Raft storage - Githubissues

bruj0 / vault-recovery-key

This tool will decrypt your Vault recovery keys when using KMS

MIT License

15 stars 10 forks source link

Raft storage #10

Open meraj-kashi opened 2 years ago

meraj-kashi commented 2 years ago

Hi,

Thanks for developing the tool. Any idea about how to use the tool for Vault with Raft storage? I found the recovey_key in raft db, but the value is a binary and I can't use the tool. Did you test or have any tips?

Br, Meraj

il-Putzki commented 2 years ago

Hi @meraj-kashi Convert Raft into Filesystem storage. I tried and it worked

levid0s commented 1 year ago

Can I convert a copy of the Vault instance, or do I need to migrate the backend of the live cluster for this to work?

mju commented 1 year ago

Can I convert a copy of the Vault instance, or do I need to migrate the backend of the live cluster for this to work?

https://developer.hashicorp.com/vault/docs/commands/operator/migrate#run-the-migration says the vault instance will have to be offline when you run the migration command. I imagine you can do this on a copy.

mju commented 1 year ago

Hi @meraj-kashi Convert Raft into Filesystem storage. I tried and it worked

I can confirmed that this will work. Below is an example migration config and command. You will have to run this on a node. You should be able to find the raft config from your vault config.

cat > migrate.hcl <<'EOF'
storage_source "raft" {
  path = "..."
  node_id = "..."
}
cluster_addr = "..."

storage_destination "file" {
  path = "/a/new/dir"
}
EOF

vault operator migrate -config migrate.hcl