Guidance on migrating data from vault/consul (antiquated versions) --> vault/raft (newest)

Hello all, looking for some guidance on moving some data around.

I have inherited a VERY old vault (0.10.0) and consul (1.0.7) infrastructure that I have been charged with getting up to date. Part of the migration process includes getting them on a newer OS and VM hardware as well as using the integrated storage RAFT, so simply upgrading the current systems is not an option.

The approach I would like to take is to build a new vault cluster with RAFT storage, and use the vault migration tool, but I am running into issues configuring the migration config.

vault and consul configs of old servers (some sensitive names and data removed)



“acl_token”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxx”,
“addresses”: {
“https”: “”
“bind_addr”: “”,
“ca_file”: “/etc/ssl/certs/”,
“cert_file”: “/etc/ssl/certs/”,
“client_addr”: “”,
“data_dir”: “/opt/consul”,
“datacenter”: “dev-backbone”,
“enable_syslog”: true,
“encrypt”: “xxxxxxxxxxxxxxxxxx”,
“key_file”: “/etc/ssl/private/”,
“log_level”: “INFO”,
“node_name”: “vault-1”,
“ports”: {
“https”: 8443
“retry_join”: [”,”,
“server”: false

I started with a migration HCL config like this:

storage_source “consul” {
address = “”
path = “vault”

storage_destination “raft” {
path = “/opt/vault/raft/raft”
node_id = “node2”

but getting errors, some i understand (raft db already exists, vault running, you know the standard user errors :slight_smile: ) but even when executed correctly (i think) im still getting connection errors and such.

Does anyone have any advice on this topic?
Thanks in advance!


Error migrating: error checking migration status: Unexpected response code: 400