AWS KMS wallet

An AWS KMS Wallet is a wallet securely stored in your AWS account. Engine can create and transact with the wallet, but not delete it.

Setup

  • Create an IAM user with programmatic access.
  • Grant the following KMS permissions to this user.
    • kms:CreateKey
    • kms:GetPublicKey
    • kms:Sign
    • kms:CreateAlias
    • kms:Verify
  • On the user page, navigate to Security credentials > Access keys.
  • Select Create access key to get an Access Key and Secret Key.
  • In the dashboard, navigate to Configuration > Server Wallets.
  • Select AWS KMS and provide the following:
    • Access Key (example: AKIA...)
    • Secret Key (example: UW7A...)
    • Region (example: us-west-1)

Import an existing wallet

  • Ensure your KMS key is created with the following settings:
    • Key type: Asymmetric
    • Key spec: ECC_SECG_P256K1
    • Key usage: Sign and verify
  • In the dashboard, navigate to Overview > Server Wallets.
  • Select Import and provide the following:
    • AWS KMS Key ID (example: 0489da75-9830-4a5a-97e3-e4a6df7775b3)
    • AWS KMS ARN (example: arn:aws:kms:us-west-1:632186309261:key/0489da75-9830-4a5a-97e3-e4a6df7775b3)