We are setting up a 3 node cluster of vault on aws eks with raft storage and using auto unseal with awskms. In the vault documentation, it is mentioned to initialize server 1 and then use the recovery keys to unseal the other servers. Do we have to manually initialize all the servers which generate different recovery keys for different servers. Also in an eks environment do i have to add retry_join in the storage stanza ?
Hiya, I’m stuck here too.
I’ve done vault operator init on the first node.
The other nodes need to be unsealed, now how do I unseal everything else?
It already spewed out the Recovery Keys and the Root Token.
@debjitk Did you find an answer to this?
Replied in How do I unseal the other nodes - autounseal