I am migrating to new physical server and I need to migrate Vault (v1.3.2) along with it’s backend to the new machine (debian 10). I have already moved the backend (postresql database) and downloaded the vault binary there.
The problem is, if I try to unseal the vault on the new machine, I get core: post-unseal setup failed: error="failed to read request counters: decryption failed: cipher: message authentication failed"
Note that the same unseal keys work on the old server just fine
If I truncate the postgresql table and initilialize the vault on the new server, then the new unseal keys work like a charm, but now I have no data.
I assume that bluntly copying rows from the old database would be no good, as the values wouldn’t be decrypted
My question is: how do I migrate vault with the old data (and preferably old unseal keys) to the new server - are there some hidden or no-so-hidden files I need to copy over so that the unseal process will work?
Or is there any recommended guide that I missed?