nebtex / vault-migrator Goto Github PK
View Code? Open in Web Editor NEWmigrate vault data between different physical backends
License: Apache License 2.0
migrate vault data between different physical backends
License: Apache License 2.0
I have vault backed by consul which I am migrating to filesystem for backup purposes.
If my vault kv has a key named foo
and a folder named _foo
... both want to become _foo
on the filesystem so I get a _foo is a directory
error when running vault-migrator.
Since vault is okay with foo
and _foo
, is there some way to configure the consul file
backend to make it handle this case? Do you have any advice that isn't: "don't do that, silly!" :-)
My config.json for vault-migrator --config config.json
:
$ cat backup.json
{
"to": {
"name": "file",
"config": {
"path": "/Users/jar349/projects/vault-backups/data"
}
},
"from": {
"name": "consul",
"config": {
"address": "localhost:8500",
"path": "vault/"
}
}
}
The term 'Moving' is bit scary
Values seem to properly migrate from consul to another consul end point (attempting to create a DR by leveraging copying from a consul cluster to another consul node - and starting a vault instance against that node).
When bringing up a vault node against the copy, the vault can be unsealed but a leader can't be established. Have tried vault 0.7.0 and 0.10.x
The exporting functionality does seem to work as expected however a new vault instance can't be used against the replicated set.
Do certain values have to be removed from consul to address this? I have attempted to delete the leader data and lock from /vault/core.
When those vaults are removed the following errors are constantly thrown when the vault is unsealed.
[ERROR] core: failed to read auth table: error="decryption failed: cipher: message authentication failed"
[INFO ] core: pre-seal teardown starting
[INFO ] core: pre-seal teardown complete
[ERROR] core: post-unseal setup failed: error="failed to setup auth table"
[INFO ] core: acquired lock, enabling active operation
[INFO ] core: post-unseal setup starting
[INFO ] core: loaded wrapping token key
[INFO ] core: successfully setup plugin catalog: plugin-directory=
[INFO ] core: successfully mounted backend: type=kv path=secret/
[INFO ] core: successfully mounted backend: type=system path=sys/
[INFO ] core: successfully mounted backend: type=identity path=identity/
[INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
[ERROR] core: failed to read auth table: error="decryption failed: cipher: message authentication failed"
Hi Team,
I have an existing Vault environment which is using dynamoDB as a backend and LDAP as an auth backend, it is using one ROOT key and 4 secrets.
I am migrating the dynamodb db to our new environment, new environment has consul as a backend
and Okta as an auth backend, it is using one ROOT key and 1 secrets key. After the migration, my auth backend, cluster config, RooT key, secrets key are getting overwritten.
How can i prevent that?
Hello,
I wanted to check whether it is possible to migrate vault data from a Vault community edition backed by Consul to Enterprise Vault + HSM backed by Consul.
I'm looking to only migrate secrets.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.