Is there a way to sign cloud access URLs using Amazon KAMA keys?

Question

Is there a way to sign cloud access URLs using Amazon KAMA keys?

I was able to sign the cloud cloud URL with private keys, but keeping the private keys safe is difficult. I am thinking about using KMS to protect private keys, is there a way to sign URLs using keys stored in amazon KMS?

+3

url amazon amazon-web-services sign

Nas Apr 21 At 2:06 am

source to share

2 answers

Kannaiyan · Answer 1 · 2016-07-04T16:24:30+0000

You should be able to request certificates for your domain through the certificate manager and everything will be taken care of by the backend. All key operations associated with these certificates are done in the backend.

KMS is keymanagement and you won't be able to pull keys out of the system. You need to link to AWS ARN wherever you want to encrypt or decrypt.

markushinsche · Answer 2 · 2017-06-02T09:16:37+0000

Using KMS, you can encrypt private keys, so you don't need to store them in your git repositories or on your filesystem. (This is considered more secure.)

Next, here are the conceptual steps for a signature,

You would re-generate your private key using the KMS decryption feature
Sign with private key
Revoke your private key again because you don't want to keep it unsecured

Read more here:

The general idea in the first paragraph is here: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Encryption: http://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html

Decrypt: http://docs.aws.amazon.com/cli/latest/reference/kms/decrypt.html

Is there a way to sign cloud access URLs using Amazon KAMA keys?

More articles: