Auto unseal options

merickso · March 6, 2025, 10:54pm

I’m looking to see what unseal options will work for my environment.

Does Vault support IBM KMS? The transit option looks interesting but would require opening up network access between systems. Is there a generic REST mechanism that could be used to plugin any KMS?

The doc don’t currently include IBM but that doesn’t always mean anything.
Sealing best practices | Vault | HashiCorp Developer.

merickso · March 6, 2025, 11:23pm

I was doing some more searching and found that the kms code is in it’s own repo and someone has already created a PR (but its not approved)

Topic		Replies	Views
Auto-Unseal - Migration from Transit to AWS KMS Vault	2	338	October 8, 2021
Vault auto unseal for on prem vault using AWS KMS? Vault	6	1206	November 2, 2020
Seeking Guidance on Vault Configuration with AWS KMS Vault	0	148	September 22, 2023
Unseal Vault with Recovery Key ( Lost AWS KMS used for Auto unseal ) Vault	0	343	March 31, 2021
Existing Vault with KMS HCP Vault vault	2	432	November 30, 2022

Auto unseal options

Related topics