minor cleanup

This commit is contained in:
Vivian 2023-05-02 09:42:01 +02:00
parent f7a851879c
commit 0e4f945e1e
2 changed files with 6 additions and 4 deletions

View file

@ -1,14 +1,13 @@
# Vault Unsealer # Vault Unsealer
This is a simple Rust program that automatically unseals a hashicorp vault instance.
| :exclamation: this method of unsealing the vault is not recommended if you have high security requirements! | | :exclamation: this method of unsealing the vault is not recommended if you have high security requirements! |
|-----------------------------------------| |-----------------------------------------|
This is a simple Rust program that automatically unseals a hashicorp vault instance given a list of keys.
## Environment Variables ## Environment Variables
| env var | default | description | | env var | default | description |
| ---------- | ------- | ----------- | | ---------- | :-------: | ----------- |
| VAULT_ADDR | - | address of the vault server | | VAULT_ADDR | - | address of the vault server |
| VAULT_KEY_FILE | - | json file containing vault unseal key(s), see [./example_keys.json](./example_keys.json) | | VAULT_KEY_FILE | - | a JSON file containing vault unseal key(s), see [./example_keys.json](./example_keys.json). |
| UNSEAL_INTERVAL | 15 | seconds to wait between checks / unseal attempts | | UNSEAL_INTERVAL | 15 | seconds to wait between checks / unseal attempts |

View file

@ -54,6 +54,9 @@ fn is_sealed(health_url: &str) -> bool {
} }
} }
/// Unseals a vault given keys and url
///
/// See: https://developer.hashicorp.com/vault/api-docs/system/unseal
fn unseal(keyfile: &KeyFile, unseal_url: &str) { fn unseal(keyfile: &KeyFile, unseal_url: &str) {
for key in keyfile.keys.iter() { for key in keyfile.keys.iter() {
match ureq::post(unseal_url).send_json(json!({ "key": key })) { match ureq::post(unseal_url).send_json(json!({ "key": key })) {