Unseal Vault using Android, or Iphone - Vault App

[ji-podhead]

Hi,

I currently have a non-HA Vault on my main machine, as I'm just building the automation of my infrastructure to make it HA. By that said, it sometimes distracts me, having the routine of getting the keys, starting the server, looking for my config, and unsealing. So, I asked myself: Why can't I just use my phone to decrypt the keys on the phone using the fingerprint (biometric authentication) as a security measure, in addition to 2FA (since you're using mobile anyway), and then make an API call from mobile to unseal the Vault?

so we have:

• the keys stored and encrypted on the phone
  • pin and biometric authentication on the mobile side
• 2factor for api call and other auth like approle token
• login and push a button to unseal your portions

so you have to store your unseal keys somewhere, why not on your phone, but encrypted