Trez/tar-valon-ansible
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions 1 Activity
Files
62c983a7f4e353c6fb9d88e30f934a0e29790558
tar-valon-ansible/.gitea/workflows/vault-auto-unseal-flow.yml
T
Trez.One cf10655400
Auto-Unseal for Vault / Unseal Vault (push) Successful in 23s
Details
Moving Vault unseal job from rinoa-docker to here.
2025-08-31 22:29:51 -04:00

55 lines
1.7 KiB
YAML
Raw Blame History

name: Auto-Unseal for Vault
on:
workflow_dispatch:
schedule:
- cron: '30 5 * * *'
env:
HC_VAULT_VERSION: '1.20.0'
jobs:
auto-unseal:
name: Unseal Vault
runs-on: ubuntu-latest
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
VAULT_SHARDS: ${{ secrets.VAULT_UNSEAL_SHARDS }}
VAULT_NAMESPACE: ""
steps:
- name: Vault Unseal Start
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: HC Vault @ Rinoa'
notification_message: 'Hashicorp Vault unsealing started... 🔐'
- name: Cache Vault install
id: cache-vault
uses: actions/cache@v4
with:
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
- name: Install Vault (only if not cached)
if: steps.cache-vault.outputs.cache-hit != 'true'
uses: cpanato/vault-installer@main
with:
version: ${{ env.HC_VAULT_VERSION }}
- name: Unseal Vault
run: |
for vault_shard in $VAULT_SHARDS; do
vault operator unseal -address="${VAULT_ADDR}" -non-interactive "${vault_shard}"
done
- name: Vault Unseal Completion
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: HC Vault @ Rinoa'
notification_message: 'Hashicorp Vault unsealed! 🔓'
Reference in New Issue View Git Blame Copy Permalink