You need to actually do the key migration itself before you point your Vault at a KMS key.
The first example seems like the right one, it would sort of defeating the purpose of a secret if you had to put the secret itself into your values.yaml file.
You need to actually do the key migration itself before you point your Vault at a KMS key.
The first example seems like the right one, it would sort of defeating the purpose of a secret if you had to put the secret itself into your values.yaml file.