fhevm/kms-connector at main · naxfing250/fhevm

Name	Name	Last commit message	Last commit date
parent directory ..
.cargo	.cargo
.sqlx	.sqlx
config	config
connector-db	connector-db
crates	crates
docs	docs
tests	tests
.dockerignore	.dockerignore
.gitignore	.gitignore
Cargo.lock	Cargo.lock
Cargo.toml	Cargo.toml
README.md	README.md
rust-toolchain.toml	rust-toolchain.toml

Introduction

KMS Connector connects the KMS Core with the FHEVM Gateway smart contracts.

Main features

Forward requests coming from the Gateway to the KMS Core
Forward responses coming from the KMS Core to the Gateway via transaction
The KMS Connector is composed of three Rust micro-services:
- GatewayListener: listens and stores the Gateway events into a database
- KmsWorker: forwards requests from a database to the KMS Core, and stores responses into the database
- TransactionSender: sends the responses from the database to the Gateway via transactions

Introduction
Main features
Getting Started
Configuration
Architecture
Support

Getting Started

All services consist of a single binary. The service can be started via its start subcommand, with or without a config file (but environment variables would then need to be used instead):

./gw-listener start --config config/gw-listener.toml

KMS_CONNECTOR_DATABASE_URL="postgres://postgres:postgres@localhost" ./gw-listener start

Configuration

The KMS Connector supports flexible configuration through both TOML files and environment variables. You can use either method or combine them, with environment variables taking precedence over file-based configuration.

See the configuration examples for each service, which document all the fields of the configuration with the associated environment variable, as well as its default value.

Configuration Precedence

The configuration values are loaded in the following order, with later sources overriding earlier ones:

Default values (lowest priority)
TOML config file (if provided)
Environment variables (highest priority)

S3 Configuration

The KMS Connector retrieves ciphertexts from S3-compatible storage. The connector relies on the S3 URLs provided by the Gateway's events being properly formatted. If no URLs are provided, it will fall back to the optional S3 configured values.

Wallet Configuration

The KMS Connector supports two methods for configuring the wallet used for signing decryption responses:

Private key directly as a hex string
AWS KMS Wallet

The connector will attempt to initialize the wallet in the following order:

Private key string (if provided)
AWS KMS configuration (if provided)

At least one of these two options must be provided.

Security Considerations

Private keys provided as strings are supported for development purposes, but should not be used in production. These keys should be handled with extreme caution to avoid exposure

Architecture

See the architecture documentation for more detail.

Support

🌟 If you find this project helpful or interesting, please consider giving it a star on GitHub! Your support helps to grow the community and motivates further development.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

Introduction

Main features

Table of Contents

Getting Started