In order for a Vault node to be functional, it needs to be in an unsealed state which decrypts the encryption key used for decryption and encryption of secret data. If a Vault node is sealed no secret data can be retrieved until it's unsealed. A node can become sealed for a variety of reasons such as if a node reboots after an OS update or the vault service restarts. In this post, I'll go over how a "Consul Watch" can be used to monitor the Vault service (or any other service) and send a slack alert if found to be critical (sealed).
Add a comment