dsrptlab/clientsflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(vault): auto-unseal on container start via VAULT_UNSEAL_KEY env

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-03-10 20:10:35 +07:00
parent 29309419bf
commit 25623b8f65
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
vault/Dockerfile
View File

@@ -1,7 +1,9 @@
FROM hashicorp/vault:1.21.3 FROM hashicorp/vault:1.21.3
COPY config /vault/config COPY config /vault/config
COPY entrypoint.sh /vault/entrypoint.sh
RUN chmod +x /vault/entrypoint.sh
EXPOSE 8200 8201 EXPOSE 8200 8201
CMD ["vault", "server", "-config=/vault/config/vault.hcl"] ENTRYPOINT ["/vault/entrypoint.sh"]

30
vault/entrypoint.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/sh
set -e
# Start Vault server in background
vault server -config=/vault/config/vault.hcl &
VAULT_PID=$!
# Wait for Vault to be ready
export VAULT_ADDR="http://127.0.0.1:8200"
echo "Waiting for Vault to start..."
until vault status -format=json 2>/dev/null | grep -q '"initialized"'; do
sleep 1
done
# Auto-unseal if VAULT_UNSEAL_KEY is set
if [ -n "$VAULT_UNSEAL_KEY" ]; then
SEALED=$(vault status -format=json 2>/dev/null | grep '"sealed"' | grep -c 'true' || true)
if [ "$SEALED" = "1" ]; then
echo "Vault is sealed, auto-unsealing..."
vault operator unseal "$VAULT_UNSEAL_KEY"
echo "Vault unsealed."
else
echo "Vault is already unsealed."
fi
else
echo "VAULT_UNSEAL_KEY not set, skipping auto-unseal."
fi
# Wait for Vault process
wait $VAULT_PID