Existing Vault with KMS

Hi everyone .I have a quick question. I currently have a running vault cluster in k8s and was looking into the auto unseal, but most of the examples use either the enterprise version or cloud keys. Am I able to configure my existing cluster to use AWS KMS keys for the auto unsealing?

Details of the setup:

Vault version: docker.io/hashicorp/vault:1.10.3
Helm Version: vault-0.20.1

Thanks :slight_smile:

Hi @shimster102 - this question may also get some traction if you post in Vault - HashiCorp Discuss.

When using the Vault Helm chart to deploy a Vault cluster in Kubernetes you can set the config value with the appropriate seal configuration to use AWS auto seal.

You may not want to include AWS keys directly in your config so you can consider authenticating using other methods mentioned here.

Auto-unseal is not an Enterprise feature, so it doesn’t matter whether you’re using Enterprise or open-source Vault.

Isn’t AWS KMS a form of cloud keys? I’m not seeing the problem you’re implying?