I am deploying a cluster of 3 Vault nodes with raft integrated storage, using ansible. At this moment i have 3 functional vault instances uninitialized and I am looking to automate the process of first initialization. Is there anyone that done this before and cloud share what options do i have for this task using ansible?
Initialization is both simple: it’s just a CLI command or HTTP API call, and very very complicated: it returns unseal keys and an initial root token which must be handled with the highest security.
Running a command or making an HTTP API call are fairly simple Ansible operations about which there is much documentation on the Internet already.
Deciding how to handle root secrets distribution and storage is something which is very organisation-dependent, so there isn’t a simple answer to your question.
If you can ask more focussed questions about smaller pieces of the puzzle that you’re unsure of, you’re more likely to get good responses from a forum such as this one.
Thank you @maxb, for your response, i have found a solution to this using this module wich could handle the init process. Capturing and securing the keys and token seemns challenging