Errors
infra_kms_unavailable
503 — Matter's key-management service is temporarily unreachable; signing and decrypt operations are paused.
Last updated
Cause
Matter routes every signing, encryption, and decryption operation through an external key-management service (KMS). infra_kms_unavailable fires when the KMS provider returns errors or times out, and Matter has exhausted its internal retry budget. Affected operations include document signing, signing-envelope sealing, and any read of an encrypted field that requires a decrypt on the hot path.
This signal is rare and platform-wide. KMS providers themselves run with high availability, so a sustained occurrence reflects an active KMS incident or a regional outage. Matter does not cache decrypted keys — that would weaken the security envelope — so the request fails fast rather than silently degrading to a less-trusted code path.
Fix
- Retry the operation idempotently with exponential backoff and the same
Idempotency-Key. - Read operations that do not touch encrypted fields should not be affected; consider whether the failed call can be deferred until after the rest of the workflow completes.
- Check the status page at
/runbooks/status-page-incidentsfor an active incident. - If the failure persists beyond the posted incident window, contact support with the
request_id.
Related codes
infra_db_unavailable— the primary database, not the KMS.infra_internal_error— any other unexpected platform error.op_provider_unavailable— a non-KMS external provider.