Currently, I have vault v1.0.3 configured with KV1 secret engine. We are planning to upgrade to latest vault, v1.8.x.
There are few things that I would like your input, suggestion on the following:
- (Knowing that skip upgrade works as per vault forum/discuss) Should I do skip upgrade from v1.0.3 to v1.8.x and keep KV1 secret engine? I don’t know if this possible.
- Or should I convert KV1 to KV2 on v1.0.3, test it out, and then upgrade to vault v1.8.x?
Also for upgrading KV1 to KV2, as per this how-to, I was thinking the following steps:
- Set up maintenance window
- To prepare for minimal downtime, duplicates all the existing ACL Rules (This is due the path different between KV1 and KV2 as per documentation above).
- Issue command to enable kv-2.
- Test it out (CLI and from the application that using it) using a new KV2 path.
- Once everything is OK, delete the old KV1 ACL Rules.
Let me know if the above is “good enough” to either the upgrade to v1.8.x and migrate to KV2.