Fault on HSM Unseal

what happens if all hsm linked to a vault cluster are broken?
Is it possbly to unseal using the recovery key or the raft is lost?

The Vault is completely lost.

(There was some work to optionally make recovery keys able to recover from this, which was briefly committed to the Vault Git repository… However it turned out to conflict with Vault Enterprise features and was reverted. HashiCorp representatives suggested a replacement feature might appear in Vault Enterprise in the future.)

Sorry but that’s not true!
i simulate a lost of hsm putting disabled = “true” in the “seal stanza” of vault.hcl
stop vault
start vault
vault operator unseal -migrate with 4 recovery keys
and vault is coming up and unsealed!
what’ i’m missing?

@daniele.carminati that’s not a loss of HSM, that’s just a regular seal migration

Indeed - if the HSM was truly lost, that would not work, @daniele.carminati. Your procedure involves Vault contacting the HSM in order to decrypt its root key, which is then re-encrypted with the combined recovery key.