#AWS SDK

This implementation utilizes AWS SDK's default credential provider chain for authentication, automatically detecting credentials from multiple sources including:

Environment variables
AWS credentials file
IAM roles for EC2
Container credentials
SSO credentials

#Key generation

To create the key you can use the onboard endpoint provided by the issuer API and provide the necessary parameters to create the key in the AWS KMS service.

#Creation via Issuer API

Request

Response

Endpoint:/onboard/issuer | API Reference

Example Request

curl -X 'POST' \
  'https://issuer.portal.walt-test.cloud/onboard/issuer' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "key": {
    "backend": "aws",
    "keyType": "secp256r1",
    "config": {
        "region": "eu-central-1"
    }
  },
  "did": {
    "method": "jwk"
  }
}'

Body

{
  "key": {
    "backend": "aws",
    "keyType": "secp256r1",
    "config": {
      "region": "eu-central-1"
    }
  },
  "did": {
    "method": "jwk"
  }
}

Body Parameters

key
- backend: String - Specifies the storage type of key. It can be jwk (manged by you), aws (managed by AWS KMS using their kotlin SDK ) and others. Learn more about different types here.
- keyType: String - the algorithm used to generate the key. For Vault only ed25519 is possible.
- config
  - region: String - The region where the AWS KMS service is located.
did:
- method: String - Specifies the DID method. It can be key, jwk, web, cheqd.

Overview AWS REST API