Our Requirement is to use awskms seal type for auto-unseal HashiCorp Vault deployed on OCP containers.
One way is to provided IAM credentials in AWSKMS stanza but that is forbidden in my organization.
Does vault also support AWS Identity and Access Management Roles Anywhere mechanism to obtain credentials and then use it for auto-unsealing?
Vault use official AWS SDK so looks like its possible, but we dont know how to achieve the same.
Our Requirement is to use awskms seal type for auto-unseal HashiCorp Vault deployed on OCP containers.
One way is to provided IAM credentials in AWSKMS stanza but that is forbidden in my organization.
Does vault also support AWS Identity and Access Management Roles Anywhere mechanism to obtain credentials and then use it for auto-unsealing? Vault use official AWS SDK so looks like its possible, but we dont know how to achieve the same.
Could you please help us in this regards.