features.externalSigningSupport

External Signing Support

Note

This is an experimental feature.

Specifies whether external signing capabilities shall be enabled. When enabled, the authorization server shall support the use of ExternalSigningKey class instances in place of private JWK entries within the jwks.keys configuration array. This feature enables Digital Signature Algorithm operations (such as PS256, ES256, or other supported algorithms) to be performed by external cryptographic services, including Key Management Services (KMS) and Hardware Security Modules (HSM), providing enhanced security for private key material through externalized signing operations.

See KMS integration with AWS Key Management Service

default value:

{
  ack: undefined,
  enabled: false
}

---