i have this configuration :
global:
enabled: true
tlsDisable: false
extraEnvironmentVars:
VAULT_CACERT: /vault/userconfig/vault-tls/vault.ca
server:
extraVolumes:
- type: secret
name: vault-tls
extraSecretEnvironmentVars:
- envName: AWS_ACCESS_KEY_ID
secretName: eks-creds
secretKey: AWS_ACCESS_KEY_ID
- envName: AWS_SECRET_ACCESS_KEY
secretName: eks-creds
secretKey: AWS_SECRET_ACCESS_KEY
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: false
config: |
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "0.0.0.0:8201"
tls_cert_file = "/vault/userconfig/vault-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-tls/vault.key"
tls_client_ca_file = "/vault/userconfig/vault-tls/vault.ca"
}
log_level = "Debug"
storage "raft" {
path = "/vault/data"
}
seal "awskms" {
region = "us-east-1"
access_key = "xxIA2zzxxxxBPPxx"
secret_key = "x9Pxxxxxx6mFgC"
kms_key_id = "xa880xxxxxxfxxxx"
}
service_registration "kubernetes" {}
keep getting :
$ kubectl -n vault-perso logs -p vault-0
Error parsing Seal configuration: error fetching AWS KMS wrapping key information: InvalidSignatureException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
status code: 400, request id: 8e367600-99d3-452c-b265-e104878acc17
what does it means :
Check your AWS Secret Access Key and signing method
i created simple key , i didn’t found in the docs any info on how to create the kms key
what do i miss here ?