The Vault seal configuration can be set in two ways: through the Vault configuration file or through

environment variables. The Vault configuration file is a text file that contains the settings and options

for Vault, such as the storage backend, the listener, the telemetry, and the seal. The seal stanza in the

configuration file specifies the seal type and the parameters to use for additional data protection,

such as using HSM or Cloud KMS solutions to encrypt and decrypt the root key. The seal

configuration can also be set through environment variables, which will take precedence over the

values in the configuration file. The environment variables are prefixed with VAULT_SEAL_ and

followed by the seal type and the parameter name. For example, VAULT_SEAL_AWSKMS_REGION

sets the region for the AWS KMS seal. Reference: Seals - Configuration | Vault | HashiCorp

Developer, Environment Variables | Vault | HashiCorp Developer