KMS INTEGRATIONS
We are proud to announce that starting today, governments and businesses that are already using or plan to use external Key Management Services (KMS) providers like Hashicorp Vault, Oracle Cloud, and others, can now operate them together with the walt.id stack to offer highly secure digital identity and wallet solutions for businesses and individuals.
The Developers Dilemma (why KMS Integrations)
Many of our customers already use external KMS providers to secure cryptographic key material for their offerings. But until today, if they also wanted to secure their digital identity products powered by walt.id via the same KMS system, manual processes, and custom developments were required. This caused not only frustration and a longer time to market but also introduced security issues as keys needed to be transferred between systems.
That’s why we built the integration, to make it easier for businesses and governments who already use or want to use their external KMS setups and make it work with the walt.id stack. This will enable a faster launch of highly secure digital identity products without headaches. No more manual setups taking up weeks, just one easy configuration written in minutes. Since we’ve decided to open-source all KMS integrations (via the Community Stack), everyone will get access and will enjoy complete flexibility and extensibility.
What do KMS integrations offer?
Here’s an overview of the most important capabilities the KMS integrations enable:
Identity Wallets: Keys powering the digital identity wallets created via the walt.id wallet SDKs and APIs are now created and stored in the highly secure KMS environment.
Digital Signatures: Signatures required for the issuance and presentation of digital credentials initiated via the walt.id issuer, wallet, or verifier APIs and SDKs are now created inside the secure environment of the KMS provider.
How it works?
When using an external KMS (Key Management System) in the walt.id stack, keys for wallets will be created and stored there. Signatures for issuance and presentation of digital credentials are also created in the KMS environment. The walt.id system only provides key metadata, required access credentials, and the content to be signed. With this process, private keys never leave the secure KMS environment, reducing the risk of private key exposure and theft.
KMS Providers
Below is a list of the KMS providers we currently support. If there's one you would like to use but which is not already listed, please let us know here.
Oracle KMS
