Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c9457bb38b
Branches Tags
tftsr_ai
/
templates
/
vault
/
vault-unseal.sh.j2

vault-unseal.sh.j2 1.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. #!/bin/bash
    2. 

  2. # Vault auto-unseal script
    3. 

  3. # Reads unseal key from vault-init.json and unseals Vault
    4. 

  4. 

  5. set -e
    6. 

  6. 

  7. VAULT_ADDR="http://127.0.0.1:8200"
    8. 

  8. INIT_FILE="/docker_mounts/vault/vault-init.json"
    9. 

  9. 

  10. if [ ! -f "$INIT_FILE" ]; then
    11. 

  11.     echo "ERROR: vault-init.json not found at $INIT_FILE"
    12. 

  12.     exit 1
    13. 

  13. fi
    14. 

  14. 

  15. UNSEAL_KEY=$(jq -r '.unseal_keys_b64[0]' "$INIT_FILE")
    16. 

  16. 

  17. if [ -z "$UNSEAL_KEY" ]; then
    18. 

  18.     echo "ERROR: Could not extract unseal key from $INIT_FILE"
    19. 

  19.     exit 1
    20. 

  20. fi
    21. 

  21. 

  22. # Wait for Vault to be ready
    23. 

  23. for i in $(seq 1 30); do
    24. 

  24.     STATUS=$(curl -sf "${VAULT_ADDR}/v1/sys/health" 2>/dev/null || true)
    25. 

  25.     if [ -n "$STATUS" ]; then
    26. 

  26.         SEALED=$(echo "$STATUS" | jq -r '.sealed')
    27. 

  27.         if [ "$SEALED" = "false" ]; then
    28. 

  28.             echo "Vault is already unsealed."
    29. 

  29.             exit 0
    30. 

  30.         fi
    31. 

  31.         break
    32. 

  32.     fi
    33. 

  33.     echo "Waiting for Vault... ($i/30)"
    34. 

  34.     sleep 2
    35. 

  35. done
    36. 

  36. 

  37. echo "Unsealing Vault..."
    38. 

  38. curl -sf -X PUT "${VAULT_ADDR}/v1/sys/unseal" \
    39. 

  39.     -H "Content-Type: application/json" \
    40. 

  40.     -d "{\"key\": \"${UNSEAL_KEY}\"}"
    41. 

  41. 

  42. echo "Vault unsealed successfully."
    43.