Vault is seal but i can not unseal

Error unsealing: Error making API request.

Code: 500. Errors:

  • unable to retrieve stored keys: failed to decrypt keys from storage: cipher: message authentication failed

Hi Gurban, welcome to HashiCorp Discuss!

How are you hosting your Vault? It looks like there might be a problem with your keys, but it’s tough to say without more information.

You aren’t the first person to encounter this error, though, so I’m sure we can figure it out! :slight_smile: Example A, Example B.

The unseal keys I had before don’t work. Now I want to regenerate the keys, but an error occurred, and the vault is sealed. That’s why I can’t do anything. That’s why I need help.”

Hi @gurban.suleyman
The first step is to initialize Vault. This can be done by executing the command:

$ vault operator init

In this step, Vault server will throw unseal keys and root token. These keys should be stored somewhere safe. The next step is to unseal the Vault server by executing:

$ vault operator unseal

where it will require three from five keys that were generated in the previous step.
If you are not using dev mode. those keys are stored in a physical volume.