From c74a66474169d16a2ed4b7fd9046984d4ceabc3f Mon Sep 17 00:00:00 2001 From: yonada Date: Thu, 25 Apr 2024 14:21:37 +0100 Subject: [PATCH] feat(cli): deploy with kms (#2704) Co-authored-by: Kevin Ingersoll --- .changeset/early-teachers-greet.md | 5 +++++ packages/cli/package.json | 2 ++ packages/cli/src/commands/dev-contracts.ts | 1 + packages/cli/src/runDeploy.ts | 10 +++++++++- packages/common/src/account/kms/kmsKeyToAccount.ts | 1 - pnpm-lock.yaml | 6 ++++++ 6 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 .changeset/early-teachers-greet.md diff --git a/.changeset/early-teachers-greet.md b/.changeset/early-teachers-greet.md new file mode 100644 index 0000000000..816f97716b --- /dev/null +++ b/.changeset/early-teachers-greet.md @@ -0,0 +1,5 @@ +--- +"@latticexyz/cli": patch +--- + +Added a `--awsKmsKeyId` flag to `mud deploy` that deploys the world using an AWS KMS key as a transaction signer. diff --git a/packages/cli/package.json b/packages/cli/package.json index b98fcfafd8..768b8401d6 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -30,6 +30,7 @@ "test:ci": "pnpm run test" }, "dependencies": { + "@aws-sdk/client-kms": "^3.556.0", "@ethersproject/abi": "^5.7.0", "@ethersproject/providers": "^5.7.2", "@improbable-eng/grpc-web": "^0.15.0", @@ -45,6 +46,7 @@ "@latticexyz/utils": "workspace:*", "@latticexyz/world": "workspace:*", "@latticexyz/world-modules": "workspace:*", + "asn1.js": "^5.4.1", "chalk": "^5.0.1", "chokidar": "^3.5.3", "debug": "^4.3.4", diff --git a/packages/cli/src/commands/dev-contracts.ts b/packages/cli/src/commands/dev-contracts.ts index 025622aaa4..a0b65ce1f7 100644 --- a/packages/cli/src/commands/dev-contracts.ts +++ b/packages/cli/src/commands/dev-contracts.ts @@ -92,6 +92,7 @@ const commandModule: CommandModule; export type DeployOptions = InferredOptionTypes; @@ -90,6 +95,9 @@ in your contracts directory to use the default anvil private key.`, const resolvedConfig = resolveConfig({ config, forgeSourceDir: srcDir, forgeOutDir: outDir }); + const keyId = opts.awsKmsKeyId ?? process.env.AWS_KMS_KEY_ID; + const account = keyId ? await kmsKeyToAccount({ keyId }) : privateKeyToAccount(privateKey); + const client = createWalletClient({ transport: http(rpc, { batch: opts.rpcBatch @@ -99,7 +107,7 @@ in your contracts directory to use the default anvil private key.`, } : undefined, }), - account: privateKeyToAccount(privateKey), + account, }); console.log("Deploying from", client.account.address); diff --git a/packages/common/src/account/kms/kmsKeyToAccount.ts b/packages/common/src/account/kms/kmsKeyToAccount.ts index c9f82ff00a..e0d43d150a 100644 --- a/packages/common/src/account/kms/kmsKeyToAccount.ts +++ b/packages/common/src/account/kms/kmsKeyToAccount.ts @@ -18,7 +18,6 @@ export type KmsAccount = LocalAccount<"aws-kms"> & { * * @returns A Local Account. */ - export async function kmsKeyToAccount({ keyId, client = new KMSClient(), diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 155d6f99e6..aa28ea8adf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -130,6 +130,9 @@ importers: packages/cli: dependencies: + '@aws-sdk/client-kms': + specifier: ^3.556.0 + version: 3.556.0 '@ethersproject/abi': specifier: ^5.7.0 version: 5.7.0 @@ -175,6 +178,9 @@ importers: '@latticexyz/world-modules': specifier: workspace:* version: link:../world-modules + asn1.js: + specifier: ^5.4.1 + version: 5.4.1 chalk: specifier: ^5.0.1 version: 5.2.0