Skip to content

feat(devel): enable vault persistence in dev mode #2575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 21, 2025
Merged

feat(devel): enable vault persistence in dev mode #2575

merged 6 commits into from
Nov 21, 2025
+190 −21

Conversation

@migmartri
Copy link
Member

@migmartri migmartri commented Nov 20, 2025
edited
Loading

It enables persistence in Vault when ran in development mode both in local and in k8s, note: in development mode

Docker Compose (devel/)

  • Switch Vault from dev mode to server mode with file storage backend
  • Add vault-config.hcl for server configuration
  • Add vault-init.sh script to handle initialization, unsealing, and token creation
  • Mount persistent volume for Vault data
  • Automatically unseal Vault on startup
  • Create 'notasecret' token for development convenience
  • Enable KV v2 secrets engine

Helm Chart (deployment/chainloop/)

  • Add init script via vault.extraDeploy in parent chart values
  • Configure file storage backend (overrides subchart defaults)
  • Auto-initialize and unseal Vault on pod start
  • Validate init.txt content to handle corrupted files
  • Create 'notasecret' token if it doesn't exist
  • Enable KV v2 secrets engine (required by controlplane)
  • All configuration in parent chart (no subchart modifications)

Benefits

  • Data persists across container/pod restarts
  • Maintains development convenience (auto-unseal, known token)
  • No manual intervention required after restart
  • Consistent behavior between Docker Compose and Helm deployments

Fixes #2574"

@migmartri
feat(devel): enable vault persistence in dev mode
c7c273b 
Switch Vault to server mode with file backend to persist data across restarts while maintaining auto-unseal and dev token convenience.

Fixes chainloop-dev#2574

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri
feat(devel): enable vault persistence in dev mode
a8000d8 
Switch Vault to server mode with file backend to persist data across restarts while maintaining auto-unseal and dev token convenience.

Fixes chainloop-dev#2574

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri migmartri requested review from javirln and jiparis November 21, 2025 00:44
@migmartri
fix local initialization
723918c 
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri
fix local initialization
c88b2a1 
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri
feat: improve help
146bb7d 
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
jiparis
jiparis reviewed Nov 21, 2025
View reviewed changes
@migmartri
refactor: simplify vault token default in helm template
972714c 
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri migmartri merged commit 1ba81aa into chainloop-dev:main Nov 21, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jiparis jiparis jiparis approved these changes

@javirln javirln Awaiting requested review from javirln

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

how to run vault in development mode but with persistence

2 participants

@migmartri @jiparis