From 3b31f76981a7e5d7eb64f6638323288c8d52e69a Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 20 Nov 2018 16:23:16 -0600
Subject: [PATCH] update values to use gcpkms key for auto-unseal

---
 values.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/values.yaml b/values.yaml
index d15f403..b00809e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -77,6 +77,11 @@ consulHA:
   # By default no direct resource request is made.
   resources: {}
 
+  # updatePartition is used to control a careful rolling update of Vault 
+  # servers. This should be done particularly when changing the version
+  # of Vault. Please refer to the documentation for more information.
+  updatePartition: 0
+
   # config is a raw string of default configuration when using a Stateful
   # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
   # and store data there. This is only used when using a Replica count of 1, and
@@ -95,6 +100,14 @@ consulHA:
       address = "HOST_IP:8500"
     }
 
+    seal "gcpckms" {
+      #credentials = "/usr/vault/vault-project-user-creds.json"
+      project     = "vault-helm-dev"
+      region      = "global"
+      key_ring    = "vault-helm"
+      crypto_key  = "vault-init"
+    }
+
 # Configuration for DNS configuration within the Kubernetes cluster.
 # This creates a service that routes to all agents (client or server)
 # for serving DNS requests. This DOES NOT automatically configure kube-dns