.. and press ENTER to ask a question on web5, how to write code and more.

Skip to main content

Key Management

Decentralized Identifiers (DIDs) are associated with public and private keys. The private key, which should be kept secret, is used to sign information or transactions, demonstrating control over the DID.

Proper key management ensures that private keys are securely stored and used, reducing the risk of unauthorized access or misuse.

Supported Types​

The Web5 SDK provides a KeyManager interface that makes it possible to use any key management solution of your choice. A few examples out of the box are:

  • InMemoryKeyManager: This implementation utilizes in-memory, ephemeral storage for managing keys. It's ideal for scenarios where temporary key management is sufficient, such as in testing environments. Since the keys are stored in memory, they are lost when the application is terminated.

  • AwsKeyManager: This implementation integrates with the AWS Key Management Service(KMS), providing a secure and robust solution for key management. It's well-suited for production environments where a high level of security and availability are critical.

Both implementations facilitate key generation and signature operations essential for creating and managing DIDs. Each caters to distinct security needs, and the choice between them should be based on the specific requirements of your application.

Other production-friendly KMS solutions include Azure Key Vault, Google Cloud KMS, and HashiCorp Vault etc.

Any of these can be used by implementing the CryptoApi interface.

Example​

Below is an example that uses AwsKeyManager for production environments, and InMemoryKeyManager for any other environments (dev, test, etc).

Prerequisites

Install Packages

JavaScript
Kotlin
Swift
npm install @web5/dids@1.0.1
npm install @web5/crypto@1.0.0
npm install @web5/crypto-aws-kms@1.0.0

Import Classes

JavaScript
Kotlin
Swift
JavaScript
Kotlin
Swift

Configuring AWS Key Manager​

You can pass additional parameters to AWSKeyManager() to set up your key manager instance. See the API Reference Guide for information on how to use the KMSClient instance from the AWS SDK to store the private keys to your DID.

Connect with us on Discord

Submit feedback: Open a GitHub issue

Edit this page: GitHub Repo

Contribute: Contributing Guide