---
- name: Unseal Vault
  hosts: vault_instances

  tasks:
    - name: Get Vault status
      uri:
        url: http://127.0.0.1:8200/v1/sys/health
        method: GET
        status_code: 200, 429, 472, 473, 501, 503
        body_format: json
        return_content: true
      register: vault_status

    - name: Unseal Vault
      no_log: true
      command:
        argv:
          - "vault"
          - "operator"
          - "unseal"
          - "-address=http://127.0.0.1:8200/"
          - "{{ item }}"
      loop: "{{ unseal_keys_hex }}"
      when:
        - unseal_keys_hex is defined
        - vault_status.json["sealed"]