Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to migrate seal in V1.1.0 #6455

Closed
rashmisinghgaurav opened this issue Mar 22, 2019 · 1 comment
Closed

Unable to migrate seal in V1.1.0 #6455

rashmisinghgaurav opened this issue Mar 22, 2019 · 1 comment
Milestone
1.1.1

Comments

@rashmisinghgaurav
Copy link

rashmisinghgaurav commented Mar 22, 2019
edited
Loading

Environment:

  • Vault Version: 1.1.0
  • Operating System/Architecture: Linux

Vault Config File:

storage "consul" {
address = "127.0.0.1:8500"
tls_skip_verify = "false"
scheme = "http"
redirect_addr = "https://vault1.**.com.:8200"
disable_clustering = "false"
}

ui = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "vault1.**.com.:8201"

tls_cert_file = ""
tls_key_file = ""

tls_min_version = "tls10"
}
telemetry {
statsd_address = "localhost:8125"
disable_hostname = true
}

seal "awskms" {
disabled = "true"
region = "us-east-1"
kms_key_id = "abc"
}

Startup Log Output:

Error:
Could not create barrier seal! Most likely proper Seal configuration information was not set, but no error was generated.

Expected Behavior:
Migrate seal configuration from AWSKMS to Shamir

Actual Behavior:

Steps to Reproduce:

Important Factoids:

References:

I am trying to migrate the seal configuration from KMS to Shamir in Vault 1.1.0.. However, I am getting the error mentioned above.
Steps:

  1. Stop running vault server
  2. Update vault seal config by adding disabled flag to true
  3. Start Vault server
  4. Unseal vault with -migrate flag
@jefferai jefferai added this to the 1.1.1 milestone Mar 22, 2019
@jefferai jefferai mentioned this issue Mar 22, 2019
Merged
@jefferai
Copy link
Member

This will be fixed in 1.1.1; in the meantime you can get past this by putting

seal "shamir" {
}

in your config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.1
Development

No branches or pull requests
2 participants
@jefferai @rashmisinghgaurav