VaultTest

iklim.co/VaultTest

Fork 0

Commit Graph

Author	SHA1	Message	Date
Murat ÖZDEMİR	508363fc75	refactor(vault): Replace transit auto-unseal with Shamir + Docker secret Remove vault-transit service entirely. Each vault node now auto-unseals at startup by reading the Shamir unseal key from a Docker secret managed by vault-bootstrap.sh. Eliminates the transit token expiry failure mode and removes the vault_transit node-pinning requirement. Changes: - docker-stack-vault.yml: remove vault-transit service, vault_transit_config, vault-transit-data-vl, transit_master_token / vault_transit_unseal_key secrets; add vault_unseal_key secret; rewrite vault entrypoint to background start + poll + auto-unseal loop - vault-template-v1.json, vault-template-v2.json: remove seal.transit block - vault-template-transit.json: deleted (vault-transit is gone) - vault-bootstrap.sh: full rewrite — node-agnostic run_vault() helper (docker exec fallback to docker run over overlay network), 7-step Shamir flow with SKIP_DEPLOY support and early-exit when vault is already healthy - deploy-prod.yml: replace BE-Forecast deploy with vault stack deploy + bootstrap (SKIP_DEPLOY=true) + cluster health check	2026-06-10 13:37:32 +03:00
Murat ÖZDEMİR	bf81b6ebee	feat: initialize vault transit auto-unseal documentation and configs - Added comprehensive step-by-step guide in README.md for Vault Transit auto-unseal setup. - Included Docker Swarm stack definition (docker-stack-vault.yml). - Added Vault configuration templates and bootstrap scripts. - Configured Gitea workflows for the VaultTest environment.	2026-05-27 01:48:30 +03:00

Author

SHA1

Message

Date

Murat ÖZDEMİR

508363fc75

refactor(vault): Replace transit auto-unseal with Shamir + Docker secret

Remove vault-transit service entirely. Each vault node now auto-unseals at
startup by reading the Shamir unseal key from a Docker secret managed by
vault-bootstrap.sh. Eliminates the transit token expiry failure mode and
removes the vault_transit node-pinning requirement.

Changes:
- docker-stack-vault.yml: remove vault-transit service, vault_transit_config,
  vault-transit-data-vl, transit_master_token / vault_transit_unseal_key
  secrets; add vault_unseal_key secret; rewrite vault entrypoint to background
  start + poll + auto-unseal loop
- vault-template-v1.json, vault-template-v2.json: remove seal.transit block
- vault-template-transit.json: deleted (vault-transit is gone)
- vault-bootstrap.sh: full rewrite — node-agnostic run_vault() helper (docker
  exec fallback to docker run over overlay network), 7-step Shamir flow with
  SKIP_DEPLOY support and early-exit when vault is already healthy
- deploy-prod.yml: replace BE-Forecast deploy with vault stack deploy +
  bootstrap (SKIP_DEPLOY=true) + cluster health check

2026-06-10 13:37:32 +03:00

Murat ÖZDEMİR

bf81b6ebee

feat: initialize vault transit auto-unseal documentation and configs

- Added comprehensive step-by-step guide in README.md for Vault Transit auto-unseal setup.
- Included Docker Swarm stack definition (docker-stack-vault.yml).
- Added Vault configuration templates and bootstrap scripts.
- Configured Gitea workflows for the VaultTest environment.

2026-05-27 01:48:30 +03:00

2 Commits