Keybase Vault Auto-Unseal
Feb 26, 2020
In this talk, learn how to automatically unseal Vault clusters within a Keybase team.
When you want to automate the unsealing of your on-premise Vault clusters, how can you securely distribute Shamir unseal keys to the team so you can unseal your Vault when while on-call?
What You'll Learn
In this talk, learn how to automatically unseal Vault clusters within a Keybase team. The example demo uses Keybase.io in an automated Vault on Consul cluster with an Ansible/Vagrant environment to teach and practice.
- Vagrant (tested on Mac)
- Consul OSS
- Vault OSS
- Keybase (vault operator init, vault unseal, KBFS)
- Ansible (Brian Shumate's roles, custom roles)
- Packer (work in progress)