-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[vault-configurer] Fetching wrong key after GCP KMS unseal key version is rotated and disabled #1750
Comments
Thank you for your contribution! This issue has been automatically marked as |
Can you confirm if this behavior is still the same @Gentoli? |
Look like it's getting the same error when the key is disabled:
(running |
Thanks @Gentoli for verifying! Will add this to our roadmap and start working on it in the upcoming weeks (not yet sure when exactly). |
Describe the bug:
Fetching wrong key (
cryptoKeyVersions/1
) after the GCP KMS key is rotated and disabled. The current key revision is 3.Expected behaviour:
Not sure how Vault handles GCP KMS key rotation, Vault seems to be able to unseal with the old revision disabled.
vault-configurer
should match Vault's behavior.Steps to reproduce the bug:
I have not caught this when the key has rotated as I had no vault upgrade or configuration change (https://github.com/banzaicloud/bank-vaults/issues/1749).
I presume:
Additional context:
Add any other context about the problem here.
Environment details:
v1.24.6-gke.1500
1.16.0
/kind bug
The text was updated successfully, but these errors were encountered: