open-vault/website/source/docs/enterprise/auto-unseal/index.html.md

---
layout: "docs"
page_title: "Vault Enterprise Auto Unseal"
sidebar_current: "docs-vault-enterprise-auto-unseal"
description: |-
  Vault Enterprise supports automatic unsealing via cloud technologies like KMS.
---

# Vault Enterprise Auto Unseal

As of version 0.9, Vault Enterprise supports opt-in automatic unsealing via
cloud technologies such Amazon KMS or Google Cloud KMS. This feature enables
operators to delegate the unsealing process to trusted cloud providers to ease
operations in the event of partial failure and to aid in the creation of new or
ephemeral clusters.

## Enabling Auto Unseal

Automatic unsealing is not enabled by default. To enable automatic unsealing,
specify the `seal` stanza in your Vault configuration file:

```hcl
seal "awskms" {
  region = "us-east-1"
  access_key = "..."
  secret_key = "..."
  kms_key_id = "..."
}
```

For a complete list of examples and supported technologies, please see the
[seal documentation](/docs/configuration/seal/index.html).
Add an auto-unseal page to the docs This helps with SEO and also is where I'd expect auto unsealing to be referenced. 2017-11-14 18:12:20 +00:00			`---`
			`layout: "docs"`
			`page_title: "Vault Enterprise Auto Unseal"`
			`sidebar_current: "docs-vault-enterprise-auto-unseal"`
			`description: \|-`
			`Vault Enterprise supports automatic unsealing via cloud technologies like KMS.`
			`---`

			`# Vault Enterprise Auto Unseal`

			`As of version 0.9, Vault Enterprise supports opt-in automatic unsealing via`
			`cloud technologies such Amazon KMS or Google Cloud KMS. This feature enables`
			`operators to delegate the unsealing process to trusted cloud providers to ease`
			`operations in the event of partial failure and to aid in the creation of new or`
			`ephemeral clusters.`

			`## Enabling Auto Unseal`

			`Automatic unsealing is not enabled by default. To enable automatic unsealing,`
			specify the `seal` stanza in your Vault configuration file:

			```hcl
			`seal "awskms" {`
s/aws_region/region/ (#4497) The correct key name is 'region' as opposed to 'aws_region'. 2018-05-02 21:25:03 +00:00			`region = "us-east-1"`
Add an auto-unseal page to the docs This helps with SEO and also is where I'd expect auto unsealing to be referenced. 2017-11-14 18:12:20 +00:00			`access_key = "..."`
			`secret_key = "..."`
			`kms_key_id = "..."`
			`}`
			```

			`For a complete list of examples and supported technologies, please see the`
			`[seal documentation](/docs/configuration/seal/index.html).`