Use Web3Signer with Azure Key Vault
Web3Signer supports using Azure Key Vault to sign payloads in the following ways:
- Using Azure Key Vault to perform the signing operation. Supports SECP256K1 signing keys only.
- Fetching the keys from Azure Key Vault and signing locally.
Web3Signer supports the following authentication modes:
- Azure Active Directory managed identity:
- System-assigned identities
- User-assigned identities
- Client secret.
The Azure Active Directory managed identity authentication modes can only be used when fetching keys from Azure Key Vault and signing locally with Web3Signer.
Store a private key in Azure Key Vault
- Vault name, which is part of the URL (for example
- Client credentials, which can include:
- Client ID
- Client secret
- Tenant ID
Depending on the authentication mode, not all client credentials are available.
- Key name, which is the name of the secret.
After storing keys, load keys into Web3Signer using a key configuration file, or bulk loading keys.