Support for Ephemeral Private Key Fetching from Secure Storage

[gruvin]

Describe the Feature

Feature Request: Support for Ephemeral Private Key Fetching from Secure Storage

.. via supplied callback function or plugin.

Summary

Currently, ethers.js requires a private key to be passed into the Wallet instance directly, storing it in plaintext memory for the duration of the wallet’s lifecycle. This approach limits security options for applications with high-security requirements, such as those running in server environments or handling sensitive financial data. I am requesting a feature to allow the Wallet instance to dynamically fetch the private key on-demand from secure storage (e.g., macOS Keychain, AWS CloudHSM, Azure Key Vault) using an external callback or plugin mechanism.

Problem Statement

ethers.js places private key management solely on external developers, which is perfectly reasonable but it does not provide any mechanism to integrate secure storage solutions into its signing workflow. This leads to:

1. Persistent storage of private keys in memory within Wallet instances.
2. Challenges in achieving high-security standards, as keys cannot be fetched dynamically and disposed of immediately after use.
3. Increased risk of key exposure in long-lived applications, which must otherwise clear memory after each transaction.

Proposed Solution

Introduce support for an optional callback or plugin mechanism in the Wallet class to fetch the private key on-demand. This feature would allow developers to configure secure storage retrieval with ephemeral access, aligning with best practices in private key management.

• Callback Example: A configuration option within Wallet that accepts a callback function. This function would fetch the key from secure storage just before a signing operation and immediately discard it afterward.

const wallet = new ethers.Wallet({
    fetchPrivateKey: async () => await keytar.getPassword("myApp", "myAccount")
}, provider);

• Plugin Example: Provide a plugin interface for third-party secure storage integrations that Wallet could query as needed for signing, supporting hardware or software-based secure modules.

This would allow a private key to be retrieved, used for a single signing event and then discarded from memory.

Expected Benefits

1. Enhanced Security: Minimizes in-memory exposure of private keys by only loading them temporarily during signing operations.
2. Integration with Secure Storage: Allows applications to utilize secure storage services (Keychain, HSMs) without exposing keys within the application memory space.
3. Flexibility: Enables more secure implementations for high-stakes applications, aligning ethers.js with modern security practices.

Alternatives

Some alternatives include using hardware wallets or wrapping the Wallet class with ephemeral instantiation for each transaction, but these are less efficient and add significant complexity for high-security applications which need direct access for signing purposes.

Additional Context

This request aligns with an ongoing interest from ethers.js users, such as discussions around AWS CloudHSM support (AWS CloudHSM Discussion) and queries on private key management best practices (Private Key Storage Discussion).

Code Example

const wallet = new ethers.Wallet({
    fetchPrivateKey: async () => await keytar.getPassword("myApp", "myAccount")
}, provider);