AWS KMS v1 CryptoToken Properties
For the version 1 AWS KMS CryptoToken implementation, use the following class:
CRYPTOTOKEN_IMPLEMENTATION_CLASS=com.czertainly.signserver.module.awskms.AWSKMSCryptoToken
The following properties are available to be configured:
| Property | Description | Default Value | Mandatory |
|---|---|---|---|
| AWSKMS_REGION | AWM KMS region name, where the keys should reside. The proper authorization to the region and KMS must be set for the IAM user. For the list of all available regions, see the AWS KMS documentation. | NONE | YES |
| AWSKMS_ACCESSKEYID | Access Key ID of the IAM user. Must be present in order to get a proper access to the KMS keys. Value is exported from the AWS console. | NONE | YES |
| PIN | Secret Access Key of the IAM user. Must be present in order to get a proper access to the KMS keys. Value is exported from the AWS console. | NONE | YES |
| CERT_STORAGE_IMPLEMENTATION_CLASS | Implementation class for certificate storage. Certificates issued for assigned signing keys will be stored according the implementation provided. Each implementation may have additional properties that needs to be configured. | NONE See Certificate Storage Providers for more information. | YES |