This is mostly used for dev workflows or testing. The key will be exposed to anyone that can view the configuration file. If using this KMS, consider using boundary config encrypt to encrypt all but the config KMS and using an external KMS for config purposes.

kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}

• purpose - Purpose of this KMS, acceptable values are: worker-auth, root, recovery, or config.

• aead_type - The type of encryption this KMS uses. Currently only aes-gcm is implemented.

• key - The base64-encoded 256-bit encryption key.

• key_id - The unique name of this key.