Is the possible to recover the recovery keys when using GCP KMS?
It was not saved during the initialization and I need that to regenerate a new root token.
AFAIU, the rekey process won’t help because it’s necessary to pass the recovery keys in order to generate new ones.
In case that’s not possible, would the cloud provider (Google) has access to it in order to retrieve that?
The recovery keys are only displayed when you initialise Vault. If you don’t keep them or lose them the only option is to init Vault again, losing all the stored information. Google don’t have any access at all.