I have HashiCorp Vault running as a pod in EKS, configured with PV/PVC backed by EFS for storage. Auto-unseal is set up using AWS KMS, and the storage backend is the file method. This setup has been working fine for a long time. However, recently, I’ve noticed that Vault is no longer auto-unsealing reliably. At times, I have to manually exec into the pod to check the Vault status, which shows no output, and only after running the vault operator unseal command manually does it start functioning again. I’m looking for a permanent fix for this issue.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| How to automatically unseal a vault | 10 | 7137 | November 20, 2021 | |
| Auto-Unseal - Migration from Transit to AWS KMS | 2 | 343 | October 8, 2021 | |
| Existing Vault with KMS | 2 | 481 | November 30, 2022 | |
| Awskms for auto unseal implementation | 0 | 251 | November 8, 2022 | |
| Vault's auto unseal behaviour when we change the KMS ID (Auto Unseal with KMS) | 3 | 541 | April 4, 2022 |