Ability to use Google Key Management System MAC feature for signing JWT #1082
Replies: 1 comment
-
Never mind, i was able to figure this out. We can just register our Signer/Verifier and then call KMS accordingly. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
This is an extension of: #556, I would like to use Google KMS digital signature feature for signing my JWT: https://cloud.google.com/kms/docs/create-validate-mac-signatures
I tried to follow: https://github.com/jwx-go/crypto-signer/tree/main/gcp and was trying to find out what interface I have to implement to be able to do it.
Something like:
but it looks like for HS256, I can only pass string as the key:
which seems to come from: https://github.com/lestrrat-go/jwx/blob/develop/v2/jws/hmac.go#L50
But looking at: https://github.com/lestrrat-go/jwx/blob/develop/v2/jws/interface.go it does seem like we can provide a different implementation.
Can somebody help me on how can I extend JWX to use KMS methods instead of the local one? Due to compliance issue, we dont have access to the actual key for signing/verify so we want to use the cloud service.
Beta Was this translation helpful? Give feedback.
All reactions