DID Key Management
Auth Service manages DID signing keys used by platform workflows that need verifiable signatures. These keys support user, service, and platform signing operations.
Key Providers
Section titled “Key Providers”Supported key-management providers are Azure Key Vault, AWS KMS, Google Cloud KMS, and a mock provider for local or non-production use.
Use a managed key provider for customer environments. The mock provider is not appropriate for production.
Operator Responsibilities
Section titled “Operator Responsibilities”- Configure the key provider before enabling signing workflows.
- Restrict key-management access to approved platform operators.
- Rotate keys according to the customer’s security policy.
- Preserve audit records for key creation, use, and rotation.
User Impact
Section titled “User Impact”Most users do not manage DID keys directly. They see the result in signed governance evidence, credentials, and lineage workflows. If signing is unavailable, credential and integrity-related workflows may fail until key access is restored.