Vault backup and migrate to another server


I am new to hashicorp vault. Recently I installed a vault on one of my Linux servers. I tried adding some secrets using vault kv put test-key/aws/s3-objects secret=xxxxxx.

Now I want my vault to move from the current server to another. For that, I have referred to many docs related to it. Unfortunately, I am finding those steps more complicated and unable to proceed with the migration.

Also found the below steps which I feel to try, but still facing an issue:

1) Seal the old vault , Stop Vault  
2) Started the new Vault Server (Didn't initialize as said)
3) Create migrate.hcl script
storage_source "file" {
path = "/vault/data/file"

storage_destination "consul" {
address = "consul:8500"
path = "vault/"
4) Run the vault operator migrate -config=migrate.hcl
5) Initialise and Unseal Vault
6) Success in migration but no secrets transferred

I amconfused, as I am not sure with the above steps, will I be able to move the entire vault from my server A to server B? Also I tried to take a backup first, but ended up with the error as below:

 consul snapshot save backup.snap
Error saving snapshot: Get "": dial tcp connect: connection refused

There is not enough detail in your post to allow others on this forum to effectively help you.

Are you actually attempting to migrate from file storage to consul storage, or is that just what the steps you found were originally written for?

These steps are incorrect, after an operator migrate, you do not initialise Vault. Initialisation is only for creating new Vault datasets, which does not apply if you migrated in an existing one.

That sounds contradictory. Post full logs from any operation that didn’t do what you expected.

Apparently you tried to take a backup from a Consul server that is not running.


Thank you for the response, @maxb.

Regarding file storage, consul storage, and other things, I have no idea. I set up vault on one of our servers and used vault kv put test-key/aws/s3-objects secret=xxxxxx to store some passwords.

I now wish to move this vault and the saved password to a different server.

I found the aforementioned migration procedures in a document when searching for vault migration in my prior response.