Skip to main content

AWS KMS v1 CryptoToken Properties

For the version 1 AWS KMS CryptoToken implementation, use the following class:

CRYPTOTOKEN_IMPLEMENTATION_CLASS=com.czertainly.signserver.module.awskms.AWSKMSCryptoToken

The following properties are available to be configured:

PropertyDescriptionDefault ValueMandatory
AWSKMS_REGIONAWM KMS region name, where the keys should reside. The proper authorization to the region and KMS must be set for the IAM user. For the list of all available regions, see the AWS KMS documentation.NONEYES
AWSKMS_ACCESSKEYIDAccess Key ID of the IAM user. Must be present in order to get a proper access to the KMS keys. Value is exported from the AWS console.NONEYES
PINSecret Access Key of the IAM user. Must be present in order to get a proper access to the KMS keys. Value is exported from the AWS console.NONEYES
CERT_STORAGE_IMPLEMENTATION_CLASSImplementation class for certificate storage. Certificates issued for assigned signing keys will be stored according the implementation provided. Each implementation may have additional properties that needs to be configured.NONE
See Certificate Storage Providers for more information.
YES