Vault backup and migrate to another server

Niba-nazar · December 1, 2022, 5:28am

Hi,

I am new to hashicorp vault. Recently I installed a vault on one of my Linux servers. I tried adding some secrets using vault kv put test-key/aws/s3-objects secret=xxxxxx.

Now I want my vault to move from the current server to another. For that, I have referred to many docs related to it. Unfortunately, I am finding those steps more complicated and unable to proceed with the migration.

Also found the below steps which I feel to try, but still facing an issue:

1) Seal the old vault , Stop Vault  
2) Started the new Vault Server (Didn't initialize as said)
3) Create migrate.hcl script
storage_source "file" {
path = "/vault/data/file"
}

storage_destination "consul" {
address = "consul:8500"
path = "vault/"
}
4) Run the vault operator migrate -config=migrate.hcl
5) Initialise and Unseal Vault
6) Success in migration but no secrets transferred

I amconfused, as I am not sure with the above steps, will I be able to move the entire vault from my server A to server B? Also I tried to take a backup first, but ended up with the error as below:

 consul snapshot save backup.snap
Error saving snapshot: Get "http://127.0.0.1:8500/v1/snapshot": dial tcp 127.0.0.1:8500: connect: connection refused

maxb · December 1, 2022, 8:37am

There is not enough detail in your post to allow others on this forum to effectively help you.

Are you actually attempting to migrate from file storage to consul storage, or is that just what the steps you found were originally written for?

These steps are incorrect, after an operator migrate, you do not initialise Vault. Initialisation is only for creating new Vault datasets, which does not apply if you migrated in an existing one.

That sounds contradictory. Post full logs from any operation that didn’t do what you expected.

Apparently you tried to take a backup from a Consul server that is not running.

Niba-nazar · December 5, 2022, 11:36am

hi,

Thank you for the response, @maxb.

Regarding file storage, consul storage, and other things, I have no idea. I set up vault on one of our servers and used vault kv put test-key/aws/s3-objects secret=xxxxxx to store some passwords.

I now wish to move this vault and the saved password to a different server.

I found the aforementioned migration procedures in a document when searching for vault migration in my prior response.

Topic		Replies	Views
Migrating secrets from one vault(standalone) to new kubernetes vault Vault	1	261	February 28, 2023
Backup old consul (v0.6.4) Consul consul-vault	6	897	March 30, 2021
Hashicrop Vault Backup/Restore with SQL backup Vault	2	1188	May 10, 2022
Guidance on migrating data from vault/consul (antiquated versions) --> vault/raft (newest) Vault	1	351	August 14, 2020
Migrate vault from Non-HA to HA (Raft based backend) Vault k8s , raft , vault	9	2335	April 1, 2022

Vault backup and migrate to another server

Related topics