Azure Key Vault integration

Written By Justin Davreux

We are proud to announce that starting today, governments and businesses that are already using or plan to use the Azure Key Vault infrastructure can now operate it together with the walt.id stack to offer highly secure digital identity and wallet solutions for businesses and individuals.

The Developers Dilemma (why the Azure Key Vault Integration)

Many of our customers already use Azure Key Vault to secure cryptographic key material for their offerings. But until today, if they also wanted to secure their digital identity products powered by walt.id via Azure Key Vault, manual processes and custom developments were required. This caused not only frustration and a longer time to market but also introduced security issues as keys needed to be transferred between systems.

That’s why we built the integration, to make it easier for businesses and governments who already use or want to use Microsoft Azure secure Key Vault setup and make it work with the walt.id stack. This will enable a faster launch of highly secure digital identity products without headaches. No more manual setups taking up weeks, just one easy configuration written in minutes. Since we’ve decided to open-source it (via the Community Stack), everyone will get access and will enjoy complete flexibility and extensibility.

What does the integration offer?

Here’s an overview of the most important capabilities this integration enables:

Identity Wallets: Keys powering the digital identity wallets created via the walt.id wallet SDKs and APIs are now created and stored in the highly secure Azure Key Vault environment.

Digital Signatures: Signatures required for the issuance and presentation of digital credentials initiated via the walt.id issuer, wallet, or verifier APIs and SDKs are now created inside the secure environment of Azure Key Vault.

How it works?

When using Microsoft Azure as an external KMS (Key Management System) in the walt.id stack, keys for wallets will be created and stored there. Signatures for issuance and presentation of digital credentials are also created in the Azure environment. The walt.id system only provides key metadata, required access credentials, and the content to be signed. With this process, private keys never leave the secure Azure Key Vault environment, reducing the risk of private key exposure and theft.

Get started

  • Issuer API - Sign & issue credentials using keys stored in Azure Key Vault via the walt.id Issuer API

  • Wallet API - Store and manage holder keys via the Azure Key Vault integration in the Wallet API.

  • Web Wallet UI - Holders can create & use keys stored in Microsoft via Azure Key Vault.

Justin Davreux
Next

AWS KMS integration