AWS KMS not working for standalone mode

Hi all,

I’m trying to set up a vault using helm chart, by default it runs in standalone mode.
During installation, we can pass the “-f example.yaml” file to override values. In that, I’m mentioning AWS-KMS config, but it’s not working.

Can someone please help me with this?

global:
  enabled: true

server:
 extraSecretEnvironmentVars:
   - envName: AWS_ACCESS_KEY_ID
     secretName: eks-creds
     secretKey: AWS_ACCESS_KEY_ID
   - envName: AWS_SECRET_ACCESS_KEY
     secretName: eks-creds
     secretKey: AWS_SECRET_ACCESS_KEY

     
standalone:
    enabled: true
    config: |
      ui = true

      listener "tcp" {
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      seal "awskms" {
        region     = "xx-xxxx-x"
        kms_key_id = "xxx-xxxx-xxx"
      }

As a test embed the access and secret key into your seal stanza to see if there is an issue with your kub secret. You may have messed up the secretKey.

I have embedded the secret key in it. Now it works but the strange thing is when I’m doing vault operator init I’m getting the following error

“Error checking seal status: Get “https://127.0.0.1:8200/v1/sys/seal-status”: http: server gave HTTP response to HTTPS client”

So

a) your kube secret, either secretName or secretKey is wrong.
b) You need to listen to http and not https on 127.0.0.1 and listen to https on your inbound engress.