Reputation: 387
How to unseal vault after a fresh initialization?
I am setting up a Vault test-server on a Windows 10 machine and first time it went well.
But after a reboot I could no longer unseal my vault with my keys. Ok, so I delete the data folder and start vault again.
I Create a new Raft cluster and then enter one key share and threshold. I then get one key and one root key. Great. (Also downloaded the keys)
So, next I get to the unseal prompt and enter my key, but it won't accept my newly created key!
I have tried several times to delete the data-folder and recreate the keys in the UI, but I can't still get past the unseal window anymore.
Any hints on what is causing this?
Is key data stored somewhere else besides the \vault\data folder?
My config is:
storage "raft" {
path = "./vault/data"
node_id = "node1"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
api_addr = "http://0.0.0.0:8200"
cluster_addr = "https://0.0.0.0:8201"
ui = true
I am running version Vault 1.5.0.
Upvotes: 2
Views: 2798
Answers (1)
Reputation: 387
Found my problem after a lot of troubleshooting.
The problem in my config was that I had set all the IP's to 0.0.0.0 to bind Vault to all IP-addresses, but that did not go so well as planned.
The config that worked for me looked like this
storage "raft" {
path = "./vault/data"
node_id = "node1"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
api_addr = "http://localhost:8200"
cluster_addr = "https://localhost:8201"
ui = true
Upvotes: 2
Related Questions
- How to get HashiCorp Vault policy right?
- How to reset or "un-initialize" vault?
- Reading secrets from Vault CLI
- Unable to unseal hashicorp vault after system reboot
- Unable to initialise vault
- Hashicorp Vault - read failed: decryption failed: cipher: message authentication failed
- Hashicorp auto unseal with Azure vault
- Adding secrets to a vault container at startup
- Is it necessary to remount a backend when the vault seals?
- HashiCorp Vault sealing questions