currently it supports `ethers@^5` only.
+
+## How to use
+
+### Install
+
+Node >= 16.
+
+```sh
+npm i @dteam/safe-signer
+```
+
+### Import
+
+Javascript:
+
+```js
+const SafeSigner = require('@dteam/safe-signer');
+```
+
+Typescript:
+
+```ts
+import SafeSigner from '@dteam/safe-signer';
+```
+
+### Examples
+
+1. `fromPrivateKey` will return a Wallet.
+
+```ts
+const privateKeyWallet = await SafeSigner.fromPrivateKey('YOUR_PRIVATE_KEY');
+```
+
+2. `fromEnv` will return a Wallet.
+
+```ts
+const envWallet = await SafeSigner.fromEnv('ENV_VAR_FOR_PRIVATE_KEY');
+```
+
+3. `fromAwsSecretsManager` will return a Wallet.
+
+```ts
+const awsSecretsManagerWallet = await SafeSigner.fromAwsSecretsManager(
+  {
+    SecretId: 'FULL_ARN_FOR_SECRET',
+    SecretKeyName: 'KEY_NAME_STORED_PRIVATE_KEY',
+  },
+  {
+    credentials: {
+      accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
+      secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
+    },
+    region: 'YOUR_REGION',
+  }
+);
+```
+
+4. `fromHashicorpVault` will return a Wallet.
+
+```ts
+const hashicorpVaultWallet = await SafeSigner.fromHashicorpVault(
+  {
+    // you can set to your own vault server
+    // baseUrl: 'http://127.0.0.1:8200/v1',
+    rootPath: 'secret',
+    timeout: 6000,
+    secretName: 'wallet-secret',
+    secretKey: 'privateKey',
+  },
+  // login method can be any of the following:
+  // {token: 'plaintext-token'}
+  // {appRole: {roleId: 'roleId', secretId: 'secretId'}}
+  // {cert: {certName: 'certName'}}
+  // {k8s: {role: 'role', jwt: 'jwt'}}
+  // {ldap: {username: 'user', password: 'password'}}
+  // {userpass: {username: 'user', password: 'password'}}
+  {token: 'vault-plaintext-token'},
+  {secretName: 'wallet-secret', secretKey: 'privateKey'}
+);
+```
+
+5. `fromAwsKms` will return a Signer because you can't get the raw private key from AWS KMS.
+
+```ts
+const awsKmsSigner = await SafeSigner.fromAwsKms('YOUR_AWS_KMS_KEY_ARN', {
+  credentials: {
+    accessKeyId: 'YOUR_AWS_ACCESS_KEY_ID',
+    secretAccessKey: 'YOUR_AWS_SECRET_ACCESS_KEY',
+  },
+  region: 'YOUR_REGION',
+});
+```
+
+## How to build
+
+Requirements:
+
+- Node >= 16
+- [docker](https://docs.docker.com/engine/install/) / [podman](https://podman.io/getting-started/installation) (required for testing)
+- [docker-compose](https://docs.docker.com/compose/) (required for testing)
+
+```sh
+npm ci
+npm run build
+npm test
+```

compose.yaml

@@ -0,0 +1,17 @@
+services:
+  vault:
+    image: hashicorp/vault
+    ports:
+      - "8200:8200"
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:8200"
+      VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token"
+    cap_add:
+      - IPC_LOCK
+
+  localstack:
+    image: localstack/localstack
+    ports:
+      - "4566:4566"
+    environment:
+      SERVICES: secretsmanager,kms