HC Vault backup restore


I’m very new to vault, so please excuse if this is a silly question :slight_smile:

I’ve successfully installed vault on a locally hosted ubuntu 22.04 server, unsealed it and it’s working great!
I’m now working on a disaster recovery strategy.

Vault is currently setup to run off an SSD with a file storage backend. I know that that raft storage is the recommended option, however I chose file storage due to ease of installation and I wasn’t able to figure out how to use raft with a tls configuration. Nevertheless, the file storage backend suits our needs because we won’t need the huge scalability that raft provides.

The back up process that I currently have is to merely zip the file storage directory and further encrypt it.

My problem now is with the restore process. Here is the scenario that I’m trying to cater for. In the event of a operating system hard drive failure, that hard drive would be replaced and I’ll have to reinstall Ubuntu and Vault. Part of the vault installation process is to initialise it to obtain a root key and the unseal keys.

However my data would be encrypted with the previous master key (encrypted by the previous root key). Would this still work with a new installation? My guess, would be no?

What is the process to ensure that my data could be restored to a new installation? Possibly even to a completely different server?

Any help would be massively appreciated. Thanks so much in advance!

I hope you are shutting down the Vault server whilst doing that… If not, certain race conditions could result in a backup taken whilst Vault is writing to the storage being unrestorable.

Only if you are creating a new empty Vault.

You would skip those steps if restoring Vault storage from backup.