vault recovery key lost

[iv]

hello,

I use vault and for auto unseal we use aws kms. We used `vault operator init -recovery-shares=1 -recovery-threshold=1` to bootstrap initially vault. Unfortunately I lost the recovery key. I have the root token and vault is unsealed right now. What are my options to restore or generate new recovery keys so I can have them if I need them? In general what are my options?
Thank you very much

[Marco Franssen]

I would query all secrets out of vault, create a new cluster and initialize with the default 5 shares and 3 threshhold. Share those keys with 5 differnt people and repopulate the new cluster.

[Alexandra Freeman]

Hello and thank you for your email!

On June 3, 2019 HashiCorp launched Discuss, a forum to facilitate dialogue within the HashiCorp community. This format allows answers to be more readily searched and indexed, making it easier to find answers to existing questions and to share knowledge with each other.

The HashiCorp team will be shifting to interact with practitioners on the forum, and we will be phasing out the Google Groups; soon we will disable incoming messages, and use this group for outbound announcements only.

To prepare for this switch, please direct questions and conversations to the Vault discussion forum. We look forward to collaborating with you there!