Skip to main content

HashiCorp Vault Cluster Unseal

These steps are for a vault cluster that has been configured and started up, but is in an unsealed state.

Go to the first node, and do these:

NOTE: The ca.crt file is privileged, You will need to run these commands as the vaultroot user.
Run the following to switch to the vaultroot user:

sudo su - vaulti
# From an admin shell that can reach the VLAN:
export VAULT_ADDR="https://vault0204:8200"
export VAULT_CACERT="/opt/vault/tls/ca.crt"   # path on your admin box

# Initialize the cluster (choose your own shares/threshold)
vault operator init -key-shares=5 -key-threshold=3

Back to top