HashiConf Last chance to register for our cloud conference October 10-12. Register today
Boundary
Boundary Home

You are viewing documentation for version v0.14.x. View latest version.

aead KMS

Note: This is mostly used for dev workflows or testing. The key will be exposed to anyone that can view the configuration file. If using this KMS, consider using boundary config encrypt to encrypt all but the config KMS and using an external KMS for config purposes.

kms "aead" {
    purpose = "worker-auth"
    aead_type = "aes-gcm"
    key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
    key_id = "global_worker-auth"
}

  • purpose - Purpose of this KMS, acceptable values are: worker-auth, worker-auth-storage, root, previous-root, recovery, or config.

  • aead_type - The type of encryption this KMS uses. Currently only aes-gcm is implemented.

  • key - The base64-encoded 256-bit encryption key.

  • key_id - The unique name of this key.