I have been searching all over and cannot come up with the correct search to find it. If I missed something please send me there.
I’ve got a kubernetes cluster running HA Vault with KMS auto unsealing and a dynamodb backend as my HA db.
I let Vault generate the SSH Signing CA Key private/public pair when creating the ssh-signing secret. The company saw the benefits and started using Vault’s ssh signing to interact with our server fleet.
Now I need to tinker with the cluster and I find tinkering with Kubernetes to be terrifying because I feel like I lack the mental capacity to handle Kubernetes failures. Is there any way to get the private ca key that was generated by Vault that is already being used by my fleet exported in case something goes wrong so that I can restore it somewhere else if need be and not lose access to our servers?
Thanks for any guidance you can give,