Introduction
A bug was identified in AWS CloudHSM Client SDK version 5.15.0, where session keys were not properly cleaned up upon disconnection. This issue has been resolved in the 5.16.0 release (May 1, 2025).
Summary
As a result of this bug, when Vault is integrated with AWS CloudHSM and using the affected Client SDK version, a noticeable increase in session usage may occur. This elevated session usage can lead to session throttling, potentially causing "seal wrapping error" messages to appear in the Vault logs.
Resolution
Upgrade the AWS CloudHSM Client SDK to version 5.16.0 to resolve session management issues with AWS CloudHSM.