On Mon, 2024-12-16 at 09:49 +0100, Jan Wasilewski wrote:
Hi Andy,
Can’t you unseal your vault using the official procedure from the Vault page [1]? The full concept is described here [2].
/Jan Wasilewski
[1] https://developer.hashicorp.com/vault/tutorials/getting-started/getti ng-started-deploy#seal-unseal [2] https://developer.hashicorp.com/vault/docs/concepts/seal
Actually, no... this is part of my charmed openstack environment. I stupidly let the certs expire... and now I get this: Error unsealing: Error making API request. URL: PUT http://127.0.0.1:8200/v1/sys/unseal Code: 500. Errors: * failed to check seal configuration: x509: certificate has expired or is not yet valid: current time 2024-12-16T19:51:48Z is after 2024-12- 04T20:22:24Z I'm really not sure what cert it's complaining about... locally, the vault cli client doesn't connect via TLS... so, it must be taking about a cert for the mysql backend that vault's using... but, I can't seem to figure out how to get vault to ignore ANY and ALL certs to move forward on this.
pt., 13 gru 2024 o 23:51 Andy Speagle <aspeagle@toyon.com> napisał(a):
Well... the plot thickens here... my vault is fully sealed now and with the certs expired, I can seem to find a way to unseal it in order to get the certs replaced.
Is there anything to be done here?
-- Andy Speagle Sr. Site Reliability Engineer Toyon Research Corporation 316.617.2431