Vault Unseal Key

Bridgecrew Policy ID: BC_GIT_71
Chekov Check ID: CKV_SECRET_71
Severity: LOW

Vault Unseal Key


When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it. Unsealing is the process of obtaining the plaintext root key necessary to read the decryption key to decrypt the data, allowing access to the Vault.

Fix - Git


Did this page help you?