Core.autoseal: failed to encrypt seal health test value, seal backend may be unreachable

Hi, I have a vault cluster that is auto unsealed based on Auto-unseal using Transit secrets engine | Vault | HashiCorp Developer. In the journalctl logs for the vault service, there’s this warning every minute:

[WARN]  core.autoseal: failed to encrypt seal health test value, seal backend may be unreachable:

Does anyone know what this is and how to fix it please?

Ok, so this is from Add a periodic test of the autoseal to detect loss of connectivity. by sgmiller · Pull Request #13078 · hashicorp/vault · GitHub, but if the cluster managed to auto unseal, why the warning?

We ran into this same warning message. The documentation at Auto-unseal using Transit secrets engine | Vault | HashiCorp Developer has not been updated to account for this health check. You need to add the “patch” permission to your autounseal policy to fix these warnings.

EDIT: Maybe not. The warnings came back after the server was up for a while. :frowning:

I tried to manually go to the https://vault/v1/transit/encrypt/autounseal path in my logs and get permission denied with my admin account.

In the primary Vault logs I see permission denied errors for operation update at path transit/encrypt/autounseal.