Hello Community.
I have a little project that involves sending transaction to the blockchain and will be hosted on Web Hosting Servers. Private Key will be needed for this transaction.
How can the private key be hidden from the eyes of the public or even the web hosting administrators/company?
Code Snippet below:
const privKey = ''
let wallet = new ethers.Wallet(privKey, provider)
//a(wallet.address)
//create tx object
const tx = {
to: addressTo,
value: ethers.utils.parseEther('0.006')
}
//sign and send tx, wait for receipt
const createReceipt = await wallet.sendTransaction(tx)
await createReceipt.wait()
a(`Transaction successful with hash: ${createReceipt.hash}`)
}
Still waiting for some response.
Thanks.
You have to make sure that the transaction signing is executed using a backend/server process, not the frontend/javascript and then it fully depends on which hosting provider you use and what you use for the backend.
If you're hosting on Microsoft Azure you would use the Key Vault on AWS you would probably want to use the AWS Key Management Service.
2 Likes
Thanks for the response.
The transaction will be signed on the backend. It is like a relay account.
Assuming, the hosting will be on shared hosting provider, cpanel etal, how can the security of the keys be mitigated?
I'm not familiar with cpanel, its been decades since i last used that and back then they did not have a system in-place for securing keys, which meant storing a private key outside of the www root and then using that key in the backend code. Which does leave you open to a breach if someone gainst access to the filesystem
1 Like
Alright. Thanks for the insight.