Migrate Vault to a new Kubernetes cluster

ashish-shiftright · June 17, 2021, 3:49pm

I am using Kubernetes authentication in Vault.
Also, I am using Auto unseal using AWS KMS.
I want to use same vault in new Kubernetes cluster. So, I have to set new Kubernetes auth config in Vault.
The problem is that I am not able to do that as I do not have access to root key to perform this operation. Is there any other workaround?
Another option is that

I create a new Vault instance
I take backup of all secret data from old vault and put it back to new Vault. But it is going to be painful exercise.

Please let me know what I can do here.

hsimon-hashicorp · June 18, 2021, 4:05pm

Hello!

You can generate a new root token as demonstrated in this guide: Generate Root Tokens Using Unseal Keys | Vault - HashiCorp Learn

Please let me know if that helps answer your question, or if you have any other issues. Thanks!

Topic		Replies	Views
Migrate secrets from non-working Vault to a new one Vault vault	7	202	June 8, 2023
Make vault survive redeployment Vault k8s , helm	1	1218	January 8, 2021
Vault setup on kubernetes using operator & migrating data from one vault to another Vault vault	29	3711	February 17, 2023
Moved to new Node Group and now get permission denied with root token Vault k8s	1	183	September 7, 2023
Existing Vault with KMS HCP Vault vault	2	414	November 30, 2022

Migrate Vault to a new Kubernetes cluster

Related topics