Error initializing OCI KMS client

I’m trying unsuccessfully to setup kms auto unseal with OCI.

I get the following error on startup:
“Error parsing Seal configuration: error initializing OCI KMS client: failed creating NewKmsCryptoClientWithConfigurationProvider: can not create client, bad configuration: did not find a proper configuration for tenancy”

This is my configuration:

file /etc/vault.d/vault.env

OCI_CLI_USER="ocid1.user.oc1..[...]" OCI_CLI_REGION="eu-milan-1" OCI_CLI_FINGERPRINT="ec:[...]" OCI_CLI_KEY_FILE="/etc/vault.d/certs/oci_api_key.pem" OCI_CLI_TENANCY="ocid1.tenancy.oc1..[...]" OCI_CLI_AUTH="api_key"

file /etc/vault.d/vault.hcl

seal "ocikms" { auth_type_api_key = "true" key_id = "[...]" crypto_endpoint = "https://[...]" management_endpoint = "https://[...]" }

What am I doing wrong?