Generate root token when using AWS KMS Auto-seal
722 views
Skip to first unread message
tristan....@splashdamage.com
Feb 13, 2019, 4:17:52 AM2/13/19
to Vault
Hi All,
I have followed the instructions here https://learn.hashicorp.com/vault/operations/ops-autounseal-aws-kms to take advantage of AWS KMS.
But now I have managed to revoked my root token without having enough permissions in my admin policy to work without it.
So I am trying to generate a new root token following this guide: https://www.vaultproject.io/guides/operations/generate-root but when asked for an unseal key, I don't know what to use due to using AWS KMS.
Any help is appreciated in generating a new token without having to tear down and start fresh with my vault terraform.
Thanks
Any help is appreciated in generating a new token without having to tear down and start fresh with my vault terraform.
Thanks
Tristan
mic...@hashicorp.com
Feb 13, 2019, 5:36:51 AM2/13/19
to Vault
Hi,
Vault generates recovery keys when you run "vault operator init" and prints them along with your initial root token.
If you migrated from Shamir to autounseal you can use your previous Shamir keys to generate a new root token.
If both is not available you need to start from scratch.
Cheers,
Michel
Reply all
Reply to author
Forward
0 new messages