DynamoDB Storage Backend restore from S3 Bucket

I’m using Vault 1.7.3 w/ a DynamoDB storage backend where I need to populate a new DynamoDB table that is populated from an s3 backup of the 1st one and point Vault to use that new one instead. The problem I’m running into is when I create the new table and populate it w/ the records from the s3 backup of the old one is that I cannot perform a successful unseal. The error I get is:

* unable to retrieve stored keys: failed to encrypt keys for storage: cipher: message authentication failed

For various reasons I need to use s3 backups from DynamoDB (I can’t use Raft or Consul as my backend and I need to use S3 as the restore mechanism for the new table). A regular back up via the console works but using s3 does not so I think it’s doing something different but I’m at a loss of what that is.

  • Has anyone worked w/ a similar use case and run into this problem before?
  • If anyone has a link to a doc that provides some insight into what I am missing, I’d appreciate it.