Skip to content

Commit

Permalink
refactor(common,cli): kms deployer gets keyId from environment (#2760)
Browse files Browse the repository at this point in the history
Co-authored-by: Kevin Ingersoll <[email protected]>
  • Loading branch information
yonadaa and holic authored Apr 29, 2024
1 parent 3031868 commit e03830e
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 8 deletions.
10 changes: 10 additions & 0 deletions .changeset/quick-lions-rest.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
"@latticexyz/cli": patch
---

The key ID for deploying via KMS signer is now set via an `AWS_KMS_KEY_ID` environment variable to better align with Foundry tooling. To enable KMS signing with this environment variable, use the `--kms` flag.

```diff
-mud deploy --awsKmsKeyId [key ID]
+AWS_KMS_KEY_ID=[key ID] mud deploy --kms
```
2 changes: 1 addition & 1 deletion packages/cli/src/commands/dev-contracts.ts
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ const commandModule: CommandModule<typeof devOptions, InferredOptionTypes<typeof
worldAddress,
srcDir,
salt: "0x",
awsKmsKeyId: undefined,
kms: undefined,
});
worldAddress = deploy.address;
// if there were changes while we were deploying, trigger it again
Expand Down
16 changes: 11 additions & 5 deletions packages/cli/src/runDeploy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ export const deployOptions = {
type: "string",
desc: "The deployment salt to use. Defaults to a random salt.",
},
awsKmsKeyId: {
type: "string",
desc: "Optional AWS KMS key ID. If set, the World is deployed using a KMS signer instead of local private key.",
kms: {
type: "boolean",
desc: "Deploy the World with an AWS KMS key instead of local private key.",
},
} as const satisfies Record<string, Options>;

Expand Down Expand Up @@ -87,8 +87,14 @@ export async function runDeploy(opts: DeployOptions): Promise<WorldDeploy> {
const resolvedConfig = resolveConfig({ config, forgeSourceDir: srcDir, forgeOutDir: outDir });

const account = await (async () => {
if (opts.awsKmsKeyId) {
const keyId = opts.awsKmsKeyId ?? process.env.AWS_KMS_KEY_ID;
if (opts.kms) {
const keyId = process.env.AWS_KMS_KEY_ID;
if (!keyId) {
throw new MUDError(
"Missing `AWS_KMS_KEY_ID` environment variable. This is required when using with `--kms` option.",
);
}

return await kmsKeyToAccount({ keyId });
} else {
const privateKey = process.env.PRIVATE_KEY;
Expand Down
4 changes: 2 additions & 2 deletions packages/common/src/account/kms/getAddressFromKms.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { Address, toHex } from "viem";
import { publicKeyToAddress } from "viem/utils";
import { KMSClient, SignCommandInput } from "@aws-sdk/client-kms";
import { GetPublicKeyCommandInput, KMSClient } from "@aws-sdk/client-kms";
import { getPublicKey } from "./getPublicKey";
// @ts-expect-error Could not find a declaration file for module 'asn1.js'.
import asn1 from "asn1.js";
Expand All @@ -25,7 +25,7 @@ export async function getAddressFromKms({
keyId,
client,
}: {
keyId: SignCommandInput["KeyId"];
keyId: GetPublicKeyCommandInput["KeyId"];
client: KMSClient;
}): Promise<Address> {
const KMSKey = await getPublicKey({ keyId, client });
Expand Down

0 comments on commit e03830e

Please sign in to comment.