✨ Describe the feature you'd like

Hi, I'm trying to run vault-unseal as container in my docker swarm instance.
Then I realize to make it work I need to store my tokens in unencrypted format inside the vault-unseal.yaml file in the host.

I think it would be very nice if the vault-unseal support reading token list from separate file, so I can then use docker secrets to store my tokens securely.

🌧 Is your feature request related to a problem?

No response

🔎 Describe alternatives you've considered

--

⚠ If implemented, do you think this feature will be a breaking change to users?

Yes

⚙ Additional context

To make my approach of using vault-unseal clearer, here is the example.

First I create new secret containing the tokens:
echo "aaaaaaaaaaaaaaaaaa,bbbbbbbbbbbbbbb" | docker secret create vault_unseal_tokens_a_b -

Then I can use the stack compose script below to easily spawn new vault-unseal node:

version: '3.8'
services:
  vault_unseal_1:
    image: ghcr.io/lrstanley/vault-unseal:latest
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
    environment:
      - CONFIG_PATH=/vault_unseal_config
      - TOKENS__FILE=/run/secrets/unseal_tokens
    networks:
      - vault-unseal-network
    configs:
      - source: vault_unseal_config
        mode: 0400
    secrets:
      - unseal_tokens

networks:
  vault-unseal-network:
    name: "vault_unseal_network"

configs:
  vault_unseal_config:
    name: "vault_unseal_conf_v1"
    external: true

secrets:
  unseal_tokens:
    name: "vault_unseal_tokens_a_b"
    external: true

🤝 Requirements

• I have confirmed that someone else has not submitted a similar feature request.
• If implemented, I believe this feature will help others, in addition to solving my problems.
• I have looked into alternative solutions to the best of my ability.
• (optional) I would be willing to contribute to testing this feature if implemented, or making a PR to implement this functionality.