Raft storage and KMS seal


I would like to understand the implications of the Raft configuration in conjunction with KMS auto unseal.

My understanding is that the leader node uses KMS to unseal and the follower nodes are unsealing because of joining the leader.

When I remove the seal configuration from the follower nodes they don’t start up anymore so I suspect this is all intended behavior.

What confuses me is that I wonder if the followers could unseal (just knowing the KMS key) without joining raft?

No, each node interacts individually with the KMS to unseal.

If they had never joined Raft, they would not have been able to initially synchronize the cluster’s data to local disk. Without the data, they don’t have the encrypted master key to send to the KMS to have it decrypted. Nor do they have any data to decrypt.

If, after initial join, one node was later separated from the rest, and was told by administrative override to ignore quorum and form a cluster by itself, then it would be able to unseal if it could successfully call the KMS.