- Overview
- Tutorials
- How Tos
- Download
- Install
- Configure
- Secure
- TLS API Configuration
- Configure API Authentication and Authorization with JWT
- Configure API Limits
- Set Resource Limits
- Crypto key management
- Restrict key usage
- Namespace Key Management
- Key management service (KMS) configuration
- Optimize
- Observe
- Operate
- Initializing node identity manually
- Canton Console
- Synchronizer connections
- High Availability Usage
- Manage Daml packages and archives
- Participant Node pruning
- Party Management
- Party Replication
- Decentralized party overview
- Setup an External Party
- Ledger API User Management
- Node Traffic Management
- Identity Management
- Upgrade
- Decommission
- Recover
- Troubleshoot
- Explanations
- Reference
Configure a Driver-based KMS¶
Canton allows integration with a variety of KMS and HSM solutions through a KMS Driver. This approach enables you to connect Canton to an external key manager by building your own integration layer.
Configuring Canton to run with a KMS Driver is done similarly to other KMS providers by specifying:
type = driver
name = <name_of_driver>
For example, for a Participant named participant1:
canton.participants.participant1.crypto.provider = kms
canton.participants.participant1.crypto.kms {
type = driver
name = "aws-kms"
config = {
region = us-east-1
multi-region-key = false
audit-logging = true
}
}
typespecifies which KMS to use; in this case, a driver.nameis a uniquely identifying name configured for the driver.KMS driver-specific configuration can be passed in through the
configfield.
In addition to this configuration, you must also provide a .jar file that implements the required API and acts as the bridge between Canton and the target KMS.
Run Canton with your driver .jar on its class path:
java -cp driver.jar:canton.jar com.digitalasset.canton.CantonEnterpriseApp -c canton.conf # further canton arguments
For guidance on developing and deploying your own KMS Driver in Canton, refer to the Canton KMS Driver developer guide. This guide includes instructions for building a custom driver, details on the necessary APIs, and steps to configure Canton to use the driver.