A KMS similiar to the one in GCP, AWS, Azure and other cloud providers would be immensely useful.
In addition to being able to store secrets directly in the KMS, it would be possible to delegate to the KMS to automatically unseal Vault for generate secret management: https://www.vaultproject.io/docs/configuration/seal
My thoughts exactly -- have a KMS solution for the Vault auto-unseal operation.
Attachments Open full size