vault-mcp-curl-timeout-too-aggressive-for-tls-handshake
A 5-second curl timeout against the vault-mcp endpoint was too aggressive — the vault container was healthy (Up 30 hours (healthy)) but the TLS handshake needed more time to complete, causing false ‘unreachable’ diagnostics. When the vault MCP client shows disconnected mid-session (session-scoped state, won’t reconnect), fall back to direct filesystem audit at /opt/second-brain/vault/ rather than treating endpoint timeout as container failure.