Cannot unseal after first installation using Keys


i’m currently testing out the vault and I currently stuck at the beginning, wondering if it might be a bug.
I am running vault as an executable service on a RHEL machine. I created Self Signed TLS certs, started service and accessed the Webui via Loadbalancer with 443.
Everything worked so far. I generated keys and root token and after that, when I have to unseal using 3 different keys, nothing happens.
When I reach (2/3) passed keys and paste in the 3rd key, nothing happens and the counter resets to 0. What am I missing?

My config:

 $ cat config.hcl
storage "raft" {
  path    = "/opt/vault/data/"
  node_id = "vault01"

listener "tcp" {
  address     = ""
  tls_disable = 0
  tls_cert_file   = "/opt/vault/cert/cert.pem"
  tls_key_file    = "/opt/vault/cert/key.pem"

api_addr = ""
cluster_addr = ""
disable_mlock = true
ui = true

The keys (or the copy-n-paste) process are incorrect. There is no validation of the shards during entry. Only after all the shards are present does Vault validate the key. If it’s resetting back to 0 without unsealing then the shards did not add up to a valid key.

Check for a space at the end (or a cartridge return character) where it isn’t visible but is entered into the buffer, could cause this.

Very strange. There is no typo. I also used the “copy to clipboard” button that was given in the UI. I thought this might copy the shard in its correct format.

I’ve seen it first hand. Two different times, two different people copy-n-pasting the same keys from the same page and one worked and one didn’t.

Should they all have the same length? I see 2 shards are longer than the rest. I made 5

AFAIK they should all be the same bit length.

Something is not right. I removed the data storage to begin re-initiate. Created a new raft, generated 5 shards and 2 thresholds. I checked copy&paste twice. They all are the same length. Now I have to provide 2 shards, but it still wont unseal…

I now made the whole init process in the terminal and I think I found my problem:
[vault@vault01 vault]$ vault operator unseal
Unseal Key (will be hidden):
Error unsealing: Error making API request.

Code: 500. Errors:

  • cannot use unspecified IP with raft storage:
    [vault@vault01 vault]$

changed cluster adress to, since it’s a single node setup