HashiCorp

  • Category: HashiCorp

Use a Consul Watch to Monitor Vault Seal Status

In order for a Vault node to be functional, it needs to be in an unsealed state which decrypts the encryption key used for decryption and encryption of secret data. If a Vault node is sealed no secret data can be retrieved until it's unsealed.  A node can become sealed for a variety of reasons such as if a node reboots after an OS update or the vault service restarts.  In this post, I'll go over how a "Consul Watch" can be used to monitor the Vault service (or any other service) and send a slack alert if found to be critical (sealed).

consul watcher main

Add a comment

Read more: Use a Consul Watch to Monitor Vault Seal Status