If you have not yet installed Hashicorp Vault, check out my article Install Hashicorp Vault on Docker.
The very first thing you do after installing Hashicorp Vault is to initialize the vault.
Then you will next unseal the vault.
- Unseal the vault using the vault operator unseal command (this article)
- Unseal the vault using Python hvac
Use the vault status command to determine if the vault is sealed our unsealed.
~]# vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 0/3
Unseal Nonce n/a
Version 1.8.1
Storage Type raft
HA Enabled true
If the vault is sealed, and you want to unseal the vault, refer to unsealing the vault, when using the vault operator init command to initialize the vault, the unseal keys will be displayed in the output.
Unseal Key 1: 4jYbl2CBIv6SpkKj6Hos9iD32k5RfGkLzlosrrq/JgOm
Unseal Key 2: B05G1DRtfYckFV5BbdBvXq0wkK5HFqB9g2jcDmNfTQiS
Unseal Key 3: Arig0N9rN9ezkTRo7qTB7gsIZDaonOcc53EHo83F5chA
Unseal Key 4: 0cZE0C/gEk3YHaKjIWxhyyfs8REhqkRW/CSXTnmTilv+
Unseal Key 5: fYhZOseRgzxmJCmIqUdxEm9C3jB5Q27AowER9w4FC2Ck
The vault operator unseal command can be used to unseal the vault. You will be prompted for the unseal key. Copy and paste one of the unseal keys. In this example, since threshold is 3, you'll have to run this command 3 times, with a different key each time, to unseal the vault.
vault operator unseal
Unseal Key (will be hidden):
After the vault has been unseal, the following should be displayed.
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 5
Threshold 3
Version 1.8.1
Storage Type raft
Cluster Name vault-cluster-5a74e067
Cluster ID 1dccb5c3-70a0-748-50f4-25e5908d00e4
HA Enabled true
HA Cluster n/a
HA Mode standby
Did you find this article helpful?
If so, consider buying me a coffee over at 