Hello,
I am running vault on Kubernetes with Postgres backend. Everything was working well, until an update triggered a pod restart. Vault started in sealed mode, and now I am not able to unseal. This is the message I see after entering the last unseal key:
Code: 500. Errors:
- failed to decrypt encrypted stored keys: cipher: message authentication failed`
Anyone has an idea why this is happening ? Am I not supposed not to restart Vault under no circumstance ?
Hello,
This error message - * failed to decrypt encrypted stored keys: cipher: message authentication failed usually means that the unseal keys that you are using to unseal Vault are not correct. Can you verify them?
Martin
Correct. You should have 1 or more recovery keys
Thanks. I tried the same (restarting vault) in another env, and it worked, so I bet it’s the keys (Maybe I forgot to copy the recent ones). I don’t seem to find the recovery key, just 5 keys in addition to the root token. I think I am going to reset Vault since this just dev environment. I was just concerned it could happen in production.
I am glad it worked out. The 5 keys that you have are the recovery keys.
Cheers