Vault doesn't Initialize with Auto-unseal using Transit Secrets Engine #480

Configured Vault using Auto-unseal using Transit Secrets Engine.

As mentioned in the following doc I’ve configured multiple vaults and everything seems to be working fine.

Vault A ( This is configured to use for unsealing the Vault B as mentioned in the above doc )
Vault B ( This is the actual vault where we store stuff… )

After Vault is up and running I tried the validating the following scenario.

What if I lost the unseal vault server (Vault A )?

  • I got to know that we can recover the vault server ( Vault B ) with the recovery key which we get while initializing vault ( Vault B ).
  • In Vault server ( Vault B) first I tried sealing the vault manually, unsealing it using recovery key and this worked fine. :heavy_check_mark:
  • Now I stopped the unseal vault server ( Vault A) and restarted the vault server ( Vault B ) and trying to unseal it with recovery key ( which i got when vault B is initialized ) gives me connection refused.

I believe vault should come up with initialized, sealed mode so that I can unseal with the recovery key but that doesn’t seems to happen in my case.

Am i missing anything here ?

1 Like