feat: auto-unseal vault every hour

- add cron job to run vault unsealing service hourly

site/profiles/manifests/vault/unseal.pp

@@ -34,4 +34,14 @@ class profiles::vault::unseal (
     require   => File['/usr/local/bin/vault-unseal.sh'],
     subscribe => [Service['vault'],File['/etc/vault/unseal_keys']],
   }
+
+  # restart the vault-unseal service hourly to ensure vault is unsealled
+  cron { 'restart_vault_unseal':
+    ensure  => 'present',
+    user    => 'root',
+    command => '/bin/systemctl restart vault-unseal',
+    minute  => fqdn_rand(60),
+    hour    => '*',
+    require => Service['vault-unseal'],
+  }
 }