DID Key Management
Auth Service manages DID signing keys through the configured key-management provider. These keys support integrity-backed platform workflows and service-account identity.
Supported Providers
Section titled “Supported Providers”Released customer charts support these key-management provider values:
azure_key_vaultfor Azure Key Vaultaws_kmsfor AWS KMSgcp_kmsfor GCP KMS
The service source includes a mock provider for local development and tests, but customer deployments should not use mock key management.
Operational Requirements
Section titled “Operational Requirements”- Use a real cloud key-management provider in production.
- Grant only the key permissions required by Auth Service.
- Keep provider credentials in secrets, not in checked-in values files.
- Confirm service-account DID keys are reconciled before enabling automated declarations.
Troubleshooting
Section titled “Troubleshooting”DID-key failures usually indicate missing provider credentials, insufficient key permissions, misconfigured tenant or region values, or skipped service-account bootstrap.