You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to use two KMS keys living in two different AWS accounts, so that each account can access the encrypted contents. Similar to the setup in #1093 .
But when encrypting a file I get the following error:
error updating one or more master keys: [failed to encrypt new data key with master key "arn:aws:kms:eu-central-1:ACCOUNT2:key/KEY2": failed to encrypt sops data key with AWS KMS: operation error KMS: Encrypt, https response error StatusCode: 400, RequestID: [REDACTED], api error AccessDeniedException: User: arn:aws:sts::ACCOUNT1:assumed-role/[REDACTED] is not authorized to perform: kms:Encrypt on this resource because the resource does not exist in this Region, no resource-based policies allow access, or a resource-based policy explicitly denies access]
It seems to me like sops is using the default profile (which is profile1) instead of the defined profile.
The text was updated successfully, but these errors were encountered:
I'm trying to use two KMS keys living in two different AWS accounts, so that each account can access the encrypted contents. Similar to the setup in #1093 .
I've created the following
.sops.yaml:But when encrypting a file I get the following error:
It seems to me like sops is using the default profile (which is profile1) instead of the defined profile.
The text was updated successfully, but these errors were encountered: