'Auto-unseal Vault on GCP on kubernetes

I am trying to auto unseal Vault using GCP kms and on a Kubernetes cluster hosted in GCP.

I created the keys and the service account, have the json file with credentials, but after the deployment with Helm3 when I check the Vault status it shows me SHAMIR seal.

I got the following code inside the values.yaml file under server.ha.config:

>   seal "gcpckms" {
>     credentials = "/tmp/vault_gcs_key.json"
>     project     = "my_project"
>     region      = "global"
>     key_ring    = "vault-unseal-kr"
>     crypto_key  = "vault-unseal-key"   
> }

They keys are created in GCP already and the credentials file exists during the installation.

And I install it with:

helm install vault -n vault hashicorp/vault --set='server.ha.enabled=true' -f values.yaml

What am I doing incorrectly? Can anyone assist please?

Thank you

kubernetesgoogle-cloud-platformvault


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project