aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'db68e85d88'
${ noResults }
boundary/website/content/docs/configuration/kms/aead.mdx

34 lines
1.1 KiB
Raw Blame History

---
layout: docs
page_title: AEAD KMS configuration
description: >-
Learn about using the Authenticated Encryption with Associated Data (AEAD) KMS for key management. AEAD is typically used for development workflows or testing.
---
# `aead` KMS
~> **Note:** This is mostly used for `dev` workflows or testing. The key will be exposed
to anyone that can view the configuration file. If using this KMS, consider
using `boundary config encrypt` to encrypt all but the `config` KMS and using an
external KMS for `config` purposes.
```hcl
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
```
- `purpose` - Purpose of this KMS, acceptable values are: `worker-auth`, `worker-auth-storage`,
`root`, `previous-root`, `recovery`, `bsr`, or `config`.
- `aead_type` - The type of encryption this KMS uses. Currently only `aes-gcm` is implemented.
- `key` - The base64-encoded 256-bit encryption key.
- `key_id` - The unique name of this key.
It is used to identify the key when you perform a root key migration.
You can use the `key_id` field with all KMS stanzas.
Reference in new issue View Git Blame Copy Permalink