How-To: Using AWS KMS wallets with the ONINO Smart Contract API

On this page you find a full tutorial on how to perform write operations with the ONINO Smart Contract API using an AWS KMS-managed wallet.

Introduction

To securely perform write operations on the ONINO Smart Contract API, it is essential to use a cryptographic key. This key acts as a wallet to sign transactions and ensure their integrity. Since using a user-managed wallet like MetaMask from a server is not possible, and in order to ensure that you have full control over your private keys, the ONINO Developer Platform's Smart Contract API integrates AWS Key Management Service (KMS) for this purpose.

Why is AWS KMS Necessary?

When interacting with blockchain networks, especially for write operations such as deploying contracts or sending transactions, a wallet is required to sign these actions. This wallet ensures that only authorized users can initiate transactions and that all operations are secure.

AWS KMS provides a secure and managed environment for generating and storing cryptographic keys. By using AWS KMS, you benefit from:

  • High Security: AWS KMS uses hardware security modules to protect your keys.

  • Scalability: Easily scale your key management without worrying about infrastructure.

  • Compliance: Meet regulatory and compliance requirements with managed key policies and audit logs.

In this guide, we will walk you through the steps to grant the ONINO platform access to your AWS KMS key. This setup will allow ONINO to use the key to sign transactions securely on your behalf, enabling write operations in the smart contract API.

Granting ONINO Access to Your AWS KMS Key

To use your AWS KMS key with the ONINO platform, you need to grant access to the ONINO AWS account. Follow these steps:

Step 1: Log in to the AWS Management Console

  1. Open your web browser and navigate to the AWS Management Console.

  2. Enter your AWS credentials and click Sign In.

Step 2: Navigate to the KMS Service

  1. In the AWS Management Console, find the Services menu at the top of the page.

  2. In the search bar, type "KMS" and select Key Management Service (KMS) from the results.

Step 3: Create a New KMS Key or Select an Existing Key

  1. If you need a new key, click Create a key. If you already have a key you want to use, select it from the list.

  2. For new keys, follow the on-screen instructions to configure your key. You can choose symmetric or asymmetric keys based on your needs.

Step 4: Configure the Key

In Step 1 of the key creation process, configure the key as follows:

  • Key type: Asymmetric

  • Key usage: Sign & verify

  • Key spec: ECC_SECG_P256K1

  • Advanced options: Regionality: Multi-region key

Step 5: Name and Describe Your Key

In Step 2 of the key creation process, choose a suitable name for your key. Optionally, add a description and labels to retrieve it more easily later.

Step 6: Skip Administrative Permissions

Skip Step 3 of the key creation process, Define key administrative permissions.

Step 7: Define Key Usage Permissions for the ONINO AWS Account

In Step 4 of the key creation process, Define key usage permissions, you will grant the ONINO AWS account permission to use your key.

  • Under Other AWS accounts, click Add.

  • In the Account ID field, enter 096950949899. This is the official ONINO AWS account ID.

  • Click Save to grant the necessary permissions and thereby allow the ONINO API to use your keys.

Step 8: Review and Finish

  1. Review your settings to ensure everything is correct.

  2. Click Finish to complete the configuration.

Step 9: Connect Your AWS KMS Key with the ONINO Platform

In the ONINO Developer Platform, head to the "Smart Contract API" page using either the proposed features on the landing page or the Sidebar.

Then, click the "Create New API Wallet" button. Name and describe your wallet, and enter the ARN you copied from the AWS Dashboard before.

Done! That's it. In the Smart Contract API page you can see the address of your AWS KMS wallet. You can now create an API key on the same page, and start using the ONINO Smart Contract API to its full extent.

Pro tip: head over to the Contract Manager page - there you can copy & pased ready-to-use code snippets that show you how to interact with the ONINO Smart Contract API in different languages & frameworks.

Notice: Load Your Key with Native Tokens

Ensure that your key has enough native tokens (e.g., ETH on Ethereum) of the network you want to use. These tokens are required to pay for gas fees for smart contract write operations via the ONINO Smart Contract API.

Last updated