vault: deployment manifest, some docs, backup script - expected to run

on docker host

docker-30/vault/readme.md

@@ -0,0 +1,38 @@
+## deployment notes
+
+There was a problem with "production" deployment of Vault through docker container, because default `docker-entrypoint.sh` adds argument saying where dev instance is supposed to listen and then vault crashes because it tries to listen on same port twice.
+
+Solution: override default entrypoint
+
+```bash
+# vault helpers
+alias set-vault="export VAULT_ADDR=https://docker-30:8200"
+alias set-vault-ignore-tls="export VAULT_ADDR=https://docker-30:8200; export VAULT_SKIP_VERIFY=true"
+
+
+export VAULT_ADDR="https://vault.hrajfrisbee.cz"
+export VAULT_SKIP_VERIFY=true
+```
+
+## backup
+
+Simple file copy initiated by cron, backend storage is minio (s3) running on synology
+
+```bash
+echo '30 2 * * * root /root/bin/vault-backup.sh >> /var/log/vault-backup.log 2>&1' > /etc/cron.d/vault-backup
+```
+
+```bash
+# output role info
+tofu output -raw role_id
+tofu output -raw secret_id
+
+```
+
+## vault initialization
+
+```bash
+
+vault operator init -key-shares=1 -key-threshold=1
+
+```