I am migrating to new physical server and I need to migrate Vault (v1.3.2) along with it’s backend to the new machine (debian 10). I have already moved the backend (postresql database) and downloaded the vault binary there.
The problem is, if I try to unseal the vault on the new machine, I get core: post-unseal setup failed: error="failed to read request counters: decryption failed: cipher: message authentication failed"
Note that the same unseal keys work on the old server just fine
If I truncate the postgresql table and initilialize the vault on the new server, then the new unseal keys work like a charm, but now I have no data.
I assume that bluntly copying rows from the old database would be no good, as the values wouldn’t be decrypted
My question is: how do I migrate vault with the old data (and preferably old unseal keys) to the new server - are there some hidden or no-so-hidden files I need to copy over so that the unseal process will work?
Hi @michelvocks, thanks for the advice, using the operator migrate command I was able to migrate to new db and the vault can be unsealed on the new server now, I guess some data got corrupted during database migration
Hi @minpet,
I’m in the process of moving Vault data / configuration from our non-prod Vault instance to production vault instance.
Our storage backend will be “raft” in production and is “raft” in non-prod.
Can you please provide the steps you followed to migrate data to new server?
Thanks
Chandra
@michelvocks ,
Can you please tell me if it is possible to move the data from test to prod using migrate? ( move data between clusters with raft as the backend )