## deployment notes

There was a problem with "production" deployment of Vault through docker container, because default `docker-entrypoint.sh` adds argument saying where dev instance is supposed to listen and then vault crashes because it tries to listen on same port twice.

Solution: override default entrypoint

```bash
# vault helpers
alias set-vault="export VAULT_ADDR=https://docker-30:8200"
alias set-vault-ignore-tls="export VAULT_ADDR=https://docker-30:8200; export VAULT_SKIP_VERIFY=true"


export VAULT_ADDR="https://vault.hrajfrisbee.cz"
export VAULT_SKIP_VERIFY=true
```

## backup

Simple file copy initiated by cron, backend storage is minio (s3) running on synology

```bash
echo '30 2 * * * root /root/bin/vault-backup.sh >> /var/log/vault-backup.log 2>&1' > /etc/cron.d/vault-backup
```

```bash
# output role info
tofu output -raw role_id
tofu output -raw secret_id

```

## vault initialization

```bash

vault operator init -key-shares=1 -key-threshold=1

```