oz-keystore
| Crates.io | oz-keystore |
| lib.rs | oz-keystore |
| version | 0.1.4 |
| created_at | 2025-01-20 20:07:49.757357+00 |
| updated_at | 2025-05-01 12:44:26.676854+00 |
| description | A multi-chain keystore library that provides a unified interface for managing private keys. |
| homepage | https://github.com/OpenZeppelin/oz-keystore |
| repository | https://github.com/OpenZeppelin/oz-keystore |
| max_upload_size | |
| id | 1524244 |
| size | 98,017 |
Marcos Carlomagno (MCarlomagno)
documentation
README
Keystore
A multi-chain keystore library that provides a unified interface for managing private keys.
Warning: this is an experimental project under development.
Features
-
Multiple Key Sources
- Local keystore management (JSON keystore files)
- HashiCorp Vault integration (both on-prem vaults and cloud)
-
Chain Support
- Ethereum (EVM) compatible chains
- Stellar/Soroban
- Solana
-
Key Operations
- Generate new keys (local keystore only)
- Load existing keys
- Secure key storage and retrieval
Examples
Check the examples/ directory for complete usage examples:
local-keystore-to-alloy-wallet: Convert keystore to EVM walletlocal-keystore-to-stellar-wallet: Convert keystore to Stellar wallethashicorp-vault-to-alloy-wallet: Convert pk stored in vault to EVM wallethashicorp-vault-to-stellar-wallet: Convert pk stored in vault to Stellar wallethashicorp-vault-to-solana-wallet: Convert pk stored in vault to Solana wallethashicorp-vault-any-secret: Store and retrieve any secret in vault
Local Keystore
The local keystore provides secure storage of private keys in encrypted JSON files on your local filesystem. It supports multiple key types (EVM, Stellar, Solana) and uses industry-standard encryption methods.
Usage
See local-keystore-to-alloy-wallet example for full implementation using alloy.
let dir = "./key";
let password = "password123";
let name = "key.json";
let key = LocalClient::generate(dir, password, name)
Hashicorp Vault
Provides integration with HashiCorp Vault for secure key management. Supports both local Vault instances and HashiCorp Cloud, with the ability to store and retrieve private keys for multiple blockchain networks (EVM, Stellar, Solana).
Getting Started
- Follow Installation Guide
- Open a terminal Run Vault locally
vault server -dev -dev-root-token-id="root"
Usage
See hashicorp-vault-to-alloy-wallet example for full implementation.
let random_key: [u8; 32] = rand::thread_rng().gen();
client.store_secret("my_secret", random_key.to_vec(), KeyType::EVM).await.unwrap();
let secret = client.get_secret("my_secret", KeyType::EVM).await.unwrap().unwrap();
let hex_secret = hex::encode(&secret);
let key_bytes = FixedBytes::from_hex(&hex_secret).unwrap();
let signer = LocalSigner::from_bytes(&key_bytes)
.expect("failed to create signer");
Hashicorp Cloud
Getting Started
- Create a Hashicorp account
- Create new organization
- Go to secrets app and create a new app.
- Create new static secret, the value must be a valid ed25519 secret key, you can generate a random key using https://cyphr.me/ed25519_tool/ed.html
Setup
Create .env file with following entries
HASHICORP_CLIENT_ID=L5...Xa
HASHICORP_CLIENT_SECRET=Q9...2P
HASHICORP_ORG_ID=1b345678-b123-a123-c123-1b345678 # in org settings
HASHICORP_PROJECT_ID=1b345678-b123-a123-c123-1b345678 # in project settings
HASHICORP_APP_NAME=your_app_name
Usage
use keystore::hashicorp::cloud::HashicorpCloudClient;
// Initialize client with your credentials
let client = HashicorpCloudClient::new(
env::var("HASHICORP_CLIENT_ID").unwrap(),
env::var("HASHICORP_CLIENT_SECRET").unwrap(),
env::var("HASHICORP_ORG_ID").unwrap(),
env::var("HASHICORP_PROJECT_ID").unwrap(),
env::var("HASHICORP_APP_NAME").unwrap(),
);
// Fetch a secret
let response = client.get_secret("my_secret_name").await?;
let secret_value = response.secret.static_version.value;