AWS – Encryption Key

 

Passwords and PIN numbers are passed to the SwissPKI instance through secrets, which first require an encryption key to be defined.

 

Create New Key

Step 1 – Alias and Description

Open the Key Management Service (KMS) console, select Customer managed keys on the left panel and click on button Create Key.

 

Give the key the alias swisspki-secrets. In advanced options, choose KMS as key material origin.

 

Click Next

Step 2 – Tags

No tags to add.

 

Click Next

Step 3 – Key Permissions

As administrator of this key, choose the SwissPKI-Admin user.

 

Click Next

Step 4 – Key Usage

Give permission to IAM role SwissPKI-Decrypt-Secrets to use this key. This role is the one assigned to the SwissPKI EC2 instance.

 

Click Next

Step 5 – Review

Finally, review the parameters and click Finish to create and store the key.