vxc
1
Hi, I have a vault cluster that is auto unsealed based on Auto-unseal using Transit secrets engine | Vault | HashiCorp Developer. In the journalctl logs for the vault service, there’s this warning every minute:
[WARN] core.autoseal: failed to encrypt seal health test value, seal backend may be unreachable:
Does anyone know what this is and how to fix it please?
vxc
2
We ran into this same warning message. The documentation at Auto-unseal using Transit secrets engine | Vault | HashiCorp Developer has not been updated to account for this health check. You need to add the “patch” permission to your autounseal policy to fix these warnings.
EDIT: Maybe not. The warnings came back after the server was up for a while.
I tried to manually go to the https://vault/v1/transit/encrypt/autounseal path in my logs and get permission denied with my admin account.
In the primary Vault logs I see permission denied errors for operation update at path transit/encrypt/autounseal.