Closed pivotal-bin-ju closed 4 years ago
We decided to decouple the auto-unseal work from the backend migration, because migrating data turned out to be a little trickier. It's not blocking work, so we're going to prioritize that and finish it up later.
fixes: https://github.com/concourse/prod/issues/48 The process for auto-unseal:
terraform apply
. if it is failed with403
, open thegcp
console to grant the access that error descripted.helm deploy
(for this case it ismake deploy-vault-nci
). Be aware we are in theln -s vault vault-nci
directory. We do not want to overwrite the existedvault
after we migrate the secrets.vault init
kubectl -n vault-nci exec -it vault-nci-0 /bin/sh
to login tovault
container.export VAULT_SKIP_VERIFY=1
vault init
lastpass
vault login
with the secret that your save in the last step.vault secrets enable -path=/concourse kv
vault write /concourse/test key1=12345
kubectl delete pod vault-nci-0 -n vault-nci
kubectl -n vault-nci exec -it vault-nci-0 /bin/sh
to login tovault
container.vault status
you should see:The
Sealed
should be falsevault login
vault read /concourse/test