yarn add @sertoid/veramo-aws-kmsThis Package is meant to be used as a parameter to initialize the @veramo/key-manager plugin. The KeyStore included here will never have access to the private key as that is in the KMS api.
import { KeyManagementSystem } from '@sertoid/veramo-aws-kms'
new KeyManager({
store: new KeyStore(dbConnection),
kms: {
aws: new KeyManagementSystem({ region: 'us-east-2', apiVersion: '2014-11-01', accessKeyId: "", secretAccessKey: "" })
},
})
const ethrDidProvider = new EthrDIDProvider({
defaultKms: "aws",
network: "rinkeby",
rpcUrl: `https://rinkeby.infura.io/v3/${infuraProjectId}`,
gas: 1000001,
ttl: 60 * 60 * 24 * 30 * 12 + 1,
});Also be sure to include the defaultKms parameter in your DID provider.
To authenticate to the AWS API you need to specify accessKeyId and secretAccessKey, but you have a few options.
- Environment variables - If you specify these two parameters as env variables they will automatically be used by the package.
- Constructor parameters - You can provided these as constructor parameters for the KeyManagementSystem class of this package.
- IAM roles for your EC2 instance - You need an IAM role which specifies policies to access kms methods such as
CreateKey,Sign, andScheduleKeyDeletion