FalcoSuessgott/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Description

Use ExecStartPost in order to unseal your Vault every time the vault daemon is started
1. intialize vault

vault operator init -t 1 -n 1

2. add unseal key to /etc/vault.d/vault.env

UNSEAL_KEY=893501f0cbab0d1872a87bfb9e50f0f6bd00f774e6e2d36c966badd3f0e8319b

3. add ExecStartPost to Vaults SystemD unit

[Service]
...
ExecStartPost=/usr/bin/vault operator unseal $UNSEAL_KEY
...

run:
systemctl daemon-reload
systemctl restart vault`

4. verify vault is automatically unsealed

 VAULT_SKIP_VERIFY=true VAULT_ADDR="https://127.0.0.1:8200" vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.13.3
Build Date      2023-06-06T18:12:37Z
Storage Type    file
Cluster Name    vault-cluster-6b51610e
Cluster ID      2ac7e5f2-4982-d4c0-6834-035b6600145d
HA Enabled      false