This is a simple tool to rotate a set of AWS KMS keys and generate a JWKS (JSON Web Key Set) from them.
The easiest to install is to use go:
$ go install github.com/exaring/kms-jwks-manager
The following will create three KMS keys with three respective aliases: EXAMPLE-current
, EXAMPLE-next
and EXAMPLE-previous
.
$ kms-jwks-manager --key-alias-prefix=EXAMPLE rotate
If the keys already exist, the tool will rotate them:
next
becomescurrent
- the
previous
key is scheduled for deletion - a new
next
key is created current
becomesprevious
The following will export the JWKS to a file:
$ kms-jwks-manager --key-alias-prefix=EXAMPLE export --algorithm RS256 > jwks.json