diff --git a/vault/entrypoint.sh b/vault/entrypoint.sh
index 11181ab..eb125f7 100644
--- a/vault/entrypoint.sh
+++ b/vault/entrypoint.sh
@@ -28,7 +28,13 @@ while true; do
 done
 
 if [ "$INIT_FLAG" = "false" ]; then
-  echo "Vault is not initialized yet; auto-unseal skipped."
+  echo "Vault is not initialized, running operator init..."
+  INIT_JSON=$(vault operator init -key-shares=1 -key-threshold=1 -format=json)
+  echo "$INIT_JSON" > /vault/data/init.json
+  UNSEAL_KEYS_RAW=$(printf '%s' "$INIT_JSON" | tr -d '\n' | sed -n 's/.*"unseal_keys_b64":\["\([^"]*\)".*/\1/p')
+  echo "Vault initialized. Auto-unsealing with new key..."
+  vault operator unseal "$UNSEAL_KEYS_RAW" >/dev/null
+  echo "Vault initialized and unsealed."
   wait $VAULT_PID
   exit $?
 fi