Can't init 1.13.2 with awskms #20644
Assignees
Labels
core
Issues and Pull-Requests specific to Vault Core
Comments
|
|
pcsgithubid
changed the title
|
This was also raised in https://discuss.hashicorp.com/t/cant-init-1-13-2-with-awskms/54000. I looked at it there, and it looks like initializing an auto-unseal cluster via the web UI may have regressed since v1.12.0, possible triggering PR #16379. |
|
Thank you for bringing this issue to our attention. I am working on reproducing this environment on our systems in order to better understand the root cause. |
|
I have been able to reproduce this issue locally. For the community's benefit, I wanted to confirm that this issue is not unique to the AWSKMS seal type. |
Merged
This was referenced May 31, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When running vault init with the web UI on a new install of 1.13.2 errors with "* parameters secret_shares,secret_threshold not applicable to seal type awskms".
Environment:
Vault Server Version (retrieve with vault status): 1.13.2
Vault server configuration file(s):
ui = true
disable_mlock = true
cluster_addr = "https://...:8201"
api_addr = "https://...:8200"
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = false
tls_cert_file = "/opt/vault/tls/certificates/....crt"
tls_key_file = "/opt/vault/tls/certificates/....key"
tls_disable_client_certs = true
}
plugin_directory = "/opt/vault/plugins"
seal "awskms" {
region = "us-east-1"
kms_key_id = "arn:aws:kms:us-east-1..."
}
The text was updated successfully, but these errors were encountered: