HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Boundary
Boundary Home

You are viewing documentation for version v0.14.x. View latest version.

aead KMS

Note: This is mostly used for dev workflows or testing. The key will be exposed to anyone that can view the configuration file. If using this KMS, consider using boundary config encrypt to encrypt all but the config KMS and using an external KMS for config purposes.

kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}

  • purpose - Purpose of this KMS, acceptable values are: worker-auth, worker-auth-storage, root, previous-root, recovery, or config.

  • aead_type - The type of encryption this KMS uses. Currently only aes-gcm is implemented.

  • key - The base64-encoded 256-bit encryption key.

  • key_id - The unique name of this key.

Edit this page on GitHub