Vault Init Bash Shell to put in postStart for Vault Helm Chart to initial Vault HA Cluster on Kubernetes. This will upload root token and unseal key to MinIO or S3 compatibility storage.

vault-init.sh

#!/bin/sh

cd /home/vault

if [[ ! -f jq ]]
then
  echo "Download jq command..."
  wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O jq
  chmod +x jq
fi

if vault status -format=json | ./jq -e "if ((.initialized) and (.sealed | not)) then true else false end" >/dev/null; then
  echo "Vault initialized and unsealed."
  exit 0
fi

while :
do
  if [[ ! -f mc ]]
  then
    echo "Download mc command..."
    wget https://dl.min.io/client/mc/release/linux-amd64/mc
    chmod +x mc
  fi
  ./mc alias set minio-vault $MINIO_VAULT_URL vault $MINIO_VAULT_SECRET

	if vault status -format=json | ./jq -e "if (.initialized | not) then true else false end" >/dev/null; then
    if [ "$HOSTNAME" = vault-0 ]; then
      echo "Initial Vault..."
      initResult=$(vault operator init -format=json -key-shares=1 -key-threshold=1)
      unsealKey1=$(echo -n $initResult | ./jq -r '.unseal_keys_b64[0]')
      rootToken=$(echo -n $initResult | ./jq -r '.root_token')
      echo -n $unsealKey1 > unsealKey1
      echo -n $rootToken > rootToken
      echo "Upload Vault root token and unseal key to MinIO..."
      ./mc cp unsealKey1 rootToken minio-vault/vault/
    else
      echo "Join Vault Cluster..."
      vault operator raft join "http://vault-0.vault-internal:8200" || true
      echo "Download Vault unseal key from MinIO..."
      ./mc cp minio-vault/vault/unsealKey1 ./ || true
    fi
  fi

  if vault status -format=json | ./jq -e "if (.sealed) then true else false end" >/dev/null; then
    echo "Unseal Vault..."
    vault operator unseal `cat unsealKey1`
  fi

  if vault status -format=json | ./jq -e "if ((.initialized) and (.sealed | not)) then true else false end" >/dev/null; then
    echo "Vault initialized and unsealed."
    exit 0
  else
    echo "Wait 5 seconds for another trying..."
    sleep 5
  fi
done