Setting up API User
Creating a KMS key from the UI
7 min
this kms key would be used as an access key for the api user the private key would be managed by the kms and eks pods(or ec2 instances) can connect to kms and request for signature the signature logic is managed by the sdk it is recommended to create the key in the same aws region as the ec2 instances or eks cluster navigate to kms in aws and select create key \ create key add name/label select key administrator select the same ec2 role that we assigned to the ec2 instance as described in setting up iam role for ec2 instance https //primevault 1 gitbook io/api documentation 1#setting up iam role for ec2 instance section in case you're deploying your services on aws eks, you should add the corresponding iam role ( my role ) that was created in setting up iam role for eks https //primevault 1 gitbook io/api documentation 1#setting up iam role for eks section the account root user will also have access to this key define key usage permission select the same ec2 role that we assigned to the ec2 instance as described in setting up iam role for ec2 instance https //primevault 1 gitbook io/api documentation 1#setting up iam role for ec2 instance section in case you're deploying your services on aws eks, you should add the corresponding iam role ( my role ) that was created in setting up iam role for eks https //primevault 1 gitbook io/api documentation 1#setting up iam role for eks section after the successful creation of the key view the key save key id copy and save the key id as an environment variable, which is necessary for initializing the api client in your code public key navigate to the public key tab and copy the public key add the public key in primevault setting up api user for production https //primevault 1 gitbook io/api documentation 1#setting up api user for production copy the aws region of the kms key and set it in the config in the code config set("aws region", " ") this https //github com/horcrux01/primevault api sdk js public?tab=readme ov file#option 2 aws kms repo has the code example for setting up the api client