bank-vaults CLI tool is to help automate the setup and management of HashiCorp Vault.
Initializes Vault and stores the root token and unseal keys in one of the followings:
- AWS KMS keyring (backed by S3)
- Azure Key Vault
- Google Cloud KMS keyring (backed by GCS)
- Alibaba Cloud KMS (backed by OSS)
- Kubernetes Secrets (should be used only for development purposes)
- Dev Mode (useful for
vault server -devdev mode Vault servers)
- Files (backed by files, should be used only for development purposes)
Automatically unseals Vault with these keys
In addition to the standard Vault configuration, the operator and CLI can continuously configure Vault using an external YAML/JSON configuration. That way you can configure Vault declaratively using your usual automation tools and workflow.
- If the configuration is updated, Vault will be reconfigured.
- The external configuration supports configuring Vault secret engines, plugins, auth methods, policies, and more.
For details, see External configuration for Vault.
bank-vaults CLI command needs certain cloud permissions to function properly (init, unseal, configuration).