Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see End-to-end test using AWS CLI.

Pre-implementation

Ensure your environment complies with the following requirements:
  • Grant CryptoHub admin privileges.
  • Grant AWS Admin privileges.
  • Configure the CryptoHub Dashboard connection with a TLS certificate issued by a publicly trusted Certificate Authority.

Implementation

Perform the following high-level steps to implement this integration:
  • Create AWS credentials
    • Generate or select a user
    • Generate Access Keys
    • Select access key use case
    • Download and save .csv file that containsAccess Key ID and Secret Access Key credentials
  • Configure AWS credentials in CryptoHub
    • Add cloud service credential information:
      • Enter Name
      • Select .csv file that you downloaded in the previous step
      • Select Service Type:AmazonAWS
  • Set up the Amazon XKS service in CryptoHub
    • Deploy the Amazon XKS service
    • Configure the Service Setup
      • Enter Service Name
      • Enter Service Category
    • Configure Access Control settings:
      • Select the role that has access to the service by default for Authorized Resources
      • (Optional) Select [Add Additional Resources ]
    • Configure Service Info settings:
      • Enter CryptoHub URI
      • Select the Cloud Service Credential you created
      • Select the AWS Region that you intend to use the Amazon XKS in
  • Export AWS Proxy configuration
    • Select Export AWS Proxy Configuration
    • Enter a name
    • Export and download the JSON file
  • Create an External Key Store in AWS
    • In AWS Management Console, search for External key stores, and select Key Management Service (KMS)
    • Select External key stores in the menu
    • Create an external key store
    • Configure Create external key store settings:
      • Enter a Custom key store name
      • For Proxy connectivity, select Public endpoint and specify the Proxy URI endpoint
      • For Proxy configuration, upload the AWS Proxy Configuration JSON file from CryptoHub
      • Note the Custom key store ID
  • Create XKS Key Store in CryptoHub
    • Go to service management for Amazon XKS
    • Add a new key store
    • Configure Create Key Store settings:
      • Enter KeyStore Name
      • Choose if you want CryptoHub KeyStore to sync with Amazon
      • AWS KeyStore ID:
        • If KeyStore sync is selected, this option isn’t available
        • If it isn’t, paste the Custom key store ID from earlier
  • Create a key in the CryptoHub XKS service
    • Go to service management for Amazon XKS
    • Create a new key
    • Configure key creation dialog settings:
      • Sync Key with Amazon setting choice isn’t significant
      • Enter Key name
      • Enter Key ID
      • Select previously created Key Store
  • Create a key in the AWS external key store
    • In the AWS Management Console, go to the created External key store
    • Create a KMS key in this key store
    • Configure KMS key store settings:
      • Enter External key ID
      • Check Confirm use of external key store box
    • Enter a custom alias for the key
    • (Optional) Define permissions, configure the key administrative, and usage permissions as needed

Post-implementation

After you complete the integration, perform the following tasks to validate it:
  • Install AWS CLI.
  • Test encryption and decryption:
    • Save the bash script .sh file.
    • Make the script executable.
    • Run the script to test the encryption and decryption of the XKS key stored on CryptoHub.