Can I read secrets directly from filesystem storage with previous keys?

Something crazy happened with my Vault instance (I didn’t have backup, I know…). Please ignore for a second the history behind it, and let’s go straight to the question:

Can I read the secrets directly from the filesystem using the recovery keys and/or the initial root token used to write them?

The data on “disk” is (double?) encrypted, and the root token is not the encryption key, so no, you can’t.

1 Like