Token Signing with AWS KMS
Closed this issue · 0 comments
Which version of Duende.AccessTokenManagement are you using?
6.2.1
Which version of .NET are you using?
6.0
Describe the bug
In AWS there is a key management service (KMS) which generates a private key and cannot be retrieved, and aws kms client provides an endpoint for signing.
What I want to achieve is, I want to sign the jwt by integrating it with identity server.
The only way that I can do is, use my own key (.pfx) and generate a token, and submit it to aws kms to sign with their private key which is not efficient. Another problem of doing this is it shows the key details of the my own key (.pfx) in the well-known jwks.
My questions are
- Is there any way to use the AWS KMS to sign the jtw on identity server?
- is there any way that I can hide some key details in the jwks?
To Reproduce
N/A
Expected behavior
N/A
Log output/exception with stacktrace
N/A
Additional context
N/A