[vault-configurer] Fetching wrong key after GCP KMS unseal key version is rotated and disabled #1750
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/keep
Denotes an issue or PR that should be preserved from going stale.
Describe the bug:
Fetching wrong key (
cryptoKeyVersions/1
) after the GCP KMS key is rotated and disabled. The current key revision is 3.Expected behaviour:
Not sure how Vault handles GCP KMS key rotation, Vault seems to be able to unseal with the old revision disabled.
vault-configurer
should match Vault's behavior.Steps to reproduce the bug:
I have not caught this when the key has rotated as I had no vault upgrade or configuration change (https://github.com/banzaicloud/bank-vaults/issues/1749).
I presume:
Additional context:
Add any other context about the problem here.
Environment details:
v1.24.6-gke.1500
1.16.0
/kind bug
The text was updated successfully, but these errors were encountered: