dsrptlab/clientsflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(vault): auto-init and auto-unseal on first start

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-03-10 20:32:37 +07:00
parent 9283ab436f
commit 08a31383f0
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
vault/entrypoint.sh
View File

@@ -5,14 +5,23 @@ set -e
vault server -config=/vault/config/vault.hcl &
VAULT_PID=$!
# Wait for Vault to be ready
export VAULT_ADDR="http://127.0.0.1:8200"
echo "Waiting for Vault to start..."
until vault status -format=json 2>/dev/null | grep -q '"initialized"'; do
until vault status -format=json 2>/dev/null | grep -q '"initialized"\|"sealed"'; do
sleep 1
done
# Auto-unseal if VAULT_UNSEAL_KEY is set
# Check if initialized
INITIALIZED=$(vault status -format=json 2>/dev/null | grep '"initialized"' | grep -c 'true' || true)
if [ "$INITIALIZED" != "1" ]; then
echo "Vault not initialized, running operator init..."
vault operator init -key-shares=1 -key-threshold=1 -format=json > /vault/data/init.json
VAULT_UNSEAL_KEY=$(cat /vault/data/init.json | grep -o '"unseal_keys_b64":\["[^"]*"' | grep -o '\["[^"]*"' | tr -d '["')
echo "Vault initialized. Unseal key saved to /vault/data/init.json"
fi
# Auto-unseal
if [ -n "$VAULT_UNSEAL_KEY" ]; then
SEALED=$(vault status -format=json 2>/dev/null | grep '"sealed"' | grep -c 'true' || true)
if [ "$SEALED" = "1" ]; then