I use vault for generating certificate, Application uses Vault APIs for this. Recently noticed vault APIs returning Vault is sealed to application.
I fixed this just by login to vault and unsealing via cli.
Want to know whats is correct practice when accessing Vault APIs.
You’d need to look and find out why Vault is sealing thru the logs. It is not normal for Vault to seal itself uncommanded.
realized vault container was restarted. it could be the reason for seal.
In such scenario, manual unsealing via cli is the only way ? or any other way possible ?
If you are using shamir keys to unseal, then manual unseal must be performed on a restart/seal event.
You can auto unseal the cluster as well: Seal/Unseal | Vault by HashiCorp
This worked
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "vault operator unseal $VAULT_KEY"]