Migrate Vault to a new Kubernetes cluster

I am using Kubernetes authentication in Vault.
Also, I am using Auto unseal using AWS KMS.
I want to use same vault in new Kubernetes cluster. So, I have to set new Kubernetes auth config in Vault.
The problem is that I am not able to do that as I do not have access to root key to perform this operation. Is there any other workaround?
Another option is that

  • I create a new Vault instance
  • I take backup of all secret data from old vault and put it back to new Vault. But it is going to be painful exercise.

Please let me know what I can do here.


You can generate a new root token as demonstrated in this guide: Generate Root Tokens Using Unseal Keys | Vault - HashiCorp Learn

Please let me know if that helps answer your question, or if you have any other issues. Thanks!