kubectl exec -n openstack vault-0 -c vault -- vault status -tls-skip-verify
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.15.3
Build Date n/a
Storage Type raft
Cluster Name vault-cluster-45284784
Cluster ID c0817a4e-d73c-2698-f2a4-7641f9afae71
HA Enabled true
HA Cluster https://10.1.191.173:8201
HA Mode active
Active Since 2023-12-08T11:59:40.958655679Z
Raft Committed Index 588
Raft Applied Index 588
Note: juju status vault/0 still shows it as 'Waiting for vault to be available'
As mitigation...
Get the juju secret id for vault, something like:-
juju show-unit vault/0 | yq ' .vault/ 0.relation- info[0] .application- data.vault- initialization- secret- id '
Use that value to to query for the actual secret:
juju show-secret --reveal secret: //d92fbccd- e7b6-43fe- 8145-860bf3bdad 19/cloqodhtpiev 5hkf0p2g | yq ' .*.content. unsealkeys '
Extract the key from the output above and fire into the container:
kubectl exec -n openstack vault-0 -c vault -- vault operator unseal -tls-skip-verify 67e5bb1676ae564 a67a7b1bddfc1f4 59c3b72db076587 5f7270c662af87c ee1d
Confirm its unsealed:
kubectl exec -n openstack vault-0 -c vault -- vault status -tls-skip-verify 45284784 d73c-2698- f2a4-7641f9afae 71 /10.1.191. 173:8201 08T11:59: 40.958655679Z
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.15.3
Build Date n/a
Storage Type raft
Cluster Name vault-cluster-
Cluster ID c0817a4e-
HA Enabled true
HA Cluster https:/
HA Mode active
Active Since 2023-12-
Raft Committed Index 588
Raft Applied Index 588
Note: juju status vault/0 still shows it as 'Waiting for vault to be available'