fix(vault): auto-init when not initialized, then unseal

2026-03-10 21:03:25 +07:00
parent 2722aa860d
commit 39cf198e11
1 changed files with 7 additions and 1 deletions
--- a/vault/entrypoint.sh
+++ b/vault/entrypoint.sh
@@ -28,7 +28,13 @@ while true; do
 done

 if [ "$INIT_FLAG" = "false" ]; then
-  echo "Vault is not initialized yet; auto-unseal skipped."
+  echo "Vault is not initialized, running operator init..."
+  INIT_JSON=$(vault operator init -key-shares=1 -key-threshold=1 -format=json)
+  echo "$INIT_JSON" > /vault/data/init.json
+  UNSEAL_KEYS_RAW=$(printf '%s' "$INIT_JSON" | tr -d '\n' | sed -n 's/.*"unseal_keys_b64":\["\([^"]*\)".*/\1/p')
+  echo "Vault initialized. Auto-unsealing with new key..."
+  vault operator unseal "$UNSEAL_KEYS_RAW" >/dev/null
+  echo "Vault initialized and unsealed."
  wait $VAULT_PID
  exit $?
 fi