我的书签
添加书签
移除书签azurekeyvault KMS
The Azure Key Vault KMS configures Vault to use Azure Key Vault for key management. The Azure Key Vault KMS is activated by one of the following:
- The presence of a
seal "azurekeyvault"block in Boundary’s configuration file.
azurekeyvault Example
This example shows configuring Azure Key Vault KMS through the Boundary configuration file by providing all the required values:
kms "azurekeyvault" {purpose = "root"tenant_id = "46646709-b63e-4747-be42-516edeaf1e14"client_id = "03dc33fc-16d9-4b77-8152-3ec568f8af6e"client_secret = "DUJDS3..."vault_name = "hc-vault"key_name = "vault_key"}
azurekeyvault Parameters
These parameters apply to the kms stanza in the Vault configuration file:
purpose- Purpose of this KMS, acceptable values are:worker-auth,root,recovery, orconfig.tenant_id(string: <required>): The tenant id for the Azure Active Directory organization. May also be specified by theAZURE_TENANT_IDenvironment variable.client_id(string: <required or MSI>): The client id for credentials to query the Azure APIs. May also be specified by theAZURE_CLIENT_IDenvironment variable.client_secret(string: <required or MSI>): The client secret for credentials to query the Azure APIs. May also be specified by theAZURE_CLIENT_SECRETenvironment variable.environment(string: "AZUREPUBLICCLOUD"): The Azure Cloud environment API endpoints to use. May also be specified by theAZURE_ENVIRONMENTenvironment variable.vault_name(string: <required>): The Key Vault vault to use the encryption keys for encryption and decryption. May also be specified by theAZUREKEYVAULT_WRAPPER_VAULT_NAMEenvironment variable.key_name(string: <required>): The Key Vault key to use for encryption and decryption. May also be specified by theAZUREKEYVAULT_WRAPPER_KEY_NAMEenvironment variable.
Authentication
Authentication-related values must be provided, either as environment variables or as configuration parameters.
Azure authentication values:
