KMS Quickstart Guide Slack

KMS feature allows you to use Vault to generate and manages keys which are used by the minio server to encrypt objects.This document explains how to configure Minio with Vault as KMS.

Get started

1. Prerequisites

Install Minio - Minio Quickstart Guide.

2. Configure Vault

Vault as Key Management System requires following to be configured in Vault

Environment variables

You'll need the Vault endpoint, AppRole ID, AppRole SecretID, encryption key-ring name before starting Minio server with Vault as KMS

export MINIO_SSE_VAULT_APPROLE_ID=9b56cc08-8258-45d5-24a3-679876769126
export MINIO_SSE_VAULT_APPROLE_SECRET=4e30c52f-13e4-a6f5-0763-d50e8cb4321f
export MINIO_SSE_VAULT_ENDPOINT=https://vault-endpoint-ip:8200
export MINIO_SSE_VAULT_KEY_NAME=my-minio-key
minio server ~/export

4. Test your setup

To test this setup, access the Minio server via browser or mc. You’ll see the uploaded files are accessible from the all the Minio endpoints.

Explore Further