Key Creation

Below you find an example call to create a key in AWS KMS and associate it with a wallet managed by the Wallet API.

The only thing that is important to note for the creation, that our system is only compatible with the following Key types offered by the AWS KMS:

  • RSA , SECP256R1, SECP256K1
CURL

Endpoint:/keys/generate | API Reference

Example Request

curl -X 'POST' \
  'https://wallet.walt.id/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/generate' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "backend": "aws",
  "config": {
    "region": "eu-central-1",
    "accessKeyId": "accessKeyId",
    "secretKey": "secretKeyId",
  },
  "keyType": "secp256r1"
}'

Body

{
  "backend": "aws",
  "config": {
    "region": "eu-central-1",
    "accessKeyId": "accessKeyId",
    "secretKey": "secretKeyId"
  },
  "keyType": "secp256r1"
}

Body Parameters

  • backend: String - The location where the key is stored. In our case aws as we want to store it in aws's kms.
  • config
    • region: String - The region where the key is stored.
    • accessKeyId: String - The access key id for the AWS account.
    • secretKey: String - The secret key for the AWS account.
  • keyType: String - the algorithm used to generate the key. For AWS only RSA and secp256r1 and secp256k1 is possible.

Example Response

The API will respond with the ID of the key. This ID is the internal reference and can be used in operations such as DID create or key delete.

Kki22j4lUwo1gtDfdvdCgOE0hhKcNHgIZSzSxU0CugE

Key Deletion

Below you find an example call to delete a key using its keyId from the local storage and the external KMS.

⚠ WARNING: The external key is scheduled for deletion in AWS KMS. Once initiated, it will be permanently deleted after 7 days and cannot be recovered. Proceed with caution.

CURL

Endpoint:/keys/{keyId} | API ReferenceExample Request

curl -X 'DELETE' \
  'https://wallet.walt.id/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/Kki22j4lUwo1gtDfdvdCgOE0hhKcNHgIZSzSjson'

Parameters

  • keyId: String - The ID of the key that should be deleted.
  • wallet: String - The ID of the wallet that the key is associated with.

Example Response

The API will respond with a status code of 202 if the key was successfully deleted.

Key Removal

Below you find an example call to remove a key reference using its keyId from the local storage.

⚠ WARNING: The key is only removed from the local storage and the external KMS is not affected. The key can still be used in the external KMS.

CURL

Endpoint:/keys/{keyId}/remove | API ReferenceExample Request

curl -X 'DELETE' \
  'https://wallet.walt.id/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/Kki22j4lUwo1gtDfdvdCgOE0hhKcNHgIZSzS/remove'

Parameters

  • keyId: String - The ID of the key that should be removed.
  • wallet: String - The ID of the wallet that the key is associated with.

Example Response

The API will respond with a status code of 202 if the key was successfully deleted.

Hashicorp VaultOverview