Vault init failure

617 views
Skip to first unread message

Shashank Parab

unread,
Jul 1, 2019, 5:58:46 PM7/1/19
to Vault
Hi All,
I am trying to initialise vault using api. But its failing with error : 
{"errors":["recovery configuration must specify a positive number of shares"]}

Below are more details

#Command
curl --request PUT -d '{"secret_shares": 1, "secret_threshold": 1}' http://127.0.0.1:8200/v1/sys/init

#Config
log_level = "trace"
api_addr  = "http://127.0.0.1:8200"
ui        = true

storage "s3" {
bucket = "vault-storage"
region = "eu-west-1"
}

listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}

seal "awskms" {
region = "eu-west-1"
kms_key_id = "xxxxx"
}

Message has been deleted

Nicholas Keenan

unread,
Jul 12, 2019, 9:55:22 AM7/12/19
to Vault
Hi Shashank,

We're running into the same issue. Did you ever find a solution to get this working?

Thanks

Michel Vocks

unread,
Jul 19, 2019, 4:04:10 AM7/19/19
to Vault
Hi there!

Auto-Unseal uses the recovery key options for initialization. This should work:
curl --request PUT -d '{"recovery_shares": 1, "recovery_threshold": 1}' http://127.0.0.1:8200/v1/sys/init

This is also mentioned in the documentation: https://www.vaultproject.io/docs/concepts/seal.html#auto-unseal

Cheers,
Michel
Reply all
Reply to author
Forward
0 new messages