Sign in Subscribe

Hashicorp vault migrate storage backend from file to mysql

In this article we will migrate file storage backend with existing data to the mysql storage backend.

Create mysql database , users and grant privilege:

create database and database user for vault

MariaDB [(none)]> CREATE DATABASE vault;
MariaDB [(none)]> CREATE USER 'vault_user'@'localhost' IDENTIFIED BY 'password';

grant privileges for the vault user 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON vault.* TO 'vault_user'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

Create migrate.hcl file:

create migrate.hcl file with source and destination storage backend credentials

storage_source "file" {
  path = "/opt/vault/data"
}

storage_destination "mysql" {
  username = "vault_user"
  password = "vault_mysql_password"
  database = "vault"
}

cluster_addr = "http://127.0.0.1:8200"

Migrate data:

migrate data from source to destination using the below comment

vault operator migrate -config=migrate.hcl -start="core/auth"

After successful migration change storage backend in vault config file

storage "mysql" {
  username = "vault_user"
  password = "vault_mysql_password"
  database = "vault"
}

Subscribe to The MakInfraTek Blogs

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe