HashiCorp Vault Integration

We are proud to announce that starting today, governments and businesses that are already using or plan to use the HashiCorp Vault Key Management Service (KMS) infrastructure can now operate it together with the walt.id stack to offer highly secure digital identity and wallet solutions for businesses and individuals.

The Developers Dilemma (why the HashiCorp Vault Integration)

Many of our customers already use HashiCorp Vault to secure cryptographic key material for their offerings. But until today, if they also wanted to secure their digital identity products powered by walt.id via the HashiCorp Vault, manual processes and custom developments were required. This caused not only frustration and a longer time to market but also introduced security issues as keys needed to be transferred between systems.

That’s why we built the integration, to make it easier for businesses and governments who already use or want to use HasiCorp Vault’s secure KMS setup and make it work with the walt.id stack. This will enable a faster launch of highly secure digital identity products without headaches. No more manual setups taking up weeks, just one easy configuration written in minutes. Since we’ve decided to open-source it (via the Community Stack), everyone will get access and will enjoy complete flexibility and extensibility.

What does the integration offer?

Here’s an overview of the most important capabilities this integration enables:

Identity Wallets: Keys powering the digital identity wallets created via the walt.id wallet SDKs and APIs are now created and stored in the highly secure HashiCorp Vault KMS environment.

Digital Signatures: Signatures required for the issuance and presentation of digital credentials initiated via the walt.id issuer, wallet, or verifier APIs and SDKs are now created inside the secure environment of HashiCorp Vault.

How it works?

When using HashiCorp Vault as an external KMS (Key Management System) in the walt.id stack, keys for wallets will be created and stored there. Signatures for issuance and presentation of digital credentials are also created in the HashiCorp Vault environment. The walt.id system only provides key metadata, required access credentials, and the content to be signed. With this process, private keys never leave the secure HashiCorp Vault environment, reducing the risk of private key exposure and theft.

Get started

• Issuer - Create keys in Hashicorp Vault and use them to sign and issue credentials.

• Wallet - Create highly secure digital wallets with Hashicorp Vault-protected keys.

• Core Crypto Lib - Sign any content in Kotlin/Java using keys from Hashicorp Vault.