Vault data migration

I have migrated vault data from an existing working setup to a new vault server using “operator migrate” command. Migration was successful and complete, but while trying to retrieve an existing policy from the new server, it throws an error “policy” doesn’t exist. Any suggestions.

Environment - O/S centos7, Vault version - 0.11.1, Vault backend - Consul

Hi. Does this error occur for any policy? Also, was consul both the source and destination backend?

Thanks,
Jim

Yes, backend is same for both the setups [ consul ]. issue remains same for all the policies.

Thanks,
Santosh D

Is the new server using the same version of Vault? It shouldn’t matter, but would be good to know. Do other Vault operations work (e.g. vault auth list)? Did you just move the data and then start the server? In particular, vault operation init shouldn’t be run.

The migrate command is pretty simple, just a mass move of all data at the physical level from one storage backend to another. Nothing is decrypted or reprocessed. If the migration completed and you can’t read data, I’d suggest checking the permissions and access the new Vault server has to the storage.

Regards,
Jim

All the permissions are in tact, infact was able to over write the existing policy but couldn’t read the one which was migrated.

One more thing, using different set of unseal keys and login token [ root/provisioner]

Thanks,
Santosh Kumar D