Skip to main content

Backend Wallets

Engine performs blockchain actions using backend wallets that you own and manage.

There are multiple options for securing backend wallets.

Local wallet

A local wallet is a wallet created or imported from a private key. Ensure your private key is backed up before transacting with a local wallet in a production environment.

Local wallets private keys are stored encrypted in Engine's database. For security reasons, private keys cannot be exported.

AWS KMS wallet

An AWS KMS Wallet is a wallet securely stored in your AWS account.

  1. Create an IAM user with programmatic access.
  2. Grant the following KMS permissions to this user.
    • kms:CreateKey
    • kms:GetPublicKey
    • kms:Sign
    • kms:CreateAlias
    • kms:Verify

The IAM user credentials are required by Engine to create, import, and transact with AWS KMS wallets.

KMS key settings

If creating AWS KMS wallets with Engine, skip this step.

To import an existing KMS key, ensure your KMS key is created with the following settings:

  • Key type: Asymmetric
  • Key spec: ECC_SECG_P256K1
  • Key usage: Sign and verify

Google Cloud KMS wallet

  1. Enable Google KMS API for your Google project.
  2. Create a Service Account.
  3. Navigate to IAM & Admin > IAM. Find the service account and select Edit Principal to add the following roles:
    • Cloud KMS Admin
    • Cloud KMS CryptoKey Signer/Verifier
  4. Select the created service account and navigate to the Keys tab.
  5. Select Add Key
  6. Select Create new key
  7. Select JSON to download the JSON file. This file authenticates Google Cloud KMS.
  8. Create a keyring in Google KMS.
    • Optional: Create a key in the keyring or call POST /wallet/create.

Create a wallet

For AWS or Google Cloud KMS wallets, you must provide your credentials.

Call POST /backend-wallet/create or create a wallet from the Engine dashboard page.

Import a wallet

For AWS or Google Cloud KMS wallets, you must provide your credentials.

Call POST /backend-wallet/import or import a wallet from the Engine dashboard page.