Hashicorp vault migrate storage backend from file to mysql

In this article we will migrate file storage backend with existing data to the mysql storage backend.

Create mysql database , users and grant privilege:

create database and database user for vault

MariaDB [(none)]> CREATE DATABASE vault;
MariaDB [(none)]> CREATE USER 'vault_user'@'localhost' IDENTIFIED BY 'password';

grant privileges for the vault user

MariaDB [(none)]> GRANT ALL PRIVILEGES ON vault.* TO 'vault_user'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

Create migrate.hcl file:

create migrate.hcl file with source and destination storage backend credentials

storage_source "file" {
  path = "/opt/vault/data"
}

storage_destination "mysql" {
  username = "vault_user"
  password = "vault_mysql_password"
  database = "vault"
}

cluster_addr = "http://127.0.0.1:8200"

Migrate data:

migrate data from source to destination using the below comment

vault operator migrate -config=migrate.hcl -start="core/auth"

After successful migration change storage backend in vault config file

storage "mysql" {
  username = "vault_user"
  password = "vault_mysql_password"
  database = "vault"
}

Subscribe to The MakInfraTek Blogs

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe