Transfer data from GCS to AWS S3

akash-resson · July 15, 2020, 2:05pm

Hello,

I have my vault at GCS from where I downloaded all the data to my local and testing it to upload on S3 but when I am trying to unseal the vault in my local it is giving an error of
Error unsealing: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/unseal
Code: 500. Errors:

*** core: barrier reports initialized but no seal configuration found**

Can you please which step I am missing

mikegreen · July 15, 2020, 3:04pm

Please post your config file…

akash-resson · July 15, 2020, 3:26pm

Let me explain the full scenario, I have vault running on GKE but now I want to transfer it to AWS i.e I downloaded the whole GCS bucket in local and try to test it but when I am trying to unseal it in local it giving me this error

Error unsealing: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/unseal
Code: 500. Errors:

** core: barrier reports initialized but no seal configuration found**

and here is my config file

storage “file” { **
** path = "/opt/vault"
}

listener “tcp” { address = "127.0.0.1:8200"
** tls_disable = 1**
}
ui = true
disable_mlock = true

mikegreen · July 15, 2020, 3:46pm

Why are there asteriks ** in the config file?

Is your vault data in /opt/vault?
Does the vault user have permissions?

akash-resson · July 15, 2020, 4:02pm

There are not asteriks ** in my config this comes when I pasted it here and make it bold and I have also tried 777 permission

mikegreen · July 15, 2020, 4:43pm

Have you always used shamir unsealing?
I think you can get this error when the storage backend is corrupt or missing - if you change /opt/vault to /foo does it show you the same error?
What does vault status show?

akash-resson · July 15, 2020, 5:16pm

when I changed the storage to /foo, error remains the same,

this is the seal-config from core
{“type”:“shamir”,“secret_shares”:5,“secret_threshold”:3,“pgp_keys”:null,“nonce”:"",“backup”:false,“stored_shares”:0}

Is there any other way so I can transfer my vault from GCP to AWS?

Screenshot_12

akash-resson · July 15, 2020, 6:30pm

I have just install a new vault and start it as a dev server and it is also giving the same error,

Error unsealing: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/unseal
Code: 500. Errors:

core: barrier reports initialized but no seal configuration found

mikegreen · July 15, 2020, 7:21pm

You have something else going on in your environment it appears. Vault in dev mode doesn’t need anything except the binary to run…

akash-resson · July 16, 2020, 11:53am

Okay, I will try that on a different env. and also can you suggest correct way to transfer vault from GCP to AWS

mikegreen · July 16, 2020, 5:55pm

I feel your problem is somehow the transferring or permissions of the file backend, which is not highly available or really durable given the other backends available.
Personally I’d migrate away from that backend to S3/RDS/Consul/Raft first, https://www.vaultproject.io/docs/commands/operator/migrate

akash-resson · July 16, 2020, 6:41pm

Thank you @mikegreen It’s working now