Struggled with backup + restore for cloud vault

Today I:

Made a backup of letsencrypt certificates locally just in case,
Rebuilt my vault VM,
Started working on vaultCloud restore scripts.

I’ve ascertained that I should

Have a similar vault operator init shares mechanism for local vault as remote vault,
Generalise my local vault backup + restore process for multiple unseal keys,
Translate this knowledge to vault cloud backup + restore.
Changing my init mechanism for local vault means that I will have to manually input all secrets again; I might therefore improve my manual input mechansim.

In particular I’ll want to run this command to 1) improve accuracy and 2) save manual work:

#!/bin/bash

for key in /path/to/directory/*; do
    vaultDev cli kv put -mount=secret "${key##*/}" value="$(cat "$key")" > /dev/null
done

Tags: hobby project

This entry was posted on May 1, 2024 at 12:05 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Where's my hat?!

Struggled with backup + restore for cloud vault

Leave a comment Cancel reply

Where's my hat?!

Struggled with backup + restore for cloud vault

Share this:

Related

Leave a comment Cancel reply