Using EthSigner with Azure Key Vault

EthSigner supports storing the signing key in an Azure Key Vault.

Storing Private Key in Azure Key Vault

Create a SECP256k1 key in the Azure Key Vault and register EthSigner as an application for the key.

Take note of the following to specify when starting EthSigner:

  • Key vault name
  • Key name
  • Key version
  • Client ID
  • File containing client secret for the client ID

Start Pantheon

Start Pantheon with the --rpc-http-port option set to 8590 to avoid conflict with the default EthSigner listening port (8545).

Example

pantheon --network=dev --miner-enabled --miner-coinbase=0xfe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-http-cors-origins="all" --host-whitelist=* --rpc-http-enabled --rpc-http-port=8590 --data-path=/tmp/tmpDatdir

Start EthSigner with Azure Key Vault Signing

Start EthSigner.

Example

ethsigner --chain-id=2018 --downstream-http-port=8590 azure-signer --client-id=<ClientID> --client-secret-path=mypath/mysecretfile --key-name=<KeyName> --key-version=<KeyVersion> --keyvault-name=<KeyVaultName>

Tip

Use the –http-listen-port option to change the EthSigner listening port if 8545 is in use.

You can now use EthSigner to sign transactions with the key stored in the Azure Key Vault.