Transit backup restore
348 views
Skip to first unread message
Zaid Amir
Sep 24, 2018, 4:30:03 AM9/24/18
to Vault
Hi,
Is there any documentation regarding transit's backup/restore APIs? I cannot find any documentation nor examples
redserpent7
Sep 24, 2018, 4:33:52 AM9/24/18
to Vault
I want to backup a transit keyring in order to use load it on a different server as I need the same encryption key across multiple regions
Choffman
Sep 24, 2018, 7:18:11 AM9/24/18
to Vault-Tool
See the API documentation here https://www.vaultproject.io/api/secret/transit/index.html#backup-key.
Chris
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/eb1177be-cd02-4bf1-a781-5ea77c21a1f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
redserpent7
Sep 24, 2018, 7:46:20 AM9/24/18
to Vault
Thanks, was looking for a cli command but that'll do. Do you happen to know which permissions are required to do a backup/restore. I created a policy to have create and read capabilities on transit/* but it gives me 'exporting is disallowed on the policy' when I try to do a backup.
Bruno Mattarollo
Sep 24, 2018, 8:13:51 AM9/24/18
to vault...@googlegroups.com
Hi there
The API documentation has an endpoint for the key configuration and you will find there an attribution to allow plaintext backups of keys. I presume you need to change the configuration on your keys prior to attempt the backup.
Note: if you are in a PCI environment (for example) having access to the plaintext version of your key will carry a whole different set of issues, since you cannot unset that parameter use with caution.
Hope this helps.
B
Mobile, so being brief
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/787b9958-93f8-4467-b2db-46fd2ec1dc63%40googlegroups.com.
Chris Hoffman
Sep 24, 2018, 8:18:51 AM9/24/18
to Vault
I’d recommend reading about the `vault read` and `vault write` commands that allow for operations against most of vault’s paths.
Additionally, I would read up on policies and how they are constructed from API paths. See https://www.vaultproject.io/docs/concepts/policies.html#policy-syntax.
Chris
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/787b9958-93f8-4467-b2db-46fd2ec1dc63%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages