Good day, everyone
Is it one way choice to setup auto unseal ?
I was set up auto unseal and migrated to transit seal type.
After I tried to rotate transit unseal key and it is working except vault still use the first version of transit key.
So I decided to return to Shamir seal type and got an error
invalid key if I used my old keys. I tried to export transit key and use it, but still
I tested every version since 1.1.0 up to 1.2.3
It is too risky for me to apply auto unseal on production environment without possibilities of rotating unseal keys and unsealing cluster with our keys when transit is not reachable.
UPD: I saw a similar issue on Google Groups. But seems there is no way to unseal cluster after migration from Shamir to transit