|
|
|
|
@ -38,20 +38,38 @@ These parameters apply to the `kms` stanza in the Boundary configuration file:
|
|
|
|
|
`AWS_DEFAULT_REGION` environment variables, from your `~/.aws/config` file,
|
|
|
|
|
or from instance metadata.
|
|
|
|
|
|
|
|
|
|
- `access_key` `(string: <required>)`: The AWS access key ID to use. May also be
|
|
|
|
|
- `kms_key_id` `(string: <required>)`: The AWS KMS key ID to use for encryption
|
|
|
|
|
and decryption. May also be specified by the `AWSKMS_WRAPPER_KEY_ID`
|
|
|
|
|
environment variable.
|
|
|
|
|
|
|
|
|
|
- `access_key` `(string: "")`: The AWS access key ID to use. May also be
|
|
|
|
|
specified by the `AWS_ACCESS_KEY_ID` environment variable or as part of the
|
|
|
|
|
AWS profile from the AWS CLI or instance profile.
|
|
|
|
|
|
|
|
|
|
- `session_token` `(string: "")`: Specifies the AWS session token. This can
|
|
|
|
|
also be provided via the environment variable `AWS_SESSION_TOKEN`.
|
|
|
|
|
|
|
|
|
|
- `secret_key` `(string: <required>)`: The AWS secret access key to use. May
|
|
|
|
|
- `secret_key` `(string: "")`: The AWS secret access key to use. May
|
|
|
|
|
also be specified by the `AWS_SECRET_ACCESS_KEY` environment variable or as
|
|
|
|
|
part of the AWS profile from the AWS CLI or instance profile.
|
|
|
|
|
|
|
|
|
|
- `kms_key_id` `(string: <required>)`: The AWS KMS key ID to use for encryption
|
|
|
|
|
and decryption. May also be specified by the `AWSKMS_WRAPPER_KEY_ID`
|
|
|
|
|
environment variable.
|
|
|
|
|
- `shared_creds_filename` `(string: "")`: (Boundary 0.5.1+) If set, the file
|
|
|
|
|
name to read as a shared credentials file.
|
|
|
|
|
|
|
|
|
|
- `shared_creds_profile` `(string: "")`: (Boundary 0.5.1+) If set, the
|
|
|
|
|
profile to use from the shared credentials file. If not set, will use the
|
|
|
|
|
`AWS_PROFILE` env var, or if that is not set, `"default"`.
|
|
|
|
|
|
|
|
|
|
- `role_arn` `(string: "")`: (Boundary 0.5.1+) If this and
|
|
|
|
|
`web_identity_token_file` are set, the role ARN to use when using a web
|
|
|
|
|
identity role provider with STS.
|
|
|
|
|
|
|
|
|
|
- `web_identity_token_file` `(string: "")`: (Boundary 0.5.1+) If this and
|
|
|
|
|
`role_arn` are set, the token file to use when using a web identity role
|
|
|
|
|
provider with STS.
|
|
|
|
|
|
|
|
|
|
- `role_session_name` `(string: "")`: (Boundary 0.5.1+) If using the web
|
|
|
|
|
identity role provider, the role session to use.
|
|
|
|
|
|
|
|
|
|
- `endpoint` `(string: "")`: The KMS API endpoint to be used to make AWS KMS
|
|
|
|
|
requests. May also be specified by the `AWS_KMS_ENDPOINT` environment
|
|
|
|
|
|
Jeff Mitchell
5 years ago
committed by
GitHub