Configuration

Provider

Helm values

Note

You can reference the helm values.yaml for a full list of configurations

When deploying via helm, it is important to ensure that the vault.address is set correctly.

helm install vault-kms-provider --set "vault.address=https://vault.default.svc.cluster.local:8200"

Depending on the type of authentication you require you may want to disable the service account.

helm install vault-kms-provider --set "serviceAccount.create=false"

Environment variables

Below are all the environment variables and their defaults for configuration of the KMS provider

# Url of the vault service
VAULT_ADDRESS = "https://vault.vault.svc.cluster.local:8200"

# Path to the socket used for communication with the Kubernetes API server
SOCKET_PATH = "./sockets/vault-kms-provider.sock"

# The level of permissions granted to the socket, choices are:
#   - any: equivalent to 666
#   - user: equivalent to 600
#   - group: equivalent to 660
SOCKET_PERMISSIONS = "any"

# The string identifier used to store the encryption keys in the vault transit gateway
VAULT_TRANSIT_KEY = "vault-kms-provider"

# Used for authenticating with vault, only use if token authentication is desired.
VAULT_TOKEN = ""

# The endpoint that the health checks will listen on
HEALTH_ENDPOINT = "0.0.0.0:8080"

Quick Start

Configuration

Installation

Configuration

Provider

Helm values

Environment variables