luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/docs/enterprise/auto-unseal/index.html.md
Seth Vargo 4efcfe03d1
Add an auto-unseal page to the docs 
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
2017-11-14 13:12:20 -05:00

1,000 B
Raw Blame History

layout page_title sidebar_current description
docs Vault Enterprise Auto Unseal docs-vault-enterprise-auto-unseal Vault Enterprise supports automatic unsealing via cloud technologies like KMS.

Vault Enterprise Auto Unseal

As of version 0.9, Vault Enterprise supports opt-in automatic unsealing via cloud technologies such Amazon KMS or Google Cloud KMS. This feature enables operators to delegate the unsealing process to trusted cloud providers to ease operations in the event of partial failure and to aid in the creation of new or ephemeral clusters.

Enabling Auto Unseal

Automatic unsealing is not enabled by default. To enable automatic unsealing, specify the seal stanza in your Vault configuration file:

seal "awskms" {
  aws_region = "us-east-1"
  access_key = "..."
  secret_key = "..."
  kms_key_id = "..."
}

For a complete list of examples and supported technologies, please see the seal documentation.