Is it possible for me to create the users with config.hcl so that when the vault is created, I get out of the box the 3 users, the root (admin) can login and send the tokens for the individual users.
I would like to use this use-case because we are planning to have readonly users that need to “read” the secrets.
Kindly let me know if you might need any other information or if there is a current way of doing this, it will be very helpful for me.
There is no way to bootstrap the init process to contain data.
You do have choices:
You could build your “base” configuration, do a backup and after you have stood up vault do a restore and get what you’re looking for. This would make the key shards of every cluster you do with this method the same until you rotate the keys.
The second is to use the API or Vault binary to programmatically create the configuration you want after Vault has been initialized.
Neither is automatic but as close as you’re going to get.
Thanks @aram , I am preferring to use the binary to create the configuration with custom policies.