Today I:
- Made a backup of letsencrypt certificates locally just in case,
- Rebuilt my vault VM,
- Started working on vaultCloud restore scripts.
I’ve ascertained that I should
- Have a similar vault operator init shares mechanism for local vault as remote vault,
- Generalise my local vault backup + restore process for multiple unseal keys,
- Translate this knowledge to vault cloud backup + restore.
- Changing my init mechanism for local vault means that I will have to manually input all secrets again; I might therefore improve my manual input mechansim.
In particular I’ll want to run this command to 1) improve accuracy and 2) save manual work:
#!/bin/bash
for key in /path/to/directory/*; do
vaultDev cli kv put -mount=secret "${key##*/}" value="$(cat "$key")" > /dev/null
done
Tags: hobby project
Leave a comment