AWS – Encryption Key


Passwords and PIN numbers are passed to the SwissPKI instance through secrets, which first require an encryption key to be defined.


Create New Key

Step 1 – Alias and Description

Open the Key Management Service (KMS) console, select Customer managed keys on the left panel and click on button Create Key.


Give the key the alias swisspki-secrets. In advanced options, choose KMS as key material origin.


Click Next

Step 2 – Tags

No tags to add.


Click Next

Step 3 – Key Permissions

As administrator of this key, choose the SwissPKI-Admin user.


Click Next

Step 4 – Key Usage

Give permission to IAM role SwissPKI-Decrypt-Secrets to use this key. This role is the one assigned to the SwissPKI EC2 instance.


Click Next

Step 5 – Review

Finally, review the parameters and click Finish to create and store the key.