KeyManager supports multiple key source types through a provider abstraction pattern. This allows the system to support different key management solutions (raw private keys, GCP KMS, AWS KMS, etc.) without changing the core KeyManager logic.
KeyManager
├── IKeyProvider (interface)
│ ├── RawPrivateKeyProvider (implemented)
│ ├── GcpKmsProvider (future)
│ └── AwsKmsProvider (future)
│
└── Factory Pattern
└── createKeyProvider(config) → IKeyProvider
Base interface that all key providers must implement:
interface IKeyProvider {
getType(): KeyProviderType
initialize(): Promise<void>
getPeerId(): PeerId
getLibp2pPrivateKey(): any
getLibp2pPublicKey(): Uint8Array
getEthAddress(): string
getRawPrivateKeyBytes(): Uint8Array
cleanup?(): Promise<void>
}Defines supported key provider types:
RAW- Raw private key from environment variable
Implementation for raw private keys:
- Loads private key from config
- Derives libp2p keys and peerId
- Derives Ethereum address
- Provides raw private key bytes for EVM signer creation
Creates and initializes the appropriate key provider:
createKeyProvider(config: KeyProviderConfig): Promise<IKeyProvider>Main class that:
- Wraps a key provider
- Manages EVM signer caching
- Provides unified API for key access
import { createKeyProvider } from './components/KeyManager/index.js'
const keyManager = new KeyManager(config)To add a new key provider (e.g., AWS KMS):
- Add to KeyProviderType:
export type KeyProviderType = 'raw' | 'gcp-kms' | 'aws' //new- Create provider class:
export class AwsKmsProvider implements IKeyProvider {
// Implement all interface methods
}- Update factory:
case 'aws'':
provider = new AwsKmsProvider(config)
break- Extensibility: Easy to add new key sources
- Testability: Can mock key providers for testing
- Security: Supports secure key management solutions (KMS)
- Separation of Concerns: Key retrieval logic separated from key usage logic