The bank-vaults
CLI tool is to help automate the setup and management of HashiCorp Vault.
Features:
-
Initializes Vault and stores the root token and unseal keys in one of the followings:
- AWS KMS keyring (backed by S3)
- Azure Key Vault
- Google Cloud KMS keyring (backed by GCS)
- Alibaba Cloud KMS (backed by OSS)
- Kubernetes Secrets (should be used only for development purposes)
- Dev Mode (useful for
vault server -dev
dev mode Vault servers) - Files (backed by files, should be used only for development purposes)
-
Automatically unseals Vault with these keys
-
In addition to the standard Vault configuration, the operator and CLI can continuously configure Vault using an external YAML/JSON configuration. That way you can configure Vault declaratively using your usual automation tools and workflow.
- If the configuration is updated, Vault will be reconfigured.
- The external configuration supports configuring Vault secret engines, plugins, auth methods, policies, and more.
For details, see External configuration for Vault.
The bank-vaults
CLI command needs certain cloud permissions to function properly (init, unseal, configuration).