Could you help me to find the base64 encrypted recovery_keys inside raft vault.db (bbolt)?
The cluster uses Raft and auto-unseal key using AWS KMS.
For the file store solution, Path to the encrypted recovery keys from the storage, found at core/_recovery-key.
bbolt keys vault.db data | grep core core/audit core/auth core/autoloaded-license core/cluster/feature-flags core/cluster/local/info core/hsm/barrier-unseal-keys core/index-header-hmac-key core/keyring core/leader/dceb963e-72a2-f1d4-ea8f-c903dbb57dd1 core/local-audit core/local-auth core/local-mounts core/lock core/master core/mounts core/raft/tls core/seal-config core/shamir-kek core/wrapping/jwtkey core/recovery-config core/recovery-key bbolt get vault.db data core/recovery-key
the command says binary output and point to the KMS key!
I am trying to use same solution as here: GitHub - bruj0/vault-recovery-key: This tool will decrypt your Vault recovery keys when using KMS to decrypt recovery keys.
NB: I checked the Vault with file storage, and the file core/_recovery_key contains the hash value, but the Raft storage recovey_key value is binary!