We are currently using Vault OSS in production, and for the backup or restore of Vault’s encrypted data we are using the HashiCorp-supported storage backend APIs :
Backup : GET /sys/storage/raft/snapshot
Restore: POST /sys/storage/raft/snapshot
From the information provided in the documentation, it seems that there is no solution for
a partial backup/restore. In order to perform a restore procedure, it is needed to spin up a fresh cluster and restore from the latest backup.
Does anyone has come with a solution on this or what would be the best practice/approach ?
There is no support in Vault currently for partial backup/restore.
I don’t believe it’s possible, with full generality.
With certain simplifying assumptions/limitations, it might become possible, but it would still then require some fairly significant feature development inside the core of the Vault product.