Added AWS KMS support info (#255)

Added basic info with KMS

content/acra/configuring-maintaining/general-configuration/acra-addzone.md

@@ -61,6 +61,25 @@ weight: 10
   Password to Redis database.
 
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 ### HashiCorp Vault
 
 `acra-addzone` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.

content/acra/configuring-maintaining/general-configuration/acra-backup.md

@@ -72,6 +72,25 @@ weight: 9
   Password to Redis database.
 
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 #### HashiCorp Vault
 
 `acra-backup` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.

content/acra/configuring-maintaining/general-configuration/acra-keymaker.md

@@ -87,6 +87,34 @@ By default, certificate Distinguished Name is used as ClientID.
   Output file is `configs/markdown_acra-keymaker.md`.
   Works in a pair with `--dump_config`.
 
+
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_key_policy=<policy>`
+
+  KMS usage key policy. 
+  Supported key policies:
+  * `create` - create a key encryption key on KMS with name **acra_master_key** (***exit with code 1 if the key already exists***). Being used only with `generate_master_key` flag.
+
+  Default is `create`
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 ### HashiCorp Vault
 
 `acra-keymaker` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.

content/acra/configuring-maintaining/general-configuration/acra-keys/destroy.md

@@ -45,6 +45,24 @@ Since 0.91.0 `acra-keys` **`destroy`** doesn't support destroying keys and will
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/export.md

@@ -55,6 +55,24 @@ weight: 4
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/generate.md

@@ -69,6 +69,23 @@ weight: 2
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
 
 ### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/import.md

@@ -56,6 +56,24 @@ weight: 5
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/list.md

@@ -41,6 +41,24 @@ weight: 1
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/migrate.md

@@ -58,6 +58,24 @@ weight: 6
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-keys/read.md

@@ -50,6 +50,23 @@ weight: 3
 
   Password to Redis database.
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
 
 #### HashiCorp Vault
 

content/acra/configuring-maintaining/general-configuration/acra-log-verifier.md

@@ -107,6 +107,26 @@ It expects symmetric key to decrypt keys from keystore from  `ACRA_MASTER_KEY` e
 
   Password to Redis database.
 
+
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 ### HashiCorp Vault
 
 * `--vault_connection_api_string=<url>`

content/acra/configuring-maintaining/general-configuration/acra-poisonrecordmaker.md

@@ -51,6 +51,25 @@ weight: 11
   Password to Redis database.
 
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+    * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 ### HashiCorp Vault
 
 * `--vault_connection_api_string=<url>`

content/acra/configuring-maintaining/general-configuration/acra-rollback.md

@@ -92,6 +92,25 @@ Rollback utility especially applicable in case of any DB rollback - keys re-gene
   Password to Redis database.
 
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 ### HashiCorp Vault
 
 `acra-addzone` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.

content/acra/configuring-maintaining/general-configuration/acra-rotate.md

@@ -98,6 +98,25 @@ weight: 8
   Password to Redis database.
 
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
+
 #### HashiCorp Vault
 
 `acra-rotate` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.

content/acra/configuring-maintaining/general-configuration/acra-server/_index.md

@@ -419,6 +419,24 @@ For additional certificate validation flags, see corresponding pages:
 [OCSP](/acra/configuring-maintaining/tls/ocsp/) and
 [CRL](/acra/configuring-maintaining/tls/crl/).
 
+### KMS
+
+* `--kms_type=<type>`
+
+  Specify your KMS.
+  Currently supported KMS types:
+  * `aws` - AWS Key Management Service 
+
+* `--kms_credentials_path=<filepath>`
+
+  A path to a file with KMS credentials JSON format.
+
+  Example of KMS config:
+* **AWS**:
+  ```json
+     {"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
+  ```
+
 ### Hashicorp Vault
 
 * `--vault_connection_api_string=<url>`