|
|
|
|
|
|
by lolbrish
3194 days ago
|
|
|
I unseal using ansible (with the unseal keys in ansible-vault) and automate the configuration fully through ansible. For example you can use the ansible expect module: - name: unseal 1
expect:
command: '/usr/bin/vault unseal'
responses:
'Key \(will be hidden\): ': "{{vault_seal_key_1}}"
echo: yes
when: vault_sealed_result.rc == 2 and vault_seal_key_1 is defined
tags:
unseal
|
|
|