v/vault-unseal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

minor cleanup

Browse source
This commit is contained in:
Vivian 2023-05-02 09:42:01 +02:00
parent a481f4950a
commit 2f560c1607
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -1,14 +1,13 @@
# Vault Unsealer
This is a simple Rust program that automatically unseals a hashicorp vault instance.
| :exclamation: this method of unsealing the vault is not recommended if you have high security requirements! |
|-----------------------------------------|
This is a simple Rust program that automatically unseals a hashicorp vault instance given a list of keys.
## Environment Variables
| env var | default | description |
| ---------- | ------- | ----------- |
| ---------- | :-------: | ----------- |
| VAULT_ADDR | - | address of the vault server |
| VAULT_KEY_FILE | - | json file containing vault unseal key(s), see [./example_keys.json](./example_keys.json) |
| VAULT_KEY_FILE | - | a JSON file containing vault unseal key(s), see [./example_keys.json](./example_keys.json). |
| UNSEAL_INTERVAL | 15 | seconds to wait between checks / unseal attempts |

3
src/main.rs
View file

@ -54,6 +54,9 @@ fn is_sealed(health_url: &str) -> bool {
}
}
/// Unseals a vault given keys and url
///
/// See: https://developer.hashicorp.com/vault/api-docs/system/unseal
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
for key in keyfile.keys.iter() {
match ureq::post(unseal_url).send_json(json!({ "key": key })) {