https://github.com/matelang/jwt-go-aws-kms

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library
https://github.com/matelang/jwt-go-aws-kms

aws golang jwt kms

Last synced: 4 months ago
JSON representation

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library

• Host: GitHub
• URL: https://github.com/matelang/jwt-go-aws-kms
• Owner: matelang
• License: mit
• Created: 2021-04-14T12:27:16.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2026-01-12T11:55:19.000Z (5 months ago)
• Last Synced: 2026-01-12T19:24:14.445Z (5 months ago)
• Topics: aws, golang, jwt, kms
• Language: Go
• Homepage:
• Size: 101 KB
• Stars: 33
• Watchers: 1
• Forks: 18
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# AWS KMS adapter for golang-jwt/jwt-go library

This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library

[golang-jwt/jwt-go](https://github.com/golang-jwt/jwt).

It will *Sign* a JWT token using an asymmetric key stored in AWS KMS.

Verification can be done both using KMS *Verify* method or locally with a cached public key (default).

# Supported key types

| Signature Algorithm       | JWT `alg` | Note                              |

|---------------------------|-----------|-----------------------------------|

| ECC_NIST_P256             | ES256     |                                   |

| ECC_NIST_P384             | ES384     |                                   |

| ECC_NIST_P521             | ES512     |                                   |

| ECC_SECG_P256K1           | -         | secp256k1 is not supported by JWT |

| RSASSA_PKCS1_V1_5_SHA_256 | RS256     |                                   |

| RSASSA_PKCS1_V1_5_SHA_384 | RS384     |                                   |

| RSASSA_PKCS1_V1_5_SHA_512 | RS512     |                                   |

| RSASSA_PSS_SHA_256        | PS256     |                                   |

| RSASSA_PSS_SHA_384        | PS384     |                                   |

| RSASSA_PSS_SHA_512        | PS512     |                                   |

# Usage example

See [example.go](./example/example.go)

## Special thanks

Shouting out to:

* [dgrijalva](https://github.com/dgrijalva)

  for the easy to extend GoLang JWT Library

* [golang-jwt](https://github.com/golang-jwt)

  for taking over the project from dgrijalva

* [Mikael Gidmark](https://stackoverflow.com/users/300598/mikael-gidmark)

  AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as

  mentioned [here](https://stackoverflow.com/a/66205185/8195214)

* [codelittinc](https://github.com/codelittinc)

  for their DER to (R,S) and (R,S) to DER methods

  found [here](https://github.com/codelittinc/gobitauth/blob/master/sign.go#L70)

* [karalabe](https://github.com/karalabe)

  for reviewing my code

  

* [gkelly](https://github.com/gkelly)

  for various contributions especially around the library's unit testability