Keystore

A multi-chain keystore library that provides a unified interface for managing private keys.

Warning: this is an experimental project under development.

Features

• Multiple Key Sources

  • Local keystore management (JSON keystore files)
  • HashiCorp Vault integration (both on-prem vaults and cloud)

• Chain Support

  • Ethereum (EVM) compatible chains
  • Stellar/Soroban
  • Solana

• Key Operations

  • Generate new keys (local keystore only)
  • Load existing keys
  • Secure key storage and retrieval

Examples

Check the examples/ directory for complete usage examples:

• local-keystore-to-alloy-wallet: Convert keystore to EVM wallet
• local-keystore-to-stellar-wallet: Convert keystore to Stellar wallet
• hashicorp-vault-to-alloy-wallet: Convert pk stored in vault to EVM wallet
• hashicorp-vault-to-stellar-wallet: Convert pk stored in vault to Stellar wallet
• hashicorp-vault-to-solana-wallet: Convert pk stored in vault to Solana wallet

Local Keystore

The local keystore provides secure storage of private keys in encrypted JSON files on your local filesystem. It supports multiple key types (EVM, Stellar, Solana) and uses industry-standard encryption methods.

Usage

See local-keystore-to-alloy-wallet example for full implementation using alloy.

  let dir = "./key";
  let password = "password123";
  let name = "key.json";
  let key = LocalClient::generate(dir, password, name)

Hashicorp Vault

Provides integration with HashiCorp Vault for secure key management. Supports both local Vault instances and HashiCorp Cloud, with the ability to store and retrieve private keys for multiple blockchain networks (EVM, Stellar, Solana).

Getting Started

1. Follow Installation Guide
2. Open a terminal Run Vault locally

vault server -dev -dev-root-token-id="root"

Usage

See hashicorp-vault-to-alloy-wallet example for full implementation.

  let random_key: [u8; 32] = rand::thread_rng().gen();
  client.store_secret("my_secret", random_key.to_vec(), KeyType::EVM).await.unwrap();

  let secret = client.get_secret("my_secret", KeyType::EVM).await.unwrap().unwrap();
  let hex_secret = hex::encode(&secret);
  let key_bytes = FixedBytes::from_hex(&hex_secret).unwrap();
  let signer = LocalSigner::from_bytes(&key_bytes)
    .expect("failed to create signer");

Hashicorp Cloud

Getting Started

1. Create a Hashicorp account
2. Create new organization
3. Go to secrets app and create a new app.
4. Create new static secret, the value must be a valid ed25519 secret key, you can generate a random key using https://cyphr.me/ed25519_tool/ed.html

Setup

Create .env file with following entries

HASHICORP_CLIENT_ID=L5...Xa
HASHICORP_CLIENT_SECRET=Q9...2P
HASHICORP_ORG_ID=1b345678-b123-a123-c123-1b345678 # in org settings
HASHICORP_PROJECT_ID=1b345678-b123-a123-c123-1b345678 # in project settings
HASHICORP_APP_NAME=your_app_name

Usage

use keystore::hashicorp::cloud::HashicorpCloudClient;

// Initialize client with your credentials
let client = HashicorpCloudClient::new(
    env::var("HASHICORP_CLIENT_ID").unwrap(),
    env::var("HASHICORP_CLIENT_SECRET").unwrap(),
    env::var("HASHICORP_ORG_ID").unwrap(),
    env::var("HASHICORP_PROJECT_ID").unwrap(),
    env::var("HASHICORP_APP_NAME").unwrap(),
);

// Fetch a secret
let response = client.get_secret("my_secret_name").await?;
let secret_value = response.secret.static_version.value;