Comment 2 for bug 2044120

As mitigation...

Get the juju secret id for vault, something like:-

juju show-unit vault/0 | yq ' .vault/0.relation-info[0].application-data.vault-initialization-secret-id '

Use that value to to query for the actual secret:

juju show-secret --reveal secret://d92fbccd-e7b6-43fe-8145-860bf3bdad19/cloqodhtpiev5hkf0p2g | yq ' .*.content.unsealkeys '

Extract the key from the output above and fire into the container:

kubectl exec -n openstack vault-0 -c vault -- vault operator unseal -tls-skip-verify 67e5bb1676ae564a67a7b1bddfc1f459c3b72db0765875f7270c662af87cee1d

Confirm its unsealed:

kubectl exec -n openstack vault-0 -c vault -- vault status -tls-skip-verify
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.15.3
Build Date n/a
Storage Type raft
Cluster Name vault-cluster-45284784
Cluster ID c0817a4e-d73c-2698-f2a4-7641f9afae71
HA Enabled true
HA Cluster https://10.1.191.173:8201
HA Mode active
Active Since 2023-12-08T11:59:40.958655679Z
Raft Committed Index 588
Raft Applied Index 588

Note: juju status vault/0 still shows it as 'Waiting for vault to be available'