Setup

Tip: Instead of passing AWS KMS or Azure Key Vault credentials inline in every request, you can define reusable KMS profiles in resource-access.conf and reference them by name via configRef. This centralizes credential management and makes rotation easier. Learn more about KMS Profiles →

Setup Key Service

In the following section, we will setup a KMS service inside a tenant. If you don't have a tenant yet, you can learn how to create one here.

CURL

Endpoint: /v1/{target}/resource-api/services/create | API Reference

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "kms"
}'

Body

{
  "type": "kms"
}

Path Parameters

  • orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.waltid.dev when using the sandbox environment.
  • target: resourceIdentifier - The target indicates the organization + tenant in which to create the new KMS service and the service's ID ({organizationID}.{tenantID}.[NewKmsServiceID]), e.g. waltid.tenant1.kms1

Body Parameters

  • type: serviceType - Specifies the type of service to create. In our case kms

Response Codes

  • 201 - Service created successfully.
Last updated on March 10, 2026
OverviewLocal