Automatically unsealing Vault drastically reduces the security of the stored secrets. That being said, there might be scenarios, in which this simple approach could be useful / sufficient.
This requires Vault to be started by a systemd-unit named vault.service
, which typically is the case when installing from a distribution package.
The script vault-unseal.sh
should be placed in /root
and secured with 700
permissions.