Initial commit: Vault Hierarchical Initializer

This commit adds the full implementation of vault-hier, a Rust utility for:
- Initializing HashiCorp Vault in production mode (non-dev)
- Handling Vault seal/unseal operations with key thresholds
- Using Docker Compose for containerized operation
- Supporting persistent storage via Docker volumes

Key components:
- Rust application for Vault interaction
- Docker and Docker Compose configuration
- Test scripts for local development
- Nix flake for development dependencies

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

test_local.sh

@@ -0,0 +1,118 @@
+#!/bin/bash
+set -e
+
+# Detect OS and handle accordingly
+if [[ "$OSTYPE" == "darwin"* ]]; then
+    # macOS
+    export VAULT_ADDR="http://127.0.0.1:8200"
+    VAULT_PID_FILE="/tmp/vault.pid"
+elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
+    # Linux
+    export VAULT_ADDR="http://127.0.0.1:8200"
+    VAULT_PID_FILE="/tmp/vault.pid"
+else
+    # Windows or other
+    export VAULT_ADDR="http://127.0.0.1:8200"
+    VAULT_PID_FILE="./vault.pid"
+fi
+
+# Check if Vault is installed
+if ! command -v vault &> /dev/null; then
+    echo "Vault is not installed. Please install it first."
+    exit 1
+fi
+
+# Check if there's already a Vault process running
+if [ -f "$VAULT_PID_FILE" ]; then
+    VAULT_PID=$(cat "$VAULT_PID_FILE")
+    if ps -p $VAULT_PID > /dev/null; then
+        echo "Vault is already running with PID $VAULT_PID"
+        echo "Stopping the existing Vault server..."
+        kill -9 $VAULT_PID
+        rm "$VAULT_PID_FILE"
+        # Wait for the port to be released
+        sleep 2
+    else
+        echo "Vault PID file exists but the process is not running. Removing stale PID file."
+        rm "$VAULT_PID_FILE"
+    fi
+fi
+
+echo "Starting Vault server in non-dev mode..."
+
+# Create temporary config file
+mkdir -p /tmp/vault-test/data /tmp/vault-test/config
+
+cat > /tmp/vault-test/config/vault.hcl << EOF
+storage "file" {
+  path = "/tmp/vault-test/data"
+}
+
+listener "tcp" {
+  address     = "127.0.0.1:8200"
+  tls_disable = "true"
+}
+
+disable_mlock = true
+ui = true
+EOF
+
+vault server -config=/tmp/vault-test/config/vault.hcl > ./vault_server.log 2>&1 &
+VAULT_PID=$!
+echo $VAULT_PID > "$VAULT_PID_FILE"
+
+echo "Vault server started with PID $VAULT_PID"
+echo "Vault server is running at $VAULT_ADDR"
+
+# Wait for Vault to start
+echo "Waiting for Vault to start..."
+sleep 5
+
+# Check if Vault is up and running
+for i in {1..10}; do
+  if curl -fs -m 1 http://127.0.0.1:8200/v1/sys/health?standbyok=true\&sealedok=true\&uninitok=true > /dev/null 2>&1; then
+    echo "Vault is up and running!"
+    break
+  fi
+  
+  if [ $i -eq 10 ]; then
+    echo "Timed out waiting for Vault to become available"
+    exit 1
+  fi
+  
+  echo "Vault is unavailable - sleeping (attempt $i/10)"
+  sleep 2
+done
+
+# Build and run the Rust application
+echo "Building and running the Rust application..."
+cargo build && cargo run
+
+# Check if the credentials file was created
+if [ -f "vault-credentials.txt" ]; then
+    echo "Test successful! Credentials were saved to vault-credentials.txt"
+    # Extract the unseal keys for demonstration
+    UNSEAL_KEYS=$(grep "Key" vault-credentials.txt | head -n 3 | awk '{print $3}')
+    ROOT_TOKEN=$(grep "Root Token" vault-credentials.txt | awk '{print $3}')
+    
+    echo "Root Token: $ROOT_TOKEN"
+    echo "First 3 Unseal Keys (needed for threshold):"
+    echo "$UNSEAL_KEYS"
+    
+    # Clean up temporary files
+    rm -f vault-credentials.txt
+else
+    echo "Test failed! Credentials file was not created."
+    exit 1
+fi
+
+echo -e "\nTest complete! Cleaning up..."
+# Stop Vault server
+kill -9 $VAULT_PID
+rm "$VAULT_PID_FILE"
+
+# Clean up test environment
+rm -rf /tmp/vault-test
+rm -f ./vault_server.log
+
+echo "All cleaned up. Test successful!"