- name: un-seal
- description: un-seal is a Juju helper Snap designed to automate the initialization, unsealing, and authorization of Vault applications deployed via Juju. Deploying a charmed Vault with Juju requires a specific sequence of operations to bootstrap the cluster: initializing the Vault operator, securely managing the generated unseal keys and root token, unsealing individual units, and authorizing the charm to interact with the Vault API. un-seal streamlines this workflow into a single interactive command. It is designed for security-conscious environments, supporting split-file credential storage and GPG encryption (compatible with hardware tokens such as YubiKey) to facilitate the whole process.
- snapcraft: snapcraft.yaml
- upstream: GitHub Repo for un-seal
- upstream-relation: upstream maintainer - author
- supported-category: juju helpers
- reasoning: Access to Juju requires classic confinement
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.