@Joffrey no - never used dev mode.
@olinIgorov the log shows 2 times “not leader” and the third time, I get this error. This mean it’s trying all of them, but the error came from the leader.
True, same happening even in 2024
Hi @andrew.klimovski
I see that this is very old, but the same happened to me. I am running version HashiCorp Vault v1.18.1, running as HA and using raft as a backend. Also, auto-unseal is enabled via Azure KMS. I run into the same error, that is says:
"Error posting unseal key: Error making API request
URL: PUT https://$VAULT_URL/v1/sys/rekey-recovery/update
Code: 400. Errors:
- recovery key verification failed: failed to decrypt encrypted stored keys: error decrypting seal wrapped value
error decrypting using seal azurekeyvault: ClientSecretCredential authentication failed. FromClientSecret():
RESPONSE 401 Unauthorized
{
“error”: “invalid_client”,
“error_description”: "AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app
"
I am also seeing errors on Vault Raft Snapshot logs:
ERROR Could not take snapshot of vault nextSnapshot=2025-02-09T15:51:00.335Z error=“incomplete snapshot, unable to read SHA256SUMS.sealed file”
Do you remember how did you manage to solve this?
Thank you!