Is recommended to upgrade version from 1.11.1 to 1.12.2 directly? Should I need to upgrade one by one version? Can I get any known issues occurred so far?
There was deprecation note in the release notes of version 1.12.0 for AD secret Engine. How to Migrate from AD secret Engine to LDAP secret Engine? Any guides available for the Migration to get help?
Unless there are known issues populated in the Vault upgrade guides for the versions you are upgrading to or from, you should be able to upgrade from prior versions to a newer version without an issue. For example, checking Vault 1.11.x and Vault 1.12.x for issues that could impact you.
Related to the AD secrets engine notice here the AD Secrets Engine will still get bug fixes, but no new features. If you want to be on the newer engine, here’s how you could approach migration:
There is no framework or mechanism in Vault to support migrations from one Secrets Engine to another. The existing endpoints on the AD engine will remain largely identical, and thus migration of role setup, for instance, could be done through scripts that read the role values from a mount that’s using the deprecated engine and write them to a new mount that’s using the new engine.
@jbayer : Could you please help me on the raft snapshot ? When we ran the command “vault operator raft snapshot save <backup.snap>”, it did store the Local copy of backup.snap in the users folder. Is this snap trustable for restoration incase any issues?
We get permission denied error when we try to download from Status–> Raft Storage–> Snapshots
We use the below Policy, It didn’t allow us to take any backup, Are we missing any permissions? or the snapshot is only available to take from root token ?
path “sys/storage/raft/snapshot” {
capabilities = [“read”]
}
I don’t know why you are receiving an error using the snapshot API directly. There could be a hint in the audit or operational logs?
These tutorials show you both how to take a snapshot and how to restore from a snapshot. I recommend you try the steps demonstrated there.