I am sorry, but your post is quite muddled and vague. You will need to explain better what you are asking about.
What do you mean, “only keys”?
What do you mean, “cloned”? Clearly it’s not an exact clone if it contains different data?
What do you mean, ““raft” keys”?
The word “key” can mean so many different things - please clarify.
What do you mean, “ACLs and policies”? Vault has policies, which are formally called “ACL policies” when there is a need to differentiate them from Sentinel policies, but it does not have ACLs and policies as two separate things.
Very little clue what you are referring to so far, but hopefully you can clear that up some!
The only way to manipulate secrets, policies, and LDAP group configuration is via the Vault HTTP APIs.
I assume all your policies and group configurations are already stored in some configuration as code system anyway, as I can’t imagine any organization big enough to pay for Vault Enterprise, not doing that?
In which case, I’d just replace the new “raft” Vault with a fresh migration of data from the old “file” Vault, and then re-upload the policy and group configuration from whatever external source of truth you have.