We have vault server launched in our device. We had 1 key created during our development to init/unseal vault. This key is working properly during first boot of vault.
init:
KEY = vault operator init -key-shares=1 -key-threshold=1
During reboot, we see the vault is already initialised but sealed. To unseal the vault, we try the same command, which was used in first boot of vault as shown below:
unseal:
vault operator unseal -tls-skip-verify “$KEY”
Here we see the $KEY seems to be have same content
Any reason why vault throws error stating keys are invalid?
Environment:
- Vault Server Version (retrieve with
vault status):
vault status
Key Value
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.2.3
Cluster Name xxx
Cluster ID xxxx
HA Enabled false
- Vault CLI Version (retrieve with
vault version):Vault v1.2.3 - Server Operating System/Architecture:Linux
Vault server configuration file(s):
disable_mlock = true
storage “file” {
path = “/xx/xx/xx/vault/”
}
listener “tcp” {
address = “127.0.0.1:xxxx”
tls_min_version = “tls12”
tls_cert_file = “/xx/xx/xx/xx.crt”
tls_key_file = “/xx/xx/xx/xx.key”
tls_client_ca_file = “/xx/xx/xx/xx.crt”
}
api_addr = “https://127.0.0.1:xxxx”