Goal: provide a library for JWT signing and verifying with a KMS CMK.
Based on 2 npm packages:
- jwt-kms source at github
- aws-kms-ee source at github
This is a library to use with JavaScript source, not a CLI tool.
Prerequisites
- Authenticated CLI session to your AWS account
- Set the
AWS_REGIONenv variable - Set the
CMK_ALIASenv variable (or hard-code in the function call); This is the AWS KMS CMK alias for the key you wish to sign the token with
const { signJwt, verifyJwt } = require('aws-kms-jwt');
const main = async () => {
const signedToken = await signJwt({ foo: 'bar' }, process.env.CMK_ALIAS, { useDigest: true }); // optional useDigest flag to use message digest hashing for signing and verifying
console.log(signedToken);
const verifiedToken = await verifyJwt(signedToken, { useDigest: true });
console.log(verifiedToken);
};
main();For working code using this library, see
test/int/index.test.js. To run the integration tests in
this project, set the value of CMK_ALIAS accordingly and run (requires active
aws cli session):
CMK_ALIAS=alias/my-aws-cmk npm run test:int