AD
The presence of a seal "awskms" block in Vault's configuration file
The presence of the environment variable VAULT_SEAL_TYPE set to awskms. If enabling via environment variable, all other required values specific to AWS KMS (i.e. VAULT_AWSKMS_SEAL_KEY_ID) must be also supplied, as well as all other AWS-related environment variables that lends to successful authentication (i.e. AWS_ACCESS_KEY_ID, etc.).
CE
https://developer.hashicorp.com/vault/docs/commands/operator/init
This section explains it in detail:
Migration from shamir to auto unseal
To migrate from Shamir keys to Auto Unseal, take your server cluster offline and update the seal configuration with the appropriate seal configuration. Bring your server back up and leave the rest of the nodes offline if using multi-server mode, then run the unseal process with the -migrate flag and bring the rest of the cluster online.
All unseal commands must specify the -migrate flag. Once the required threshold of unseal keys are entered, unseal keys will be migrated to recovery keys.
$ vault operator unseal -migrate
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
gvyecvlc
7 months, 3 weeks agonginx_aws
7 months, 2 weeks agoMark1000
9 months, 3 weeks agodaz_rekka
10 months, 1 week ago