I’m running vault on a kubernetes cluster with the below seal configuration
seal "gcpckms" {
credentials = "/vault/userconfig/vault-serviceaccount/vault-serviceaccount.json"
project = "fake-project-name"
region = "global"
key_ring = "vault-auto-unseal"
crypto_key = "vault-auto-unseal"
}
Using GCP KMS to auto-unseal the vault, while I have this same configuration on 3 clusters it works on 2 and doesn’t work on the 3rd one and I can’t figure out what’s the issue. Vault pods are crashlooping and from logs I can see this
Error parsing Seal configuration: error initializing GCP CKMS wrapper client: failed to create KMS client: invalid character 'e' looking for beginning of value