Skip to main content
HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Presentation

Keybase Vault Auto-Unseal

In this talk, learn how to automatically unseal Vault clusters within a Keybase team.

When you want to automate the unsealing of your on-premise Vault clusters, how can you securely distribute Shamir unseal keys to the team so you can unseal your Vault when while on-call?

What You'll Learn

In this talk, learn how to automatically unseal Vault clusters within a Keybase team. The example demo uses Keybase.io in an automated Vault on Consul cluster with an Ansible/Vagrant environment to teach and practice.

  • Vagrant (tested on Mac)
  • Consul OSS
  • Vault OSS
  • Keybase (vault operator init, vault unseal, KBFS)
  • Ansible (Brian Shumate's roles, custom roles)
  • Packer (work in progress)

Slides

More resources like this one

  • 4/11/2024
  • FAQ
Introduction to HashiCorp Vault
Vault identity diagram
  • 12/28/2023
  • FAQ
Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?
  • 3/14/2023
  • Article
5 best practices for secrets management
  • 2/3/2023
  • Case Study
Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones