From what I understood, currently only Azure Key Vault and Google Cloud KMS are supported. Would it be possible to also add support for AWS KMS?
Is there another way to use AWS KMS currently?

Hi @jakobhes. THX for reaching out.

Actually, there's two different things to consider here:

1. When working with plain tink keysets they can be stored in the config or in a KMS. For this the project offers Azure Key Vault integration implemented on top of the respective SDK. Storing plain keysets on GCP KMS or AWS KMS would need to be implemented.

2. When working with encrypted tink keysets the key encryption of those keys can be done by means of a cloud KMS. For this the project offers GCP KMS integration based on tink's support for it. Additionally, tink can work with AWS KMS for key encryption but it's not used at the moment in kryptonite. Key encryption using Azure is not supported by the tink project right now and would need to be implemented and contributed there ideally.

That said, contributions are always more than welcome :-)

Hope this sheds some more light on your questions.

@jakobhes I'm closing this due to no further questions raised in a while. Feel free to re-open if necessary.