-
Notifications
You must be signed in to change notification settings - Fork 881
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault auto-unsealed can't work with AWS iam role mode #410
Comments
Are you using an AWS Ec2 instance profile or an IAM role for service account (IRSA) ? |
Yes it is |
Duplicates #368 |
Error parsing Seal configuration: error fetching AWS KMS wrapping key information: NoCredentialProviders: no valid providers in chain. Deprecated. still facing this issue, any resolution ? |
@nagender1005 I am also facing the same issue. Please share with me the solution if you found it. |
Same issue with me. What does this message about not valid providers refers to? |
I have resolved this issue by adding region value in the vault.hcl file for seal "awskms" and upgraded vault to the latest version. |
Try also this: |
The solution that I found was to provide the
Hope this works for you. |
Hello, a little late but are you using IRSA ? |
Describe the bug
I set below configration for auto-unseal. And give full kms pemission to eks node role.
seal "awskms" {
region = "us-west-2"
kms_key_id = "8ecb59ea-1fe7-47f4-ab5e-XXXXXXXX"
}
But get the error from vault logs:
Error parsing Seal configuration: error fetching AWS KMS wrapping key information: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Expected behavior
Vault can be running.
Environment
Chart values:
seal "awskms" {
region = "us-west-2"
kms_key_id = "8ecb59ea-1fe7-47f4-ab5e-XXXXXXXX"
}
The text was updated successfully, but these errors were encountered: