Forget vault root token

madawa55 · November 27, 2020, 6:26am

Hi, um pretty much newly for vault and I create vault server but I forgot my root token but I have all unseal keys , could you please tell me is there have any way to get root token or can I re-generate root token

jlj7 · November 27, 2020, 8:31am

Hi! Welcome to Vault! HashiCorp has lots of great tutorials to get you up to speed, including this one on generating a root token. Good luck!

madawa55 · November 27, 2020, 8:51am

if I follow the above steps is it possible to log in to vault UI using a generated root token

jlj7 · November 27, 2020, 9:21am

Hi! Yes, that’s correct; you’ll be able to use it as you would any other token: in the UI, on the command line, and with the API.

madawa55 · November 27, 2020, 9:31am

Thank you so much

madawa55 · November 30, 2020, 7:35am

Hi when um going to implement autounseal method it gave me this error from the standby server

Error unwrapping: Put “https://127.0.0.1:8200/v1/sys/wrapping/unwrap”: http: server gave HTTP response to HTTPS client

could you please gimme some solution for above ??

jlj7 · November 30, 2020, 8:56am

Have you set-up TLS/certificates on your Vault server? If not, I’d try going to port 80/tcp (HTTP) instead. That is:

http://127.0.0.1/...

You can set an environment variable for convenience instead:

$ export VAULT_ADDR=http://127.0.0.1:8200

OR

$ export VAULT_ADDR=http://localhost:8200

madawa55 · November 30, 2020, 9:28am

yeh its fixed then after it gave me this error

Error unwrapping: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/wrapping/unwrap
Code: 400. Errors:

wrapping token is not valid or does not exist

jlj7 · November 30, 2020, 10:48am

H’m. So, if you’re implementing auto-unseal locally, presumably you’re trying to do it through the transit secrets engine, yes? Are you following HashiCorp’s tutorial on that? I just recently got it working; it’s a bit tricky!

What’s the TTL on that wrapping token you generated? For example, if you are following the linked tutorial above, you only have two minutes to unwrap that token before it expires.

Can you provide a rundown of the steps that led to that error?

madawa55 · November 30, 2020, 11:09am

yes um followed the tutorial that u mentioned above , ok sure ill send it to you

madawa55 · December 8, 2020, 5:14am

Hi recently I changed ip range in my HA enabled vault cluster after that active server working perfectly but in standby server gave me the below error when I’m going to run “vault status” code
"
Error checking seal status: Get “https://127.0.0.1:8200/v1/sys/seal-status”: dial tcp 127.0.0.1:8200: connect: connection refused"

and I already set the environment variable also using this command (export VAULT_ADDR=http://127.0.0.1:8200)

Can you give me a proper solution for sort this issue ??

Topic		Replies	Views
Vault Cluster token expired, Need to recreate Vault	6	1423	September 20, 2021
Unwrapping issue Vault vault	1	563	November 30, 2020
Executing vault unwrap Vault	3	250	April 4, 2024
Key renewal for "Auto-unseal using Transit Secrets Engine" Vault	12	4056	September 20, 2021
Vault UI to accept unseal keys when generating root token Vault vault	3	482	February 12, 2022

Forget vault root token

Related topics