TABLE OF CONTENTS
What is KMS?
KMS is a custodial solution to control your application’s end-users private keys and wallet mnemonics. Blockchain transactions are signed locally, and sensitive data is not sent over the Internet.
With KMS, you can build and scale custodial apps, provide the highest level of security for your users, and allow them to use blockchain technology without having to deal with private keys and mnemonics. End-users can just log in to your app with their credentials, and KMS takes care of the rest.
Additional information starting at 22:15 on the following video:
What does KMS do?
- KMS keeps mnemonics and private keys safe.
- KMS periodically pulls pending transactions to sign from Tatum Cloud, signs them locally using stored private keys, and broadcasts them to the blockchain.
Tatum KMS on Github.
KMS Use cases
KMS can be used to securely sign any transaction with a signatureId instead of a privateKey or mnemonic.
- deploy NFT smart contracts
- mint NFTs
- transfer ERC-20, ERC-721, and ERC-1155 tokens
- get a list of pending transactions to sign
- complete pending transactions to sign
- delete transactions waiting to be signed
- any other transaction that requires a private key or mnemonic to be signed
To learn more about how to utilize KMS, check the following link. The KMS list of API endpoints is available at the following link.
How does KMS work?
KMS runs locally on your server and provides security for generating wallets, addresses, private keys, and signing transactions securely. KMS stores all your mnemonics and private keys in a wallet storage file. This storage file is an AEC encrypted file, for which only you know the encryption key.
Every wallet stored inside your KMS instance has a unique identifier, called signatureId. This signatureId is used in communication with Tatum API and represents the wallet used by the specific operation. When you generate and store all the wallets you want to work with, you then enable the daemon mode in the KMS. This daemon mode periodically checks for pending transactions to sign.
Summary:
- When you generate a wallet with KMS, it creates a signature ID that is used in place of the wallet’s mnemonic.
- When you generate a private key to an address, it creates a signature ID to be used in place of the private key.
- When you send API requests to Tatum you only have to remember to replace two fields:
- mnemonic -> signatureId (of the wallet’s mnemonic phrase)
- fromPrivateKey -> signatureId (of the private key)
More information at the following link.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article