AWS KMS integration
We are proud to announce that starting today, governments and businesses that are already using or plan to use the AWS Key Management Service (KMS) infrastructure can now operate it together with the walt.id stack to offer highly secure digital identity and wallet solutions for businesses and individuals.
The Developers Dilemma (why the AWS KMS Integration)
Many of our customers already use the AWS KMS to secure cryptographic key material for their offerings. But until today, if they also wanted to secure their digital identity products powered by walt.id via the AWS KMS, manual processes and custom developments were required. This caused not only frustration and a longer time to market but also introduced security issues as keys needed to be transferred between systems.
That’s why we built the integration, to make it easier for businesses and governments who already use or want to use AWS secure KMS setup and make it work with the walt.id stack. This will enable a faster launch of highly secure digital identity products without headaches. No more manual setups taking up weeks, just one easy configuration written in minutes. Since we’ve decided to open-source it (via the Community Stack), everyone will get access and will enjoy complete flexibility and extensibility.
What does the integration offer?
Here’s an overview of the most important capabilities this integration enables:
Identity Wallets: Keys powering the digital identity wallets created via the walt.id wallet SDKs and APIs are now created and stored in the highly secure AWS KMS environment.
Digital Signatures: Signatures required for the issuance and presentation of digital credentials initiated via the walt.id issuer, wallet, or verifier APIs and SDKs are now created inside the secure environment of AWS KMS.
How it works?
When using AWS as an external KMS (Key Management System) in the walt.id stack, keys for wallets will be created and stored there. Signatures for issuance and presentation of digital credentials are also created in the AWS environment. The walt.id system only provides key metadata, required access credentials, and the content to be signed. With this process, private keys never leave the secure AWS KMS environment, reducing the risk of private key exposure and theft.
