Migrate vault workload to a new k8s cluster

hsuabina · September 1, 2023, 11:22am

Hi,

I would like to migrate a vault community workload running in one GKE cluster to another GKE cluster.

Here are some details of the current vault setup:

Installed with the helm chart
Using only a K/V 2 secret engine mount
Using Cloud Storage as the storage backend. I have admin access to this bucket.
Using auto-unseal with CloudKMS managing seal keys. I have admin access to the keys in CloudKMS.
I have access to the root key
I do not have access to the recovery keys
Not using HA

I would like to preserve the keys stored in the current vault.

Ideally, I would like to continue using the current Cloud KMS keyring/keys and the current Cloud Storage bucket. But if there is no other way, I can regenerate these if needed.

What are my options here?

Thanks in advance

hsuabina · September 13, 2023, 12:25pm

I ended up exporting all secrets and importing them in the new vault instance (I used this cli), so I no longer need an answer.

It took almost two weeks for this post to stop being hidden (it was considered spam)… not very likely to come back to these community forums because of that.

Thanks,
H

Topic		Replies	Views
Vault getting unsealed when migrating to another cluster and a new KMS Vault k8s , vault	0	174	October 17, 2023
Existing Vault with KMS HCP Vault vault	2	419	November 30, 2022
Securing kubernetes secrets using a vault hosted in kubernetes? Vault k8s	0	223	September 9, 2022
Vault storage AND seal migration Vault	0	142	October 25, 2023
Vault setup on kubernetes using operator & migrating data from one vault to another Vault vault	29	3757	February 17, 2023

Migrate vault workload to a new k8s cluster

Related topics