AWS KMS Key Management

The Wallet API supports AWS KMS as a key management solution. You can utilize AWS KMS to store your cryptographic keys in a secure and scalable way.

We support both AWS KMS with a rest api implementation and AWS SDK for Kotlin to manage cryptographic keys.

Key Creation

Below you find an example call to create a key in AWS KMS and associate it with a wallet managed by the Wallet API.

The only thing that is important to note for the creation, that our system is only compatible with the following Key types offered by the AWS KMS:

  • RSA , SECP256R1, SECP256K1
USING AWS REST API
USING AWS SDK

Endpoint:/keys/generate | API Reference

Example Request

curl -X 'POST' \
  'https://wallet.walt.id/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/generate' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "backend": "aws-rest-api",
  "config": {
   "auth":{
    "region": "eu-central-1",
    "accessKeyId": "accessKeyId",
    "secretKey": "secretKeyId"
  },
  "keyType": "secp256r1"
}'

Body

{
  "backend": "aws-rest-api",
  "config": {
    "auth": {
      "region": "eu-central-1",
      "accessKeyId": "accessKeyId",
      "secretKey": "secretKeyId"
    }
  },
  "keyType": "secp256r1"
}

Body Parameters

  • backend: String - The location where the key is stored. In our case aws-rest-api as we want to store it in aws's kms.
  • config
    • region: String - The region where the key is stored.
    • accessKeyId: String - The access key id for the AWS account.
    • secretKey: String - The secret key for the AWS account.
  • keyType: String - the algorithm used to generate the key. For AWS only RSA and secp256r1 and secp256k1 is possible.

Example Response

The API will respond with the ID of the key. This ID is the internal reference and can be used in operations such as DID create or key delete.

Kki22j4lUwo1gtDfdvdCgOE0hhKcNHgIZSzSxU0CugE
Hashicorp VaultAzure Key Vault