GoogleKmsSigner is an ethers.js- and sequence.js-compatible signer using Google Cloud Key Management Service keys
- create project or use existing one
- create key ring or use existing one
- create key
- protection level: hsm
- key material: hsm-generated
- purpose: asymmetric sign
- algorithm: elliptic curve secp256k1 - sha256 digest
- install gcloud cli
gcloud auth application-default login
- authenticate
these instructions assume pnpm, please refer to docs if you use something else
pnpm add @0xsequence/google-kms-signer
create a signer:
import { GoogleKmsSigner } from '@0xsequence/google-kms-signer'
const signer = new GoogleKmsSigner({
project: 'my-project',
location: 'my-location',
keyRing: 'my-key-ring',
cryptoKey: 'my-crypto-key',
cryptoKeyVersion: 'my-crypto-key-version'
get your signer's address:
const address = await signer.getAddress()
sign a message:
const message = 'hello world'
const signature = await signer.signMessage(message)
console.log(`${ethers.utils.verifyMessage(message, signature)} = ${address}`)
send a transaction:
const provider = new ethers.providers.JsonRpcProvider('')
const connectedSigner = signer.connect(provider)
const response = await connectedSigner.sendTransaction({
to: 'destination address',
value: 123
const receipt = await response.wait()
sign for a sequence wallet:
import { Session } from '@0xsequence/auth'
import { isValidMessageSignature } from '@0xsequence/provider'
const session = await Session.singleSigner({
projectAccessKey: 'my-project-access-key'
const message = ethers.utils.toUtf8Bytes('hello world')
const signature = await session.account.signMessage(message, chainId, 'eip6492')
console.log(isValidMessageSignature(session.account.address, message, signature, provider))
cp .env.sample .env
edit the .env file, then:
pnpm test