We have a live vault installed long ago and upgraded from time to time. It is now in version 1.7.1. But we recently found that the /secret engine type is “generic”, while all our others vault are engine type kv (version 1). Probably the live vault as created before the engine type kv as created and never recreated and all other where recreated sooner or later.
AFAIK there is no way of converting any secret anything to another (save KV → KV_V2, and that’s not a conversion, it’s adding metadata/versioning to the same engine). Generic and KV are almost identical but there are differences and for any future admins that come in contact with your Vault app I would suggest exporting and importing your secrets into the proper KV engine setup as KV. There are python scripts that I have seen around that can do that for you.
Two notes if I may:
There are rarely any reasons to have multiple engines of the same type mounted. It sounds like you have generic and KV both mounted for different ? Unless you have metadata changes, all that can be done with paths and policies and are easier to manage than setting up multiple engines.
1.7.1 has known bugs/issues. I would review the change logs against your use pattern. 1.7.6 is the latest version. Depending on your backend 1.8 maybe even better (if using integrated storage)
Thanks for the reply! i suspected that was the case…we will do that
We do not have multiple engines in the same vault, but different vault setups (live, qa, staging, dev) and only the live one is still on the generic engine. As i said, probably because it is live and was never recreated since we started to use vault and all the other were recreated sooner or later during their lifetime.
For the version, we already upgraded in the dev and staging and plan to upgrade in the next few weeks the remaining setups