Skip to content

dominis/vault-terraform-kms

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

scripts

scripts

 
 

README.md

README.md

 
 

iam.tf

iam.tf

 
 

init.tf

init.tf

 
 

kms.tf

kms.tf

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

sg.tf

sg.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

Vault terraform

TODO:

  • create kms key
  • create ami policy:
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1443036478000",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
		"kmd:Encrypt"
            ],
            "Resource": [
                "<your KMS key ARN>"
            ]
        }
    ]
}
  • launch vault instances
  • attach iam role to the instances
  • install vault bin
  • cipherblob=$(aws kms encrypt --key-id alias/XXXXXXX --plaintext "$(vault init -key-shares=1 -key-threshold=1 |head -1 |cut -d":" -f 2|xargs)" --query CiphertextBlob --output text)
  • vault -server ....
  • vault unseal $(aws kms decrypt --ciphertext-blob fileb://<(echo $cipherblob | base64 -d) --query Plaintext --output text |base64 -d)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages