search

djenriquez / vault-ui

Vault-UI — A beautiful UI to manage your Vault, written in React
Other
1.31k stars 149 forks source link

Ability to Unseal Vault #170

Open rosspeoples opened 7 years ago

rosspeoples commented 7 years ago

It would be very cool if Vault UI could detect a sealed vault before showing the login page that would allow you to enter one key at a time until the unseal threshold is met.

cpoole commented 7 years ago

for this to work vault would also need to detect if the endpoint was running in HA mode... detecting which one of the cluster entities is sealed could be challenging, especially if behind a loadbalancer

djenriquez commented 7 years ago

Thinking out loud: the easiest way to do this is provide an option on the login screen to unlock by entering in an endpoint and unseal keys. The nicer, more difficult method would be, on login, detecting sealed vaults, and if detected, pops up a modular window requesting unseal keys to unseal the sealed vault.

DJ Enriquez

On Aug 25, 2017, at 4:03 AM, Connor Poole notifications@github.com wrote:

for this to work vault would also need to detect if the endpoint was running in HA mode... detecting which one of the cluster entities is sealed could be challenging, especially if behind a loadbalancer

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

cpoole commented 7 years ago

@djenriquez also thinking outloud: both the endpoint field and keys field should be arrays. endpoint as an array so you can unseal a whole cluster. keys as an array because technically none of us should have more than one part of the shard.... and we all know that we never violate that rule :)

rosspeoples commented 7 years ago

Honestly, anything that keeps me from having to use the Vault CLI is an improvement. Nothing wrong with it, just a hassle and takes longer. So if it starts out as an option you can use if you get the "Vault sealed" error, I'm fine with that. We can work our way towards a nicer method later.

djenriquez commented 7 years ago

You're absolutely right, I hate unsealing from CLI as well, esp since we have Vault behind an ELB, makes it such a PITA. Thanks for your input.

lesavonfou commented 6 years ago

Hey @djenriquez ,

I share your opinion about the unseal process of Vault. An unsealing option would be great!