Unseal / Seal

Unseal

1. Select Create a new Raft cluster and click Next.

1. Enter 5 in the Key shares and 3 in the Key threshold text fields.

1. Click Initialize.

2. When the unseal keys are presented, scroll down to the bottom and select Download key. Save the generated unseal keys file to your computer.

The unseal process requires these keys and the access requires the root token.

1. Click Continue to Unseal to proceed.

2. Open the downloaded file.

Example key file:

{
  "keys": [
    "a9a4155582f27e086f763ddae1fe736120a99a707cda336753cf6c12b0004a91c2",
    "98be006f1a781611f366b7e707ad12175d988ee7fcf7e2451d35c033a415e0908c",
    "484548637d0e39b785694f8ef746f8ee7ba841aa7d6a232972bb8c8d6bac43a8a1",
    "04e1a240bdbd370df82629eda43e14204d3555d8b2d4159c293ed0777f8b4fb4bf",
    "676d0528e3da4d2f29290d203ecfd562e53d73efb7d5292206b52a7b599f67bb04"
  ],
  "keys_base64": [
    "qaQVVYLyfghvdj3a4f5zYSCpmnB82jNnU89sErAASpHC",
    "mL4Abxp4FhHzZrfnB60SF12Yjuf89+JFHTXAM6QV4JCM",
    "SEVIY30OObeFaU+O90b47nuoQap9aiMpcruMjWusQ6ih",
    "BOGiQL29Nw34JintpD4UIE01Vdiy1BWcKT7Qd3+LT7S/",
    "Z20FKOPaTS8pKQ0gPs/VYuU9c++31SkiBrUqe1mfZ7sE"
  ],
  "root_token": "hvs.z53fpZuNzc5iv71Achcmt3RN"
}

1. Copy one of the keys (not keys_base64) and enter it in the Master Key Portion field. Click Unseal to proceed.

The Unseal status shows 1/3 keys provided.

1. Enter another key and click Unseal.

The Unseal status shows 2/3 keys provided.

1. Enter another key and click Unseal.

After 3 out of 5 unseal keys are entered, Vault is unsealed and is ready to operate.

Seal

Go to the Seal Vault tab, click on the seal button.