amazon-web-servicesrsaamazon-kms

Adding a pem private key to AWS KMS


I received a pem file from github that I am writing an application for on AWS. Github requires a JWT to be signed using this key in order to authenticate the service. As the app is running on AWS, the most secure way to store and use the private key is in with the AWS Key Management Service. This way the public key is never exposed, and the API can do the signing.

Amazon provides a guide of how to import keys (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) however the source key they generate is in a binary format rather than a PEM file.

Is there a way to enrypt the PEM file for upload to KMS?

Thanks,

Stuart


Solution

  • I think you'll find that the AWS Secrets Manager is more suitable for this task. The contents of the PEM can be stored as a secret and the application (if it has the necessary permissions) can retrieve the secret when required.