FICHA · AUR

cryptsetup-vault

A cli tool and initcpio hook to unlock a cryptdevice via HashiCorp Vault unattended

  • Add-on
  • System
  • SECURITY
  • NETWORK
  • Launchable
  • Runs in terminal
official+codex · reviewed · May 31, 2026 description in en

Description

Encrypted devices can be unlocked unattended during boot by retrieving secrets from HashiCorp Vault. It is useful for administrators designing automated boot flows for encrypted infrastructure.

Unattended unlocking is high risk because Vault access can become disk access. Secure Vault policies, network dependencies, audit logs, and recovery paths before deployment.

How to run

cryptsetup-vault

Commands: cryptsetup-vault

Permissions

Permissions not analysed for this source yet.