How to automatically unseal a vault

Hi All

I am trying to run vault in on premises k8s. I am deploying using helm chart. I went through this link Autounseal-transit
But it requires another vault. Is there a way to automatically unseal on restart of pods or kubernetes nodes?

Thanks
Guru

You can do unsealing much simpler than using another cluster/transit with a KMS, ie GCP Cloud KMS or AWS KMS:

Hi Mike

Thanks for replying so quickly

I am deploying vault in on premises k8s. It can’t connect to any cloud kms or another vault server.

Thanks
Guru

Then you’ll need to setup something like another cluster, which then will have to be unsealed as well. Sounds like shamir keys is your best bet unless you run a in-house KMS/HSM.

1 Like

Thanks. I saw post startup hooks are in helm charts. I am leveraging that.