Access configuration for KMS

Key management system (KMS) access can be configured through Vault tokens, Thales CipherTrust Manager, or Vault tenants.

Based on your use case, you need to configure access to KMS using one of the following ways:

Using vaulttokens: allows users to authenticate using a token
Using Thales CipherTrust Manager: uses Key Management Interoperability Protocol (KMIP)
Using vaulttenantsa (Technology Preview): allows users to use serviceaccounts to authenticate with Vault

Important: Accessing the KMS using vaulttenantsa is a Technology Preview feature. Technology Preview features are not supported with IBM production service level agreements (SLAs) and might not be functionally complete. IBM does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.