Describe the solution you'd like
As of today, the KMS key creation process is manual outside the scope of the example - vault-auto-unseal and we are trying to bring this into Terraform. This adds Terraform source code for creating a KMS key for auto-unseal to work. This also provides a KMS key replication to another region.
Describe alternatives you've considered
Manually create the KMS key using AWS console in every region where we need them.
Additional context
This would be useful when you are deploying your vault services (community version) across multiple regions in a primary/warm standby setup.
Describe the solution you'd like As of today, the KMS key creation process is manual outside the scope of the example -
vault-auto-unseal
and we are trying to bring this into Terraform. This adds Terraform source code for creating a KMS key for auto-unseal to work. This also provides a KMS key replication to another region.Describe alternatives you've considered Manually create the KMS key using AWS console in every region where we need them.
Additional context This would be useful when you are deploying your vault services (community version) across multiple regions in a primary/warm standby setup.