From a5132406626108d426b6ec88b48d163479d1dedc Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Tue, 3 Mar 2015 23:57:23 -0800
Subject: [PATCH] command/unseal

---
 command/unseal.go | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 commands.go       | 10 +++++----
 2 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 command/unseal.go

diff --git a/command/unseal.go b/command/unseal.go
new file mode 100644
index 0000000000..d596aad955
--- /dev/null
+++ b/command/unseal.go
@@ -0,0 +1,55 @@
+package command
+
+import (
+	"strings"
+)
+
+// UnsealCommand is a Command that unseals the vault.
+type UnsealCommand struct {
+	Meta
+}
+
+func (c *UnsealCommand) Run(args []string) int {
+	flags := c.Meta.FlagSet("unseal", FlagSetDefault)
+	flags.Usage = func() { c.Ui.Error(c.Help()) }
+	if err := flags.Parse(args); err != nil {
+		return 1
+	}
+
+	return 0
+}
+
+func (c *UnsealCommand) Synopsis() string {
+	return "Unseals the vault server"
+}
+
+func (c *UnsealCommand) Help() string {
+	helpText := `
+Usage: vault unseal [options]
+
+  Unseal the vault by entering a portion of the master key. Once all
+  portions are entered, the Vault will be unsealed.
+
+  Every Vault server initially starts as sealed. It cannot perform any
+  operation except unsealing until it is sealed. Secrets cannot be accessed
+  in any way until the vault is unsealed. This command allows you to enter
+  a portion of the master key to unseal the vault.
+
+General Options:
+
+  -address=TODO           The address of the Vault server.
+
+  -ca-cert=path           Path to a PEM encoded CA cert file to use to
+                          verify the Vault server SSL certificate.
+
+  -ca-path=path           Path to a directory of PEM encoded CA cert files
+                          to verify the Vault server SSL certificate. If both
+                          -ca-cert and -ca-path are specified, -ca-path is used.
+
+  -insecure               Do not verify TLS certificate. This is highly
+                          not recommended. This is especially not recommended
+                          for unsealing a vault.
+
+`
+	return strings.TrimSpace(helpText)
+}
diff --git a/commands.go b/commands.go
index 0c0a91496c..879f98abb7 100644
--- a/commands.go
+++ b/commands.go
@@ -36,12 +36,14 @@ func init() {
 			"seal": func() (cli.Command, error) {
 				return nil, nil
 			},
-
-			"unseal": func() (cli.Command, error) {
-				return nil, nil
-			},
 		*/
 
+		"unseal": func() (cli.Command, error) {
+			return &command.UnsealCommand{
+				Meta: meta,
+			}, nil
+		},
+
 		"version": func() (cli.Command, error) {
 			ver := Version
 			rel := VersionPrerelease