Unable to upgrade - binary is right but vault status is wrong

first post. Apologize in advance for mistakes.
We tried to upgrade from 0.10.4 to 1.2.3
Download and installed the binary.
When starting it says 1.2.3 but vault status says:

Key Value

Seal Type shamir
Initialized false
Sealed false
Total Shares 3
Threshold 2
Version 0.10.4
Cluster Name vault-cluster-f9de5725
Cluster ID a9c992ba-c455-e622-28be-e40274127a51
HA Enabled false

Note that on restart the vault does not seal. What is the probelm? any help


The Vault version from the binary is the CLI version; from Vault status you’re seeing the version of the server you’re connected to.

Got it. But this is the server.hcl, should it not connect to itself?

storage “file” {
path = “/srv/vault/data”

listener “tcp” {
address = “”
tls_disable = 0
tls_cert_file = “/etc/vault/ssl/c42vault.weill.cornell.edu.fullchain.pem”
tls_key_file = “/etc/vault/ssl/c42vault.weill.cornell.edu.key”


The CLI doesn’t pay attention to the server config file. But the fact that vault is reporting a different version and doesn’t seal when restarted indicates that you are not connecting to the vault you think you are.

Try running your command with -output-curl-string and see what address it’s outputting.

First thanks for the help. Here is the output when I run /usr/local/bin/vault server -config=/etc/vault/config/server.hcl -output-curl-string

         Api Address:
                 Cgo: disabled
     Cluster Address:
          Listener 1: tcp (addr: "", cluster address: "", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
           Log Level: info
               Mlock: supported: true, enabled: true
             Storage: file
             Version: Vault v1.2.3

Is the cluster address part normal?

That’s the version of your local Vault binary, but the vault status command is showing the version of the remote server, which appears to be a different version.