We are running hashicorp vault open-source v-1.4.2-linux on a Ubuntu VM which uses Google cloud storage as backend. Now, we want to create a new vault on a different VM and we want the same data from the GCS. Is there any backup and restore mechanism that can be done for the vault data to migrate or use the same GCS for the new vault?
Not within vault itself. You have to backup and restore using google tools, but it’s just a directory so should be relatively painless. If you’re literally moving to a new VM, then you can just shutdown the old vault, bring up the vault instance and point it at the same data source and that’ll work. Any permissions changes would be GCS ones.
I should mention that 1.4 is out of support, 1.6 is the oldest supported version with 1.8 being the latest release. There is no “upgrade” to do, just upgrade the version of your vault version instance.
Thanks for your reply. In case I want to copy the directory to a new GCS storage what are all the files I need to copy? I just need the secrets that I created in the old vault. Currently, my bucket has folders like core, logical, and sys. Note that I don’t have access to the old vault but just the backend GCS of it.
Thanks.
You can’t split out “some” data, all of it has to go with the same exact filenames and folders.
When you get there you can delete whatever you don’t need.
I created a new bucket copied all the files from the old bucket to the new one. Installed new vault on a new VM and gave backend GCS and bucket with the new bucket name. everything was fine but when I tried to log in it didn’t ask for initialization so I used the old vaults master key and token and its giving an error as “Authentication failed: failed to decode lock: unexpected end of JSON input”.
It won’t ask, it’s the same exact data set, so the same encryption keys.
- Make sure the old instance is shutdown before you start the copy.
- Make sure everything copied in the same exact names/folders
- Make sure the permissions match.
Thanks for your support, after deleting the old VM everything worked.
Google Vault is the one which is used widely for storing the data. But when the situation arises to restore data from Google Vault then it becomes hectic and confusing. But do not worry here we are with the efficient solution through which you can perform Google Vault export to PST file.