I am in need of a way to sign messages from a cloud function from a trusted signer and have been able to get it working. My only concern is security for this type of operation. I have put a private key in the config and require master key to be used for it.
Here is my code:
Moralis.Cloud.define("SignMessage", async (request) => {
const web3 = await Moralis.ethersByChain("0x13881");
const config = await Moralis.Config.get({ useMasterKey: true });
const signer = config.get("TrustedSigner");
const trustedSigner = new web3.ethers.Wallet(signer);
const msg = web3.ethers.utils.solidityKeccak256(['uint256', 'address'], [request.params.battleId, request.params.winner]);
const signedMessage = await trustedSigner.signMessage(web3.ethers.utils.arrayify(msg));
return signedMessage;
});
How secure would the private key be in this case? Is there better solutions to achieve this through moralis?