Enhance Kaleido’s built-in protection of your private key materials with a master encryption key stored in your Azure Key Vault Service.
Azure Key Vault provides hardware security modules (HSM) that are maintained in the Azure Cloud. This allows clients total control of their cryptographic materials in hardware and firmware without being exposed to any operators including Microsoft. Using an HSM based keys management provides the highest level of security.
Kaleido CloudHSM service supports using keys maintained by Azure Key Vault to sign transactions. The Kaleido service communicates with Azure Key Vault via HTTP over TLS to discover the list of signing accounts and sending it payload to sign. During the entire process the signing keys stay safe inside the customer's Azure Key Vault instance and are never shared with Kaleido.
Create one or more keys in the vault that can be used to sign Ethereum transactions
Create and configure a Kaleido CloudHSM signer service which has the ability to interact with the Key Vault in Azure to sign and send transactions to an Ethereum node in the Kaleido environment.
Azure Key Vault is backed by FIPS 140-2 Level 2 certified HSMs keeping your keys secure. The first step is to provision a Key Vault in Azure and generate secp256k1 keys suitable for signing Ethereum transactions.