Best Practice: Upgrading K/V to V2 in production

Hello Hashicorp Community :sun_with_face:

We use Open Source Vault in production with the K/V Store V1. I want to upgrade it to V2.

Since there is going to be a change in the path I’d like to know what the best practices are and if anyone has made this experience and can share their lessons learned.

Thank you :slight_smile:


It sounds like you’d be upgrading to the v2 secrets engine as described here, and then moving the secrets as described here. I haven’t actually done such a migration with prod data myself, but if I were to do it, I’d probably make a back-up/snapshot of the database data, then try both commands in staging just to make sure I know what to expect. From there, if/when I felt comfortable, I’d do the same in production.

Hopefully there will be others who can also weigh in more directly from an experiential point of view. :slight_smile:

Hi @luiXIV, this should help you out. :slight_smile:

KV Secrets Engine - Version 2 Upgrading from Version 1

Here’s the KV Secrets Engine - Version 2 documentation.

it also would require refactoring/reengineering efforts of integrated solutions, if the KV schema in Vault has been communicated as an agreement to your clients.