Deploying vault on OCI gives sealtype shamir not ocikms, vault HA is working and even we have checked autounseal which is working as expected when pod gets restarted. Below are my values
server:
ha:
enabled: true
replicas: 2
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_disable = true
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "http://vault-0.vault-internal:8200"
}
retry_join {
leader_api_addr = "http://vault-1.vault-internal:8200"
}
}
service_registration "kubernetes" {}
seal "ocikms" {
key_id = ""
crypto_endpoint = ""
management_endpoint = ""
tenancy = ""
user = ""
region = ""
fingerprint = ""
}
dataStorage:
storageClass: oci-bv
auditStorage:
enabled: true
storageClass: oci-bv
extraEnvironmentVars:
VAULT_SEAL_TYPE: "ocikms"
VAULT_OCIKMS_SEAL_KEY_ID: ""
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.15.2
Build Date
Storage Type raft
Cluster Name vault-cluster
Cluster ID
HA Enabled true
HA Cluster https://vault-0.vault-internal:8201
HA Mode active
Active Since
Raft Committed Index 60
Raft Applied Index 60
What could be an issue?