Vault on GKE Backup

Hello All,

I have setup community Vault on Google kubernetes Engine with Google cloud storage as a backend. I am not sure how to take backup of running vault. I have tried to take backup of backend Google cloud storage using Storage transfer service in GCP. But when I restore the Storage bucket data only policies are getting recovered, secrets and secret engines are not getting recovered. Is there any other better way to back vault which is running on kubernetes.

The root cause of your issue is that simply backing up the Google Cloud Storage bucket used by Vault doesn’t capture the full state of Vault, including its encryption keys and the state of dynamic secrets and engines. For a comprehensive backup, you need to employ a strategy that includes Vault’s data, its configuration, and encryption keys, ensuring all aspects are consistently and securely backed up.



Thanks Tim. Let us know how to employ a strategy to backup all vault components. We tried to use vault native backup which create backup.snap file but it was not working with GCS as a backend. It requires consul or raft as a backend and we cannot use both raft+ gcs as a backend.

Hi @omkar.gujar ,

Have you reviewed the backup and restore tutorials here:

Not specific to running on any specific platform, but should give you an idea of what to back up.

Hi Jonathan,

I have read above documentation from official website but it can backup only if we used raft or consul as a backend storage. It was not working with GCS as a backend.