An AWS KMS Wallet is a wallet securely stored in your AWS account. Engine can create and transact with the wallet, but not delete it.
AWS KMS Support
AWS KMS wallets are not currently supported on Engine Cloud. They are currently supported on Engine Dedicated v2, and will be available soon with Dedicated v3.
- Create an IAM user with programmatic access.
- Grant the following KMS permissions to this user.
kms:CreateKey
kms:GetPublicKey
kms:Sign
kms:CreateAlias
kms:Verify
- On the user page, navigate to Security credentials > Access keys.
- Select Create access key to get an Access Key and Secret Key.
- In the dashboard, navigate to Configuration > Server Wallets.
- Select AWS KMS and provide the following:
- Access Key (example:
AKIA...
) - Secret Key (example:
UW7A...
) - Region (example:
us-west-1
)
- Access Key (example:
- Ensure your KMS key is created with the following settings:
- Key type:
Asymmetric
- Key spec:
ECC_SECG_P256K1
- Key usage:
Sign and verify
- Key type:
- In the dashboard, navigate to Overview > Server Wallets.
- Select Import and provide the following:
- AWS KMS Key ID (example:
0489da75-9830-4a5a-97e3-e4a6df7775b3
) - AWS KMS ARN (example:
arn:aws:kms:us-west-1:632186309261:key/0489da75-9830-4a5a-97e3-e4a6df7775b3
)
- AWS KMS Key ID (example: