Store signing keys
YubiHSM 2 and USB Armory Mk II deprecation notice
Web3Signer has deprecated private key storage support on USB Armory Mk II and YubiHSM 2, and will remove it in a future release.
If you need this feature, consider maintaining a fork and submitting pull requests. Alternatively, you can use an older Web3Signer version that supports these storage mechanisms.
Web3Signer supports BLS12-381 (Eth2) or secp256k1 (Eth1) signing keys stored in the following ways:
| Key storage | SECP256K1 | BLS |
|---|---|---|
| Raw files | x | x |
| Keystore files | x | x |
| Vaults | ||
| Hashicorp Vault | x | x |
| Azure Key Vault | x | x |
| AWS Secrets Manager | x | |
| AWS KMS | x | |
| GCP Secret Manager | x | |
| Hardware Security Modules (HSMs) | ||
| YubiHSM 2 | x | x |
| USB Armory Mk II | x | x |
Web3Signer supports Eth1 signing from HSMs and vaults, but must load private keys into memory for Eth2 signing.
Follow best practices when storing private keys.
After storing keys, load keys into Web3Signer.