How to unseal Vault
There are two conditions that may cause Vault-protected secrets to become unavailable: when the Vault is sealed (using
vault operator seal – see the Vault documentation
↗ and when the Vault is unreachable through misconfiguration or other failure.
When the Vault is sealed, all queries involving secrets will fail with a user error mentioning that the Vault has been sealed. Unsealing the Vault requires operator intervention, via the
vault operator unseal command (again, see the Vault documentation
↗. MAAS will indicate when this is needed.
Vault may become unreachable due to a network failure, due to incorrect configuration of a region controller, or other unintentional situations. When the Vault is unreachable, MAAS will inform the users that interactions with Vault will fail.
MAAS will make every attempt to present a meaningful error if Vault is not functional. This includes related authentication errors when attempting to login to MAAS.
↗ is integrated with MAAS version 3.3. To enable Vault for use with your MAAS, please upgrade to MAAS 3.3.