Backend Wallets
Engine performs blockchain actions using backend wallets that you own and manage.
There are multiple options for securing backend wallets.
Local wallet
A local wallet is a wallet created or imported from a private key. Ensure your private key is backed up before transacting with a local wallet in a production environment.
Local wallets private keys are stored encrypted in Engine's database. For security reasons, private keys cannot be exported.
AWS KMS wallet
An AWS KMS Wallet is a wallet securely stored in your AWS account.
- Create an IAM user with programmatic access.
- Grant the following KMS permissions to this user.
kms:CreateKey
kms:GetPublicKey
kms:Sign
kms:CreateAlias
kms:Verify
The IAM user credentials are required by Engine to create, import, and transact with AWS KMS wallets.
KMS key settings
If creating AWS KMS wallets with Engine, skip this step.
To import an existing KMS key, ensure your KMS key is created with the following settings:
- Key type:
Asymmetric
- Key spec:
ECC_SECG_P256K1
- Key usage:
Sign and verify
Google Cloud KMS wallet
- Enable Google KMS API for your Google project.
- Create a Service Account.
- Navigate to IAM & Admin > IAM. Find the service account and select Edit Principal to add the following roles:
- Cloud KMS Admin
- Cloud KMS CryptoKey Signer/Verifier
- Select the created service account and navigate to the Keys tab.
- Select Add Key
- Select Create new key
- Select JSON to download the JSON file. This file authenticates Google Cloud KMS.
- Create a keyring in Google KMS.
- Optional: Create a key in the keyring or call
POST /wallet/create
.
- Optional: Create a key in the keyring or call
Create a wallet
For AWS or Google Cloud KMS wallets, you must provide your credentials.
Call POST /backend-wallet/create
or create a wallet from the Engine dashboard page.
Import a wallet
For AWS or Google Cloud KMS wallets, you must provide your credentials.
Call POST /backend-wallet/import
or import a wallet from the Engine dashboard page.
List wallets
Backend wallets are listed in the Backend Wallets table on the Engine dashboard page.
Or call GET /backend-wallet/get-all
to list all backend wallets.
Best practices
- It is recommend to use AWS or Google Cloud KMS wallets for production use. Private keys are not exposed and the wallet is backed up securely by the cloud provider.
- Use labels and multiple backend wallets to organize and track usage.
- Example: Use one wallet to pay out creators on your platform and another to airdrop NFTs to users.
- If your wallets require topping up gas or ERC20 tokens regularly, consider a separate "funds storage" backend wallet that transfers funds to other wallets via the dashboard UI or API.