I am currently working with a Vault configuration that uses AWS KMS for auto-sealing. I have concerns about our current setup and wanted to seek expert advice on the matter.
At present, we are using the same KMS key for auto-sealing both our “prod” and “test” environments. From my initial research, there seem to be potential risks associated with this setup, particularly in terms of security and compliance.
I’d like to discuss the best way to handle this situation. Are there specific recommendations or best practices you could suggest? Would it be more advisable to use separate KMS keys for each environment, or are there other considerations we should be aware of?
I appreciate your time and expertise in advance. I am available for a more in-depth discussion at your convenience. Please let me know when you might be available to discuss further.