Hashicorp vault migrate storage backend from file to mysql
In this article we will migrate file storage backend with existing data to the mysql storage backend.
Create mysql database , users and grant privilege:
create database and database user for vault
MariaDB [(none)]> CREATE DATABASE vault;
MariaDB [(none)]> CREATE USER 'vault_user'@'localhost' IDENTIFIED BY 'password';
grant privileges for the vault user
MariaDB [(none)]> GRANT ALL PRIVILEGES ON vault.* TO 'vault_user'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit
Create migrate.hcl file:
create migrate.hcl file with source and destination storage backend credentials
storage_source "file" {
path = "/opt/vault/data"
}
storage_destination "mysql" {
username = "vault_user"
password = "vault_mysql_password"
database = "vault"
}
cluster_addr = "http://127.0.0.1:8200"
Migrate data:
migrate data from source to destination using the below comment
vault operator migrate -config=migrate.hcl -start="core/auth"
After successful migration change storage backend in vault config file
storage "mysql" {
username = "vault_user"
password = "vault_mysql_password"
database = "vault"
}