Forget vault root token

Hi, um pretty much newly for vault and I create vault server but I forgot my root token but I have all unseal keys , could you please tell me is there have any way to get root token or can I re-generate root token

Hi! Welcome to Vault! HashiCorp has lots of great tutorials to get you up to speed, including this one on generating a root token. Good luck!

1 Like

if I follow the above steps is it possible to log in to vault UI using a generated root token

Hi! Yes, that’s correct; you’ll be able to use it as you would any other token: in the UI, on the command line, and with the API.

Thank you so much :grinning:

1 Like

Hi when um going to implement autounseal method it gave me this error from the standby server

Error unwrapping: Put “https://127.0.0.1:8200/v1/sys/wrapping/unwrap”: http: server gave HTTP response to HTTPS client

could you please gimme some solution for above ??

Have you set-up TLS/certificates on your Vault server? If not, I’d try going to port 80/tcp (HTTP) instead. That is:

http://127.0.0.1/...

You can set an environment variable for convenience instead:

$ export VAULT_ADDR=http://127.0.0.1:8200

OR

$ export VAULT_ADDR=http://localhost:8200

yeh its fixed then after it gave me this error

Error unwrapping: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/wrapping/unwrap
Code: 400. Errors:

  • wrapping token is not valid or does not exist

H’m. So, if you’re implementing auto-unseal locally, presumably you’re trying to do it through the transit secrets engine, yes? Are you following HashiCorp’s tutorial on that? I just recently got it working; it’s a bit tricky!

What’s the TTL on that wrapping token you generated? For example, if you are following the linked tutorial above, you only have two minutes to unwrap that token before it expires.

Can you provide a rundown of the steps that led to that error?

yes um followed the tutorial that u mentioned above , ok sure ill send it to you

Hi recently I changed ip range in my HA enabled vault cluster after that active server working perfectly but in standby server gave me the below error when I’m going to run “vault status” code
"
Error checking seal status: Get “https://127.0.0.1:8200/v1/sys/seal-status”: dial tcp 127.0.0.1:8200: connect: connection refused"

and I already set the environment variable also using this command (export VAULT_ADDR=http://127.0.0.1:8200)

Can you give me a proper solution for sort this issue ??