Hi,
I’m trying unsuccessfully to setup kms auto unseal with OCI.
I get the following error on startup:
“Error parsing Seal configuration: error initializing OCI KMS client: failed creating NewKmsCryptoClientWithConfigurationProvider: can not create client, bad configuration: did not find a proper configuration for tenancy”
This is my configuration:
file /etc/vault.d/vault.env
OCI_CLI_USER="ocid1.user.oc1..[...]"
OCI_CLI_REGION="eu-milan-1"
OCI_CLI_FINGERPRINT="ec:[...]"
OCI_CLI_KEY_FILE="/etc/vault.d/certs/oci_api_key.pem"
OCI_CLI_TENANCY="ocid1.tenancy.oc1..[...]"
OCI_CLI_AUTH="api_key"
file /etc/vault.d/vault.hcl
seal "ocikms" {
auth_type_api_key = "true"
key_id = "ocid1.key.oc1.eu-milan-1.[...]"
crypto_endpoint = "https://[...]-crypto.kms.eu-milan-1.oci.oraclecloud.com"
management_endpoint = "https://[...]-management.kms.eu-milan-1.oci.oraclecloud.com"
}
What am I doing wrong?
thanks