Boundary
aead KMS
Note: This is mostly used for dev
workflows or testing. The key will be exposed
to anyone that can view the configuration file. If using this KMS, consider
using boundary config encrypt
to encrypt all but the config
KMS and using an
external KMS for config
purposes.
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
purpose
- Purpose of this KMS, acceptable values are:worker-auth
,worker-auth-storage
,root
,previous-root
,recovery
, orconfig
.aead_type
- The type of encryption this KMS uses. Currently onlyaes-gcm
is implemented.key
- The base64-encoded 256-bit encryption key.key_id
- The unique name of this key.