Vault auto-unseal for gcp kms failing

Question

Vault auto-unseal for gcp kms failing

shehzad91 opened this issue 3 years ago · 5 comments

Hi All,

I'm trying to perform Vault auto-unseal using GCP KMS, however, its failing with below error. Something that i first encountered while working with this repository - https://github.com/terraform-google-modules/terraform-google-vault

I thought of taking out other components of vault infrastructure (LB, autoscaling etc) and jus test the vault auto unseal functionality following hashicorp guide, but its fail with same error every time.

Feb  1 20:48:37 vault-test vault[5335]: 2022-02-01T20:48:37.903Z [INFO]  core: stored unseal keys supported, attempting fetch
Feb  1 20:48:37 vault-test vault[5335]: 2022-02-01T20:48:37.903Z [WARN]  failed to unseal core: error="stored unseal keys are supported, but none were found"

Not sure if I'm missing something or this is a bug with vault auto-unseal using GCP KMS. Any help is much appreciated.

Thanks!

Answer 1 · 2022-02-07T17:08:48.000Z

You'll encounter this message if Vault hasn't been initialized yet - have you run vault operator init? https://www.vaultproject.io/docs/commands/operator/init

Answer 2 · 2022-02-07T18:42:26.000Z

You'll encounter this message if Vault hasn't been initialized yet - have you run vault operator init? https://www.vaultproject.io/docs/commands/operator/init

No, i have not executed any command, I'm expecting startup script to take care of installation and all setup. I'm seeing that error in google serial console, so i haven't even logged in to VM yet.

Answer 3 · 2022-02-07T18:52:41.000Z

Hi, please see the following guide on deploying and unsealing Vault - you do need to initialize Vault as part of the process. Thanks! https://learn.hashicorp.com/tutorials/vault/getting-started-deploy

Answer 4 · 2022-02-07T20:12:22.000Z

Thank you so much!, I got it working now. I was distracted by error in serial console thought something's not going right.

Answer 5 · 2022-02-07T20:15:41.000Z

Thank you so much!, I got it working now. I was distracted by error in serial console thought something's not going right.

Huzzah! I'm glad to hear that. I'll close this issue now, but if you run into any bugs you'd like to report, please feel free to open a new one. :)
There's also our Discuss forum, where you can get help more in the form of question-and-answer: https://discuss.hashicorp.com/c/vault/30