Use ExecStartPost
in order to unseal your Vault every time the vault daemon is started
vault operator init -t 1 -n 1
UNSEAL_KEY=893501f0cbab0d1872a87bfb9e50f0f6bd00f774e6e2d36c966badd3f0e8319b
[Service]
...
ExecStartPost=/usr/bin/vault operator unseal $UNSEAL_KEY
...
run:
systemctl daemon-reload
systemctl restart vault`
VAULT_SKIP_VERIFY=true VAULT_ADDR="https://127.0.0.1:8200" vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.13.3
Build Date 2023-06-06T18:12:37Z
Storage Type file
Cluster Name vault-cluster-6b51610e
Cluster ID 2ac7e5f2-4982-d4c0-6834-035b6600145d
HA Enabled false