Configured Vault using Auto-unseal using Transit Secrets Engine.
As mentioned in the following doc I’ve configured multiple vaults and everything seems to be working fine.
Vault A ( This is configured to use for unsealing the Vault B as mentioned in the above doc )
Vault B ( This is the actual vault where we store stuff… )
After Vault is up and running I tried the validating the following scenario.
What if I lost the unseal vault server (Vault A )?
- I got to know that we can recover the vault server ( Vault B ) with the recovery key which we get while initializing vault ( Vault B ).
- In Vault server ( Vault B) first I tried sealing the vault manually, unsealing it using recovery key and this worked fine.
- Now I stopped the unseal vault server ( Vault A) and restarted the vault server ( Vault B ) and trying to unseal it with recovery key ( which i got when vault B is initialized ) gives me connection refused.
I believe vault should come up with initialized, sealed mode so that I can unseal with the recovery key but that doesn’t seems to happen in my case.
Am i missing anything here ?