Deleted the encryption key, how to recover?

Deleted the encryption key, how to recover ?

We are using azure mysql storage in the backend and the azure vault for seal. I deleted the key from the azure vault and now the pods are throwing error stating unable to unseal.

{"@level":“info”,"@message":“stored unseal keys supported, attempting fetch”,"@module":“core”,"@timestamp":“2022-03-11T07:36:36.827702Z”}
{"@level":“warn”,"@message":“failed to unseal core”,"@timestamp":“2022-03-11T07:36:36.902237Z”,“error”:"fetching stored unseal keys failed: failed to decrypt keys from storage: keyvault.BaseClient#UnwrapKey: Failure responding to request: StatusCode=404 – Original Error: autorest/azure: Service returned an error. Status=404 Code=“KeyNotFound” Message=“A key with (name/id) vault/eba1c69c88f2416297e78843b6e3db83 was not found in this key vault. If you recently deleted this key you may be able to recover it using the correct recovery command. For help resolving this issue, please see"”}

Is there a way to recover from this situation, i do not have a backup of the key vault/eba1c69c88f2416297e78843b6e3db83

Did you ever figure out how to solve this problem? I did something similar today and I can’t figure out how to get back into my vault system.

There is no way to recover from loss of the unseal key - this is of course a huge problem - but also a result of the design security property that all Vault data is safe from unauthorized offline access, without access to the unseal key.

HEy @RSE132

Could you repost this in the vault forum? I think you’d be able to get better help there :slight_smile:

I figured that we need to have a backup of the key… and thats by design for the safety of vault