New to KubeVault? Please start here.

mode.awsKmsSsm

To use awsKmsSsm mode specify mode.awsKmsSsm. In this mode, unseal keys and root token will be stored in AWS System Manager Parameter store and they will be encrypted using AWS encryption key.

spec:
  unsealer:
    mode:
      awsKmsSsm:
        kmsKeyID: <key_id>
        region: <region>
        credentialSecret: <secret_name>

mode.awsKmsSsm has following field:

awsKmsSsm.kmsKeyID

awsKmsSsm.kmsKeyID is a required field that specifies the ID or ARN of the AWS KMS key to encrypt values.

spec:
  unsealer:
    mode:
      awsKmsSsm:
        kmsKeyID: "aaaaa-bbbb-cccc-ddd-eeeeeeee"

awsKmsSsm.region

awsKmsSsm.region is a required field that specifies the AWS region.

spec:
  unsealer:
    mode:
      awsKmsSsm:
        region: "us-east-1"

awsKmsSsm.credentialSecret

awsKmsSsm.credentialSecret is an optional field that specifies the name of the secret containing AWS access key and AWS secret key. If this is not specified, then Unsealer will attempt to retrieve credentials from the AWS metadata service. The secret contains following field:

access_key
secret_key

spec:
  unsealer:
    mode:
      awsKmsSsm:
        credentialSecret: "aws-cred"

KubeDB

Stash

KubeVault

Guard

Voyager

Swift

Searchlight

Kubed

ByteBuilders

Pharmer

Kubeform

mode.awsKmsSsm

awsKmsSsm.kmsKeyID

awsKmsSsm.region

awsKmsSsm.credentialSecret

What's on this Page

Search

Have any Inquiry?

Products

Services

Company

Legal