diff --git a/internal/kms/aws_kms_eth_key_provider.go b/internal/kms/aws_kms_eth_key_provider.go index 39972e235..c68d02560 100644 --- a/internal/kms/aws_kms_eth_key_provider.go +++ b/internal/kms/aws_kms_eth_key_provider.go @@ -78,6 +78,12 @@ func (awsKeyProv *awsKmsEthKeyProvider) New(identity *w3c.DID) (KeyID, error) { KeyUsage: types.KeyUsageTypeSignVerify, Origin: types.OriginTypeAwsKms, Description: aws.String("Key from issuer node"), + Tags: []types.Tag{ + { + Key: aws.String("source"), + Value: aws.String("polygon-issuer-node"), + } + }, } keyArn, err := awsKeyProv.kmsClient.CreateKey(ctx, input) diff --git a/internal/kms/aws_secret_storage_provider.go b/internal/kms/aws_secret_storage_provider.go index 9cb6cbecd..cf55c7731 100644 --- a/internal/kms/aws_secret_storage_provider.go +++ b/internal/kms/aws_secret_storage_provider.go @@ -91,6 +91,10 @@ func (a *awsSecretStorageProvider) SaveKeyMaterial(ctx context.Context, keyMater Key: aws.String("did"), Value: aws.String(keyTypesParts[0]), }, + { + Key: aws.String("source"), + Value: aws.String("polygon-issuer-node"), + } }, } _, err = a.secretManager.CreateSecret(ctx, input) @@ -116,7 +120,7 @@ func (a *awsSecretStorageProvider) searchByIdentity(ctx context.Context, identit keyIDs := make([]KeyID, 0) for _, secret := range result.SecretList { - if secret.Tags == nil || len(secret.Tags) != 2 { + if secret.Tags == nil { continue } if aws.ToString(secret.Tags[0].Value) != keyTypeToRead {