An open API service indexing awesome lists of open source software.

https://github.com/pbar1/vault-init

Initializes HashiCorp Vault and saves the root token and keys in providers of your choice
https://github.com/pbar1/vault-init

aws kubernetes vault

Last synced: 4 months ago
JSON representation

Initializes HashiCorp Vault and saves the root token and keys in providers of your choice

Awesome Lists containing this project

README

          

# vault-init

[![Build](https://github.com/pbar1/vault-init/actions/workflows/build.yml/badge.svg)](https://github.com/pbar1/vault-init/actions/workflows/build.yml)

Initializes HashiCorp Vault and saves the root token and keys in a provider of your choice.

```sh
docker pull ghcr.io/pbar1/vault-init
```

## Usage

### CLI

```
Initialize an instance of `HashiCorp` Vault and persist the keys

Usage: vault-init [OPTIONS]

Options:
--vault-addr
Address of the Vault server expressed as a URL and port [env: VAULT_ADDR=] [default: http://127.0.0.1:8200]
--pgp-keys
Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `secret_shares`
--root-token-pgp-key
Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representations
--secret-shares
Specifies the number of shares to split the root key into [default: 1]
--secret-threshold
Specifies the number of shares required to reconstruct the root key. This must be less than or equal `secret_shares` [default: 1]
--stored-shares
Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as `secret_shares`
--recovery-shares
Specifies the number of shares to split the recovery key into. This is only available when using Auto Unseal
--recovery-threshold
Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to recovery_shares. This is only available when using Auto Unseal
--recovery-pgp-keys
Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `recovery_shares`. This is only available when using Auto Unseal
-h, --help
Print help
```

### Config

```hcl
save_method "file" {
path = "vault-init.json"
overwrite = true
}

save_method "kube_secret" {
name = "vault-init"
key = "init.json"
overwrite = true
labels = {
"foo" = "foo"
}
annotations = {
"example.com/baz" = "baz"
}
}
```

[1]: https://www.vaultproject.io/docs/commands#environment-variables