Hello,

Could you help me to find the base64 encrypted recovery_keys inside raft vault.db (bbolt)?
The cluster uses Raft and auto-unseal key using AWS KMS.
For the file store solution, Path to the encrypted recovery keys from the storage, found at core/_recovery-key.

bbolt keys vault.db data | grep core
core/audit
core/auth
core/autoloaded-license
core/cluster/feature-flags
core/cluster/local/info
core/hsm/barrier-unseal-keys
core/index-header-hmac-key
core/keyring
core/leader/dceb963e-72a2-f1d4-ea8f-c903dbb57dd1
core/local-audit
core/local-auth
core/local-mounts
core/lock
core/master
core/mounts
core/raft/tls
core/seal-config
core/shamir-kek
core/wrapping/jwtkey
core/recovery-config
core/recovery-key

bbolt get vault.db data core/recovery-key 

the command says binary output and point to the KMS key!
I am trying to use same solution as here: GitHub - bruj0/vault-recovery-key: This tool will decrypt your Vault recovery keys when using KMS to decrypt recovery keys.

NB: I checked the Vault with file storage, and the file core/_recovery_key contains the hash value, but the Raft storage recovey_key value is binary!

Br,
Meraj