The bank-vaults
CLI tool is to help automate the setup and management of HashiCorp Vault.
Features:
- Initializes Vault and stores the root token and unseal keys in one of the followings:
- AWS KMS keyring (backed by S3)
- Azure Key Vault
- Google Cloud KMS keyring (backed by GCS)
- Alibaba Cloud KMS (backed by OSS)
- Kubernetes Secrets (should be used only for development purposes)
- Dev Mode (useful for
vault server -dev
dev mode Vault servers) - Files (backed by files, should be used only for development purposes)
- Automatically unseals Vault with these keys
- In addition to the standard Vault configuration, the operator and CLI can continuously configure Vault using an external YAML/JSON configuration
- If the configuration is updated Vault will be reconfigured
- It supports configuring Vault secret engines, plugins, auth methods, and policies
The bank-vaults
CLI command needs certain cloud permissions to function properly (init, unseal, configuration).