Nathan Valentine 608f013bf2 s/aws_region/region/ (#4497 )

The correct key name is 'region' as opposed to 'aws_region'.

2018-05-02 14:25:03 -07:00

996 B

Raw Blame History

layout	page_title	sidebar_current	description
docs	Vault Enterprise Auto Unseal	docs-vault-enterprise-auto-unseal	Vault Enterprise supports automatic unsealing via cloud technologies like KMS.

Vault Enterprise Auto Unseal

As of version 0.9, Vault Enterprise supports opt-in automatic unsealing via cloud technologies such Amazon KMS or Google Cloud KMS. This feature enables operators to delegate the unsealing process to trusted cloud providers to ease operations in the event of partial failure and to aid in the creation of new or ephemeral clusters.

Enabling Auto Unseal

Automatic unsealing is not enabled by default. To enable automatic unsealing, specify the seal stanza in your Vault configuration file:

seal "awskms" {
  region = "us-east-1"
  access_key = "..."
  secret_key = "..."
  kms_key_id = "..."
}

For a complete list of examples and supported technologies, please see the seal documentation.

996 B Raw Blame History

Vault Enterprise Auto Unseal

Enabling Auto Unseal

996 B

Raw Blame History