How to reset or "un-initialize" vault?
Solution 1
Per the discussion of this same question here: https://groups.google.com/forum/#!msg/vault-tool/xuO8IInubDg/SBHMP2PKAwAJ, the answer is:
Vault is storing its state in Consul, so if you shut down Vault and delete Vault's key prefix in Consul things should start clean again.
Solution 2
Just in case someone reads this post with the same intention as I did -> looking for "file"-backend or "database"-backend
file backend:
If you look into the vault configuration file (e.g. /etc/vault.d/vault.hcl)
There is a directive storage "file" { path = "/some/file/name" ......
Just empty the directory /some/file/name (do not remove, just emtpy).
database backend:
you just have to truncate the "vault_kv_store" table and restart vault:
psql -U myvaultdbuser -h myvaultDB.host.name -p5432 vaultdatabasname -c 'truncate table vault_kv_store';
... and to initialize again:
Then direct your Browser to e.g. http://localhost:8820/ui/vault/init to initialize it again
Solution 3
With any storage backend of Vault you should be able to just delete your storage. Looks like you were running into an bug with that older version of Consul.
ady8531
Updated on June 09, 2022Comments
-
ady8531 about 2 years
I'm trying to automate vault v0.8.0 deployment (vaultproject from Hashicorp) with a consul v0.9.1 backend.
Because it is a trial and error process I need to run "vault init" a couple of times (until I get it right) and get the keys.
Unfortunately I lost the keys and the root token.
I tried to stop vault and consul service - nothing "* Vault is already initialized" and "* Vault is sealed"
I stopped vault, removed the vault path from consul, started vault - same result - and at "vault init" I receive this error:
* expiration state restore failed: failed to scan for leases: list failed at path '': Unexpected response code: 403and it's creating the vault/ path again in consul and remain sealed.
How can I "reset" vault or make it UN-initialized and start over with "vault init" ?
This is the log:
Aug 10 05:01:49 TSLASOWROMM01 vault[9156]: ==> Vault server started! Log data will stream in below: Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.238436 [INFO ] core: security barrier not initialized Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.271844 [INFO ] core: security barrier initialized: shares=5 threshold=3 Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.320363 [INFO ] core: post-unseal setup starting Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.342931 [INFO ] core: loaded wrapping token key Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.356895 [INFO ] core: successfully mounted backend: type=generic path=secret/ Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.357342 [INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/ Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.357736 [INFO ] core: successfully mounted backend: type=system path=sys/ Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.358293 [INFO ] rollback: starting rollback manager Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.381808 [INFO ] expiration: restoring leases Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.383943 [INFO ] core: pre-seal teardown starting Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.384154 [INFO ] core: cluster listeners not running Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.384365 [INFO ] rollback: stopping rollback manager Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.384633 [INFO ] core: pre-seal teardown complete Aug 10 05:03:26 TSLASOWROMM01 vault[9156]: 2017/08/10 05:03:26.384909 [ERROR] core: post-unseal setup failed during init: error=expiration state restore failed: failed to scan for leases: list failed at path '': Unexpected response code: 403