Skip to content

Update AWS SDK to enable support for AWS EKS Pod Identities #31860

@danareghis

Description

@danareghis

Is your feature request related to a problem? Please describe.
We have now the option to deploy a new vault server inside the EKS cluster and we would like to use AWS EKS pod identities feature if possible.

Describe the solution you'd like
I have configured the below:

seal "awskms" {
        region      = "${region}"
        kms_key_id  = "${kms_key_id}"
      }

Also inside the vault pod I have the corresponding environment variables for the pod identities features as AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE and AWS_CONTAINER_CREDENTIALS_FULL_URI.

Unfortunately while starting I have the error:

Error initializing storage of type dynamodb: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2026-03-27T11:36:09.617Z [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2026-03-27T11:36:09.617Z [DEBUG] storage.dynamodb: added environment variable credential provider
2026-03-27T11:36:09.617Z [DEBUG] storage.dynamodb: added shared credential provider
**Describe alternatives you've considered**

A clear and concise description of any alternative solutions or features you've considered.

I want to know if this feature is enabled and if so, am I missing other configuration or only IRSA is the working solution to assume AWS credentials for managing the dynamoDB used by vault.

Additional context
I have found the issue #27850 but I see it closed, still there was another used with the same error I received.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions