feat(hashicorpvault): Use AWS KMS to unseal

compose.yaml

@@ -25,6 +25,11 @@ services:
             VAULT_LOCAL_CONFIG: ${VAULT_LOCAL_CONFIG}
             VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_DEV_ROOT_TOKEN_ID}
             VAULT_DEV_LISTEN_ADDRESS: ${VAULT_DEV_LISTEN_ADDRESS}
+            AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-}
+            AWS_REGION: ${AWS_REGION:-}
+            AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-}
+            VAULT_AWSKMS_SEAL_KEY_ID: ${VAULT_AWSKMS_SEAL_KEY_ID:-}
+            VAULT_SEAL_TYPE: ${VAULT_SEAL_TYPE:-}
         entrypoint: vault server -config=/vault/config/vault.hcl
 networks:
     # Variables are not supported in keys, only in values.

env/fqdn_context.env.example

@@ -8,7 +8,11 @@ HASHICORPVAULT_VERSION=latest
 VAULT_DEV_ROOT_TOKEN_ID=your-root-token-here
 VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:1234
 VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}
-
+# AWS_ACCESS_KEY_ID=
+# AWS_REGION=
+# AWS_SECRET_ACCESS_KEY=
+# VAULT_AWSKMS_SEAL_KEY_ID=
+# VAULT_SEAL_TYPE=awskms
 
 
 # Feel free to leave defaults. They apply while these vars are commented out