Using KMS for DID Creation

By default, the DID service can only utilise in-line JWK keys for generating DIDs. However, if you would like to use keys managed by your KMS service you can do so by properly configuring it as a dependency of the DID service and ensuring you have the proper permissions to access the keys. Once attached, you will be able to reference the keys in your DID creation requests.

There is also the option to attach more then one KMS service, in this case you can reference any key from any of the attached KMS services during DID creation.

Link KMS Service to DID Service

If you don't have a KMS service yet, you can learn how to create on here.

CURL

Endpoint: /v1/{target}/did-service-api/dids/dependencies/add | API Reference

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/did-service-api/dids/dependencies/add' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d 'waltid.tenant1.kms1'

Body

waltid.tenant1.kms1

Path Parameters

  • orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.walt.dev when using the sandbox environment.
  • target: resourceIdentifier - The target indicates the organization + tenant + DID service to which to add an existing KMS Service ({organizationID}.{tenantID}.{kmsServiceID}), e.g. waltid.tenant1.kms1

Body Parameters

  • Specifies the ID of the KMS service that should be linked.

Response Codes

  • 201 - Unit attached.
Last updated on March 26, 2026
Verification EventDID Key