AWS KMS backend - signatory fails to start without access to every key in the region #619
Description
When the service account used by Signatory has access to every key in the region, Signatory service starts fine
When there are keys in the configured region to which the service account does not have access, Signatory fails to start
to reproduce the issue, toggle the region in this vault configuration between us-west-1 and us-west-2
vaults:
aws:
driver: awskms
config:
access_key_id: redacted
region: us-west-2
secret_access_key: redacted
user_name: svc-sigy-integrationtest
please reach out to me directly to get the redacted info
using us-west-1 works fine, because there is only 1 key and the service account has access
using us-west-2 does not work, because there are keys for which the service account does not have access alongside the key it does