I have Vault installed on multiple clusters, now I want to setup auto unseal. One of the ways to do this is to use the transit mechanism.
With this another Vault instance will host the unseal keys of the sub Vault systems. Now I am thinking of using the one-click install Vault instance on DO. But I cannot find if that one auto unseals. At this moment everytime there is a cluster update my vault is down. Which is quite problematic if it happens in the night.
If the one-click vault has auto unseal already setup I can use that vault instance as the transit unseal instance.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
I can’t remember if it autounseals, but I would assume the answer would be No, as you need to configure it, and get the keys. If it auto-unseals, you’ll need to get the keys from a file, which I don’t think is the practice. You can deploy the DO one-click Vault and then configure it for auto-unseal using transit secrets engine. However, you’ll need another Vault instance that’s already auto-unsealed to act as the transit provider, which creates a chicken-and-egg problem. You can deploy Vault yourself and configure auto-unseal from the start. You can use tools like Terraform to achieve what you aim for.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.