unseal-vault command only available for k3d

konstructio / kubefirst

The Kubefirst Open Source Platform

https://kubefirst.konstruct.io/docs

MIT License

1.82k stars 142 forks source link

unseal-vault command only available for k3d #1715

Open fharper opened 1 year ago

fharper commented 1 year ago

Which version of kubefirst are you using?

2.2.2

Which cloud provider?

AWS, Civo, DigitalOcean, Google Cloud, Vultr

Which installation type?

CLI

Which distributed Git provider?

None specific

What is the issue?

The unseal-vault command is only available on k3d (kubefirst k3d unseal-vault). It could be nice to add it to the cloud installation also.

Code of Conduct

[X] I agree to follow this project's Code of Conduct

fharper commented 1 year ago

I discussed this issue with @johndietz, and we would need @jarededwards's input.

It should be updated to work with smaller cloud, but bigger ones, like AWS, use something along the lines of Key Management Service (AWS KMS) for auto locking/unlocking. We should probably manage bigger cloud also.

User can retrieve the unseal keys manually, and do the unsealing process by themselves (see https://docs.kubefirst.io/common/vault/#token-authentication) but this command is super useful to do that easily.