jetstack / vault-unsealer

Vault Unseal automation
Apache License 2.0
129 stars 28 forks source link

unclear how to save unseal key on bucket #12

Closed mumblez closed 6 years ago

mumblez commented 6 years ago

I saved the unseal key as a text file and kms encrypted before uploading, e.g.

{bucket}/{prefix}/vault-unseal-0

when I try to unseal:

ERRO[0031] error unsealing vault: unable to get key 'vault-unseal-0': error decrypting data: googleapi: Error 400: Decryption failed: the ciphertext is invalid., badRequest

any help is much appreciated

mumblez commented 6 years ago

nvm, pebkac