Backend Wallets

Engine performs blockchain actions using backend wallets that you own and manage.

There are multiple options for securing backend wallets.

Local wallet

A local wallet is a wallet created or imported from a private key. Ensure your private key is backed up before transacting with a local wallet in a production environment.

Local wallets private keys are stored encrypted in Engine's database. For security reasons, private keys cannot be exported.

AWS KMS wallet

An AWS KMS Wallet is a wallet securely stored in your AWS account.

The IAM user credentials are required by Engine to create, import, and transact with AWS KMS wallets.

KMS key settings

If creating AWS KMS wallets with Engine, skip this step.

To import an existing KMS key, ensure your KMS key is created with the following settings:

  • Key type: Asymmetric
  • Key spec: ECC_SECG_P256K1
  • Key usage: Sign and verify

Google Cloud KMS wallet

  • Enable Google KMS API for your Google project.
  • Create a Service Account.
  • Navigate to IAM & Admin > IAM. Find the service account and select Edit Principal to add the following roles:
    • Cloud KMS Admin
    • Cloud KMS CryptoKey Signer/Verifier
  • Select the created service account and navigate to the Keys tab.
  • Select Add Key
  • Select Create new key
  • Select JSON to download the JSON file. This file authenticates Google Cloud KMS.
  • Create a keyring in Google KMS.
    • Optional: Create a key in the keyring or call POST /wallet/create.

Create a wallet

For AWS or Google Cloud KMS wallets, you must provide your credentials.

Call POST /backend-wallet/create or create a wallet from the Engine dashboard page.

Import a wallet

For AWS or Google Cloud KMS wallets, you must provide your credentials.

Call POST /backend-wallet/import or import a wallet from the Engine dashboard page.

List wallets

Backend wallets are listed in the Backend Wallets table on the Engine dashboard page.

Or call GET /backend-wallet/get-all to list all backend wallets.

Best practices

  • It is recommend to use AWS or Google Cloud KMS wallets for production use. Private keys are not exposed and the wallet is backed up securely by the cloud provider.
  • Use labels and multiple backend wallets to organize and track usage.
    • Example: Use one wallet to pay out creators on your platform and another to airdrop NFTs to users.
  • If your wallets require topping up gas or ERC20 tokens regularly, consider a separate "funds storage" backend wallet that transfers funds to other wallets via the dashboard UI or API.