Skip to content
/ vault-hd-wallet Public

vault-hd-wallet is a vault plugin that implements the Hierarchical Deterministic wallet (HD wallet).

License

MIT license
7 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cfengliu/vault-hd-wallet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
model
model
 
 
path
path
 
 
policy
policy
 
 
utils
utils
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
swagger.yml
swagger.yml
 
 

Repository files navigation

vault-hd-wallet

vault-hd-wallet is a vault plugin that implements the Hierarchical Deterministic wallet (HD wallet), which support the ethereum mnemonic storage and signing ethereum transaction. The wallet seed and derived key will not be exposed while signing the transaction or creating the account. The mnemonic can be imported to the plugin to restore the account addresses.

Getting Started

The vault server should be installed firstly. If not installed yet, read installation guide.

To learn what is custom plugin and how it works, please read this guide.

To compile this plugin, run the following command. The compiled binary should be placed in vault server's plugin directory.

go build -a -v -i -o hdwallet *.go

Get the SHA256 hash of binary file before registering the plugin:

sha256=$(sha256sum ./hdwallet | cut -d " " -f1) >/dev/null

Register plugin:

vault write sys/plugins/catalog/secret/hdwallet \
        sha_256=$sha256 \
        command="hdwallet"

Enable plugin:

vault secrets enable -plugin-name='hdwallet' plugin

Policy

The plugin policy is depended on your auth management. This repo provides two examples: wallet and accounts. Wallet policy is for admin, which enables user to initialize wallet and all accounts. Accounts policy allows user to get account address and sign a transaction.

Usage

Create a HD wallet

If no mnemonic is provided, the HD wallet will randomly generate one.

POST /hdwallet/wallet

Parameters

Name Type In Description
mnemonic string body The mnemonic could be imported to restore the wallet.
passphrase string body The mnemonic password to protect the wallet.

Code samples

curl --request POST "http://${ip}:${port}/v1/hdwallet/wallet" \
    --header "Authorization: Bearer ${token}" \
    --data-raw '{
        "mnemonic": "move mask pilot rather lion prevent reform mixture valve appear drop soap section pass jelly capital limb produce enough smooth nature cricket elevator jeans",
        "passphrase": ""
    }'

Read wallet

Get wallet seed and master key. This function should be for testing ONLY.

Code samples

curl --request GET "http://${ip}:${port}/v1/hdwallet/wallet" \
    --header "Authorization: Bearer ${token}"

Create an account

The account address is derived from derivation path.

Parameters

Name Type In Description
name string url Rquired. The path of secrets engines where plugin store the account info.
derivationPath string body Rquired. The BIP-44 path for generating the account address.

Code samples

curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}" \
    --header "Authorization: Bearer ${token}" \
    --data-raw '{
        "derivationPath": "m/44'\''/60'\''/0'\''/0/0"
    }'

Get account address

Parameters

Name Type In Description
name string url Rquired. The path of secrets engines where plugin store the account info.

Code samples

curl --request GET "http://${ip}:${port}/v1/hdwallet/accounts/${name}/address" \
    --header "Authorization: Bearer ${token}"

Sign a transaction

To learn signing transaction and its parameters, read this document

Parameters

Name Type In Description
name string url Rquired. The path of secrets engines where plugin store the account info.
address_to string body The destination address for transaction. Leave empty if it is contract creation transaction
amount string body Rquired. The ether send to the destination address (in wei)
nonce string body Rquired. The transaction count of this account
gas_limit string body Rquired. The estimated gas that transaction may consume
gas_price string body Rquired. The price of gas (in wei)
chainID string body Rquired. The ID of etheruem network
data string body The bytecode of contract creation or function call. '0x' prefix is required.

Code samples

curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}/sign-tx" \
        --header "Authorization: Bearer ${token}" \
        --data-raw "{
            \"address_to\": \"\",
            \"amount\": \"100000\",
            \"nonce\": \"2\",
            \"gas_limit\": \"3000000\",
            \"gas_price\": \"1000000000\",
            \"chainID\": \"4\",
            \"data\": \"\"
        }"

Sign data

Generate the signature for the input data

Parameters

Name Type In Description
name string url Rquired. The path of secrets engines where plugin store the account info.
data string body Rquired. The data to be signed. (without \x19Ethereum Signed Message:\n prefix )

Code samples

curl --request POST "http://${ip}:${port}/v1/hdwallet/accounts/${name}/sign" \
    --header "Authorization: Bearer ${token}" \
    --data-raw "{
        \"data\": \"hello world\"
    }"

About

vault-hd-wallet is a vault plugin that implements the Hierarchical Deterministic wallet (HD wallet).

Topics

ethereum hd-wallet mnemonic vault-plugin wallet-seed

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages