This collection of tutorials demonstrates how to sign Hedera Hashgraph transactions using keys stored in various cloud-based Key Management Services (KMS) and Hardware Security Modules (HSMs). These examples show how to integrate Hedera with popular cloud providers to ensure that your private keys are never exposed in your application environment.Documentation Index
Fetch the complete documentation index at: https://hedera-0c6e0218-mintlify-enhance-hollow-account-docs-97196.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
How it Works
The general workflow for each solution is as follows:- Key Generation: An asymmetric key is created and stored in the respective KMS/HSM service.
- Public Key Retrieval: The public key corresponding to the stored private key is fetched from the KMS.
- Hedera Account Creation: A new Hedera account is created and associated with the retrieved public key.
- Transaction Signing: A custom signer function is implemented that sends transaction bytes to the KMS/HSM for signing. The Hedera SDK is configured to use this custom signer.
- Transaction Execution: Transactions are executed on the Hedera network using the client configured with the custom signer.
General Prerequisites
Before you begin, ensure you have the following:- A Hedera Testnet account. If you don’t have one, you can register at the Hedera Developer Portal.
- Node.js (version 18.0.0 or higher).
- Cloud-specific CLI tools and accounts as detailed in the provider-specific sections.
Provider Examples
AWS KMS
Sign transactions using an asymmetric key stored in AWS Key Management Service.
Azure Key Vault
Utilize an HSM-backed secp256k1 key in Azure Key Vault (Premium SKU) for signing.
Google Cloud HSM
Sign transactions with a Google Cloud HSM-backed secp256k1 key.