2024-08-06 22:51:55 +10:00
1 changed files with 10 additions and 0 deletions
--- a/site/profiles/manifests/vault/unseal.pp
+++ b/site/profiles/manifests/vault/unseal.pp
@ -34,4 +34,14 @@ class profiles::vault::unseal (
    require   => File['/usr/local/bin/vault-unseal.sh'],
    subscribe => [Service['vault'],File['/etc/vault/unseal_keys']],
  }
+
+  # restart the vault-unseal service hourly to ensure vault is unsealled
+  cron { 'restart_vault_unseal':
+    ensure  => 'present',
+    user    => 'root',
+    command => '/bin/systemctl restart vault-unseal',
+    minute  => fqdn_rand(60),
+    hour    => '*',
+    require => Service['vault-unseal'],
+  }
 }