Arjia
Security

KMS Key Management

AWS KMS and GCP KMS integration for hardware-backed blockchain wallet security.

Arjia integrates with AWS KMS and GCP KMS to provide hardware-backed key management for blockchain wallets. This gives you institutional-grade security with the convenience of cloud management.

What is KMS?

Key Management Service (KMS) is a cloud service that creates and manages cryptographic keys backed by Hardware Security Modules (HSMs). The private key material never leaves the HSM — all signing operations happen inside the secure hardware.

Why Use KMS Wallets?

  • Hardware Security — Keys are stored in FIPS 140-2 validated HSMs
  • No Key Exposure — Private keys never exist in plaintext outside the HSM
  • Audit Trail — All key usage is logged for compliance
  • Access Control — Fine-grained IAM policies control who can use keys
  • Automated Trading — Sign transactions programmatically without exposing keys

AWS KMS

Setting Up

  1. Navigate to Settings → KMS → AWS
  2. Connect your AWS account (requires IAM credentials with KMS permissions)
  3. Click Create Key to generate a new blockchain key pair
  4. The key is created in your AWS account's KMS service

Key Operations

  • Create Key — Generate a new ECC key pair for blockchain signing
  • List Keys — View all KMS keys with their status and wallet addresses
  • Get Wallet Info — Retrieve the derived EVM or Solana wallet address
  • Export Public Key — Export the public key for external verification
  • Sign Messages — Sign transactions and messages using the HSM
  • Set Key Status — Enable or disable keys as needed

Supported Chains

  • All EVM chains (Ethereum, BSC, Polygon, Arbitrum, Optimism, Base, Avalanche)
  • Solana

GCP KMS

GCP KMS provides the same capabilities as AWS KMS:

  • Full feature parity with AWS KMS integration
  • Cloud HSM backing for key protection
  • IAM-based access control
  • Audit logging through Cloud Audit Logs

Setting Up

  1. Navigate to Settings → KMS → GCP
  2. Connect your GCP project with KMS API enabled
  3. Create keys through the Arjia interface

KMS Inventory

The KMS Inventory page gives you a centralized view of all managed keys:

  • Link keys to specific Arjia accounts
  • Track key usage across different chains
  • Monitor key status (active/disabled)
  • View associated wallet addresses and balances

Security Considerations

  • Use separate keys for different purposes (trading vs. holding)
  • Set up IAM policies to restrict key access
  • Enable CloudTrail (AWS) or Cloud Audit Logs (GCP) for monitoring
  • Regularly review key usage and access patterns
  • Consider using key aliases for easier management

API Key Encryption

How exchange API keys are encrypted, stored, and managed securely.

On this page

What is KMS?Why Use KMS Wallets?AWS KMSSetting UpKey OperationsSupported ChainsGCP KMSSetting UpKMS InventorySecurity Considerations