With an AWS KMS key defined, migrating an existing Vault installation from using Shamir keys to AWS KMS auto-unseal requires only a few steps to complete.
Rather than manually unsealing Vault in the homelab every time updates are applied, it'd be preferable to have it auto-unseal using an AWS Key Management Server. This is how to setup the AWS part.
Before vRA / vRO can automate Vault and create high-entropy passwords for new workloads, Vault must be prepared. This post explains the steps taken.
Generate and secure unique complex passwords in HashiCorp Vault for new workloads provisioned by VMware vRealize Automation
Not content to build vSphere templates periodically, this introduction shows how VMware Code Stream and Packer can be combined to trigger builds from Git updates.
The final (short) post in this series. Now that vSphere templates can be built repeatably, it's time to think about the next steps to take things further.
Having created a Windows template, in Part 6 of this series it's now time to make one for Linux using my go-to distro, CentOS 8.
Armed with some vSphere variables, it's now time to create a Windows template. In post 5 of this series that process is described.