JWT::Aws::KMS

AWS KMS algorithm extensions for ruby-jwt.

Installation

Add this line to your application's Gemfile:

gem 'jwt-aws-kms'

And require the gem in your code.

require `jwt-aws-kms`

Supported algorithms

The gem supports the following AWS KMS algorithms:

Algorithm Name	Description	JWA Name
RSASSA_PKCS1_V1_5_SHA_256	RSASSA PKCS1 v1.5 using SHA-256	RS256
RSASSA_PKCS1_V1_5_SHA_384	RSASSA PKCS1 v1.5 using SHA-384	RS384
RSASSA_PKCS1_V1_5_SHA_512	RSASSA PKCS1 v1.5 using SHA-512	RS512
RSASSA_PSS_SHA_256	RSASSA PSS using SHA-256	PS256
RSASSA_PSS_SHA_384	RSASSA PSS using SHA-384	PS384
RSASSA_PSS_SHA_512	RSASSA PSS using SHA-512	PS512
ECDSA_SHA_256	ECDSA using P-256 and SHA-256	ES256
ECDSA_SHA_384	ECDSA using P-384 and SHA-384	ES384
ECDSA_SHA_512	ECDSA using P-521 and SHA-512	ES512

Usage

Basic usage

# Create a key, for example with the ruby AWS SDK
key = Aws::KMS::Client.new.create_key(key_spec: "HMAC_512", key_usage: "GENERATE_VERIFY_MAC")

algo = ::JWT::Aws::KMS.for(algorithm: "HS512")

token = JWT.encode(payload, key.key_metadata.key_id, algo)
decoded_token = JWT.decode(token, key.key_metadata.key_id, true, algorithm: algo)

Replace default algorithms

You can swap the default algorithms in the JWT gem to AWS backed ones by calling ::JWT::Aws::KMS.replace_defaults!.

::JWT::Aws::KMS.replace_defaults! # Called in a initializer of some kind

token = JWT.encode(payload, "e25c502b-a383-44ac-a778-0d97e8688cb7", "HS512") # Encode payload with KMS key e25c502b-a383-44ac-a778-0d97e8688cb7

Development

Localstack can be used to simulate the AWS KMS environment.

docker run \
  --rm -it \
  -p 127.0.0.1:4566:4566 \
  -p 127.0.0.1:4510-4559:4510-4559 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  localstack/localstack

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/anakinj/jwt-aws-kms. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Jwt::Kms project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
.github		.github
bin		bin
lib		lib
spec		spec
.gitignore		.gitignore
.release-please-manifest.json		.release-please-manifest.json
.rspec		.rspec
.rubocop.yml		.rubocop.yml
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
Gemfile		Gemfile
LICENSE.txt		LICENSE.txt
README.md		README.md
Rakefile		Rakefile
jwt-aws-kms.gemspec		jwt-aws-kms.gemspec
release-please-config.json		release-please-config.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

JWT::Aws::KMS

Installation

Supported algorithms

Usage

Basic usage

Replace default algorithms

Development

Contributing

License

Code of Conduct

About

Releases 2

Contributors 2

Languages

License

anakinj/jwt-aws-kms

Folders and files

Latest commit

History

Repository files navigation

JWT::Aws::KMS

Installation

Supported algorithms

Usage

Basic usage

Replace default algorithms

Development

Contributing

License

Code of Conduct

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases 2

Contributors 2

Languages