Skip to content

DID Key Management

Auth Service manages DID signing keys used by platform workflows that need verifiable signatures. These keys support user, service, and platform signing operations.

Supported key-management providers are Azure Key Vault, AWS KMS, Google Cloud KMS, and a mock provider for local or non-production use.

Use a managed key provider for customer environments. The mock provider is not appropriate for production.

  • Configure the key provider before enabling signing workflows.
  • Restrict key-management access to approved platform operators.
  • Rotate keys according to the customer’s security policy.
  • Preserve audit records for key creation, use, and rotation.

Most users do not manage DID keys directly. They see the result in signed governance evidence, credentials, and lineage workflows. If signing is unavailable, credential and integrity-related workflows may fail until key access is restored.