@solana/keychain-fireblocks 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +124 -0
  2. package/package.json +3 -3
package/README.md ADDED
@@ -0,0 +1,124 @@
1
+ # @solana/keychain-fireblocks
2
+
3
+ Fireblocks-based signer for Solana transactions using Fireblocks' institutional custody API.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ pnpm add @solana/keychain-fireblocks
9
+ ```
10
+
11
+ ## Prerequisites
12
+
13
+ 1. A [Fireblocks](https://fireblocks.com) account with API access
14
+ 2. A vault account with Solana (SOL) asset configured
15
+ 3. An API user with signing permissions and RSA 4096 private key
16
+
17
+ Follow the [Fireblocks documentation](https://developers.fireblocks.com/docs/create-direct-custody-wallets) to get started.
18
+
19
+ ## Usage
20
+
21
+ ### Basic Setup
22
+
23
+ ```typescript
24
+ import { FireblocksSigner } from '@solana/keychain-fireblocks';
25
+
26
+ const signer = new FireblocksSigner({
27
+ apiKey: 'your-fireblocks-api-key',
28
+ privateKeyPem: `-----BEGIN PRIVATE KEY-----
29
+ ...your RSA 4096 private key...
30
+ -----END PRIVATE KEY-----`,
31
+ vaultAccountId: '0',
32
+ });
33
+
34
+ // Initialize (fetches public key from Fireblocks)
35
+ await signer.init();
36
+
37
+ console.log('Signer address:', signer.address);
38
+ ```
39
+
40
+ ### Signing Transactions
41
+
42
+ ```typescript
43
+ import { pipe, signTransaction, createTransaction } from '@solana/kit';
44
+
45
+ // Create your transaction
46
+ const transaction = pipe(
47
+ createTransaction({ version: 0 }),
48
+ // ... add instructions
49
+ );
50
+
51
+ // Sign the transaction
52
+ const signedTransaction = await signTransaction([signer], transaction);
53
+ ```
54
+
55
+ ### Signing Messages
56
+
57
+ ```typescript
58
+ import { signMessage } from '@solana/signers';
59
+
60
+ const message = new TextEncoder().encode('Hello, Solana!');
61
+ const signature = await signMessage([signer], message);
62
+ ```
63
+
64
+ ### With Program Call Mode
65
+
66
+ By default, the signer uses RAW signing (signs bytes, you broadcast). Enable `useProgramCall` to have Fireblocks broadcast the transaction:
67
+
68
+ ```typescript
69
+ const signer = new FireblocksSigner({
70
+ apiKey: 'your-fireblocks-api-key',
71
+ privateKeyPem: '...',
72
+ vaultAccountId: '0',
73
+ useProgramCall: true, // Fireblocks signs and broadcasts the transaction to Solana
74
+ });
75
+ ```
76
+
77
+ ### With Devnet
78
+
79
+ ```typescript
80
+ const signer = new FireblocksSigner({
81
+ apiKey: 'your-fireblocks-api-key',
82
+ privateKeyPem: '...',
83
+ vaultAccountId: '0',
84
+ assetId: 'SOL_TEST', // Use devnet asset
85
+ });
86
+ ```
87
+
88
+ ## Configuration
89
+
90
+ ### FireblocksSignerConfig
91
+
92
+ | Field | Type | Required | Default | Description |
93
+ |-------|------|----------|---------|-------------|
94
+ | `apiKey` | `string` | Yes | - | Fireblocks API key (X-API-Key header) |
95
+ | `privateKeyPem` | `string` | Yes | - | RSA 4096 private key in PEM format for JWT signing |
96
+ | `vaultAccountId` | `string` | Yes | - | Fireblocks vault account ID |
97
+ | `apiBaseUrl` | `string` | No | `https://api.fireblocks.io` | Custom API base URL |
98
+ | `assetId` | `string` | No | `SOL` | Asset ID (`SOL` for mainnet, `SOL_TEST` for devnet) |
99
+ | `pollIntervalMs` | `number` | No | `1000` | Polling interval in ms when waiting for transaction completion |
100
+ | `maxPollAttempts` | `number` | No | `60` | Maximum polling attempts before timeout |
101
+ | `requestDelayMs` | `number` | No | `0` | Delay in ms between concurrent signing requests |
102
+ | `useProgramCall` | `boolean` | No | `false` | When true, Fireblocks broadcasts the transaction |
103
+
104
+ ## How It Works
105
+
106
+ 1. **Initialization**: Fetches the vault account's Solana address from Fireblocks API
107
+ 2. **JWT Authentication**: Signs API requests with RS256 JWT using your RSA private key
108
+ 3. **Transaction Creation**: Creates a signing transaction in Fireblocks (RAW or PROGRAM_CALL operation)
109
+ 4. **Signature Extraction**: Extracts the Ed25519 signature from the completed transaction/message
110
+
111
+ ### Signing Modes
112
+
113
+ - **RAW** (default): Signs the message bytes only. You receive the signature and broadcast the transaction yourself.
114
+ - **PROGRAM_CALL**: Fireblocks signs and broadcasts the transaction to Solana. The `txHash` is returned in the response.
115
+
116
+ ## Security Considerations
117
+
118
+ 1. **Private Key Security**: The RSA private key should never be committed to source control. Use environment variables or secure secret management.
119
+ 2. **API Key Rotation**: Rotate API keys periodically according to your security policy.
120
+ 3. **Policy Engine**: Configure Fireblocks Transaction Authorization Policy (TAP) to enforce signing rules.
121
+
122
+ ## License
123
+
124
+ MIT
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@solana/keychain-fireblocks",
3
3
  "author": "Solana Foundation",
4
- "version": "0.2.1",
4
+ "version": "0.3.0",
5
5
  "description": "Fireblocks-based signer for Solana transactions",
6
6
  "license": "MIT",
7
7
  "repository": "https://github.com/solana-foundation/solana-keychain",
@@ -34,13 +34,13 @@
34
34
  "@solana/signers": "^5.0.0",
35
35
  "@solana/transactions": "^5.0.0",
36
36
  "jose": "^6.1.3",
37
- "@solana/keychain-core": "0.2.1"
37
+ "@solana/keychain-core": "0.3.0"
38
38
  },
39
39
  "devDependencies": {
40
40
  "@solana-program/memo": "^0.10.0",
41
41
  "@solana/kit": "^5.0.0",
42
42
  "dotenv": "^17.2.3",
43
- "@solana/keychain-test-utils": "0.2.1"
43
+ "@solana/keychain-test-utils": "0.3.0"
44
44
  },
45
45
  "publishConfig": {
46
46
  "access": "public"