npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gooddollar/kms-ethereum-signing

v1.0.1

Published

Native Ethereum transaction signing using AWS KMS with secp256k1 support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sirpushsirpushlbwgdlbwgd

Keywords

awskmsethereumblockchainsecp256k1signingcryptocurrency

Readme

KMS Ethereum Signing

Native Ethereum transaction signing using AWS KMS with ECC_SECG_P256K1 (secp256k1) support.

Features

  • Native secp256k1 Support: AWS KMS supports Ethereum's curve natively
  • Secure Signing: Private keys never leave KMS (signing in HSM)
  • Automatic Key Generation: KMS generates Ethereum key pairs automatically
  • Import Existing Keys: Import your existing Ethereum private keys into KMS
  • TypeScript: Clean, type-safe implementation

Quick Start

# Install dependencies
npm install

# Configure AWS credentials
aws configure

# Option 1: Create a new KMS key (KMS generates the key pair)
npm run setup

# Option 2: Import an existing Ethereum private key into KMS
npm run import <PRIVATE_KEY_HEX> [ALIAS_NAME]

# Sign a native ETH transfer
npm run sign -- alias/ethereum-signing-key transfer 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb 0.001 1

# Sign a contract call
npm run sign -- alias/ethereum-signing-key call 0xToken... "transfer(address,uint256)" 0xRecipient... 1000000000000000000

Usage

As a Library

import { createKMSKey, importKMSKey, signTransaction, getEthereumAddress, getPublicKey } from './src/index';

// Option 1: Create a new KMS key (KMS generates the key pair)
const { keyId } = await createKMSKey('my-ethereum-key');

// Option 2: Import an existing Ethereum private key into KMS
const { keyId: importedKeyId } = await importKMSKey(
  '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef',
  'my-imported-key'
);

// Get public key
const publicKey = await getPublicKey(keyId);

// Get Ethereum address
const address = await getEthereumAddress(keyId);

// Sign transaction
const signedTx = await signTransaction(keyId, {
  to: '0x6608BED41902ca642bef6840Ae3Fb94ca76083a8',
  value: '0.00001',
  chainId: 1
});

As CLI

# Setup KMS key (creates new key with alias - KMS generates the key pair)
npm run setup [alias-name]

# Import existing Ethereum private key into KMS
npm run import <PRIVATE_KEY_HEX> [ALIAS_NAME] [TAG_KEY1=TAG_VALUE1] [TAG_KEY2=TAG_VALUE2] ...

# Sign native ETH transfer
npm run sign -- <KEY_ID> transfer <TO_ADDRESS> [VALUE] [CHAIN_ID] [OPTIONS]

# Sign contract call
npm run sign -- <KEY_ID> call <CONTRACT_ADDRESS> "<FUNCTION_SIGNATURE>" [PARAMS...] [OPTIONS]

# Sign message
npm run sign -- <KEY_ID> message "Hello, Ethereum!"

# Get Ethereum address from KMS key
npm run sign -- <KEY_ID> address

# Get public key from KMS key
npm run sign -- <KEY_ID> publickey

# Submit signed transaction to blockchain
npm run submit <SIGNED_TX> [RPC_URL] [CHAIN_ID] [--wait]

# List all KMS keys
npm run list

Examples:

# Create a new key (KMS generates the key pair)
npm run setup my-ethereum-key

# Import an existing private key into KMS
npm run import 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef my-imported-key
# Or without 0x prefix:
npm run import 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef my-imported-key

# Sign a native ETH transfer
npm run sign -- alias/my-ethereum-key transfer 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb 0.001 1

# Sign and submit a transfer in one step
npm run sign -- alias/my-ethereum-key transfer 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb 0.001 1 --submit --wait

# Sign a contract call (ERC20 transfer)
npm run sign -- alias/my-ethereum-key call 0xToken... "transfer(address,uint256)" 0xRecipient... 1000000000000000000

# Sign a contract call with ETH value
npm run sign -- alias/my-ethereum-key call 0xContract... "deposit()" --value 0.1 --chain-id 1

# Sign and submit a contract call
npm run sign -- alias/my-ethereum-key call 0xContract... "approve(address,uint256)" 0xSpender... 1000 --submit --wait

# Sign a message
npm run sign -- alias/my-ethereum-key message "Hello, Ethereum!"

# Get address
npm run sign -- alias/my-ethereum-key address

# Get public key
npm run sign -- alias/my-ethereum-key publickey

# Sign and submit in one command (recommended)
npm run sign -- alias/my-ethereum-key transfer 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb 0.001 1 --submit --wait

# Alternative: Submit a signed transaction separately (two-step process)
# Step 1: Sign the transaction
npm run sign -- alias/my-ethereum-key transfer 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb 0.001 1

# Step 2: Submit the signed transaction
npm run submit 0x02f869... https://eth.llamarpc.com 1 --wait

# Or use chain ID to auto-select RPC (Base Sepolia example)
npm run submit 0x02f869... 84532 --wait

Command Options:

  • --chain-id, -c <ID> - Chain ID (default: 84532 or from env)
  • --rpc-url, -r <URL> - RPC URL for gas estimation
  • --value, -v <AMOUNT> - ETH value to send (in ETH, e.g., 0.1)
  • --nonce, -n <NONCE> - Transaction nonce (auto-fetched if not provided)
  • --gas-limit, -g <LIMIT> - Gas limit (auto-estimated if not provided)
  • --gas-price <PRICE> - Gas price in wei (legacy transactions)
  • --max-fee-per-gas <FEE> - Max fee per gas (EIP-1559)
  • --max-priority-fee-per-gas - Max priority fee per gas (EIP-1559)
  • --submit, -s - Submit transaction after signing
  • --wait, -w - Wait for transaction confirmation (requires --submit)

Environment Variables

Create a .env file in the project root:

AWS_REGION=us-east-1
AWS_ACCOUNT_ID=your_account_id
KMS_KEY_ID=alias/ethereum-signing-key

# Optional: Default RPC URL for transaction submission
RPC_URL=https://eth.llamarpc.com

# Optional: Default chain ID
CHAIN_ID=1

Getting your AWS Account ID:

aws sts get-caller-identity --query Account --output text

How It Works

AWS KMS supports ECC_SECG_P256K1 (secp256k1) - Ethereum's curve! This means:

  1. KMS generates the Ethereum key pair automatically when you create the key, OR
  2. You can import your existing private key into KMS (encrypted with RSA-OAEP)
  3. Private key stays in KMS (never exposed to your application)
  4. Signing happens in HSM (hardware security module)
  5. Most secure approach for Ethereum transaction signing

Importing Existing Keys

When you import an existing private key:

  • The key is encrypted using RSA-OAEP with SHA-256 before being sent to AWS
  • AWS KMS stores the key material in a Hardware Security Module (HSM)
  • The key can be used for signing just like a KMS-generated key
  • You can optionally set an expiration date for the imported key material

Reference:

Prerequisites

  • Node.js 18+
  • AWS Account with KMS access
  • AWS CLI configured (aws configure)
  • IAM Permissions:
    • kms:CreateKey
    • kms:CreateAlias
    • kms:PutKeyPolicy
    • kms:GetParametersForImport (for importing keys)
    • kms:ImportKeyMaterial (for importing keys)
    • kms:Sign
    • kms:GetPublicKey
    • kms:DescribeKey
# Build TypeScript
npm run build

# Clean build artifacts
npm run clean

# Run in development mode
npm run dev