The KMS proxy makes it easy to use KMS Nitro attestation mechanisms from the app without making use of the C SDK.
It listens on the specified port (non-TLS) for KSM HTTP requests and forwards them to the KMS. For those actions that support attesetation (Decrypt, GenerateRandom, GenerateDataKey), it attaches the attestation document that it fetches from the NSM. It then decrypts the response value and forwards it back to the app in plain text form.
robszumski
commented
2 years ago
The KMS proxy makes it easy to use KMS Nitro attestation mechanisms from the app without making use of the C SDK.
It listens on the specified port (non-TLS) for KSM HTTP requests and forwards them to the KMS. For those actions that support attesetation (Decrypt, GenerateRandom, GenerateDataKey), it attaches the attestation document that it fetches from the NSM. It then decrypts the response value and forwards it back to the app in plain text form.