Existing Vault with KMS

shimster102 · November 24, 2022, 9:46pm

Hi everyone .I have a quick question. I currently have a running vault cluster in k8s and was looking into the auto unseal, but most of the examples use either the enterprise version or cloud keys. Am I able to configure my existing cluster to use AWS KMS keys for the auto unsealing?

Details of the setup:

Vault version: docker.io/hashicorp/vault:1.10.3
Helm Version: vault-0.20.1

Thanks

xka5h · November 30, 2022, 3:14pm

Hi @shimster102 - this question may also get some traction if you post in Vault - HashiCorp Discuss.

When using the Vault Helm chart to deploy a Vault cluster in Kubernetes you can set the config value with the appropriate seal configuration to use AWS auto seal.

You may not want to include AWS keys directly in your config so you can consider authenticating using other methods mentioned here.

maxb · November 30, 2022, 9:10pm

Auto-unseal is not an Enterprise feature, so it doesn’t matter whether you’re using Enterprise or open-source Vault.

Isn’t AWS KMS a form of cloud keys? I’m not seeing the problem you’re implying?

Topic		Replies	Views
Open Source Vault - High Availability with GCP KMS on Kubernetes using Auto Unseal Vault k8s , vault	1	137	March 13, 2024
How to automatically unseal a vault Vault k8s	10	6392	November 20, 2021
Upgrade Vault using Helm with AWS-KMS auto unseal - Production ENV Vault	0	60	June 27, 2024
Vault on Kubernetes with auto unseal and fully self recovered Vault k8s , helm	7	3373	November 18, 2021
Vault's auto unseal behaviour when we change the KMS ID (Auto Unseal with KMS) Vault k8s , vault	3	476	April 4, 2022

Existing Vault with KMS

Related topics