Problem
Terraform Enterprise uses an internal Vault instance to encrypt and decrypt sensitive values. If communication between Vault and its storage backend is interrupted, it cannot perform these operations, and Terraform Enterprise will display the following error message.
Error fetching data Vault, a service used to store secrets in Terraform Enterprise, has encountered an error retrieving a secret. This can mean the vault is sealed and needs to be unsealed to resume operations.
Cause
Terraform Enterprise's internal Vault instance has become sealed due to a loss of connectivity to its storage backend. This issue often occurs after a restart or failover of the PostgreSQL database instance.
Solutions
Attempt the following solutions in the order they are presented.
Solution 1: Restart the Vault Container
Restarting the Vault container may re-establish the connection to the storage backend.
-
Stop the Vault container.
$ docker stop tfe-vault
-
Start the Vault container.
$ docker start tfe-vault
Note: For Terraform Enterprise releases prior to v202205-1, the container is named ptfe_vault.
Solution 2: Restart the Application
If restarting the container does not resolve the issue, restart the entire Terraform Enterprise application using replicatedctl.
-
Stop the application.
$ replicatedctl app stop
-
Start the application.
$ replicatedctl app start
Solution 3: Disable SSL Mode for PostgreSQL
In some environments, SSL connection issues can cause this problem. You can temporarily disable SSL to test this cause.
Add the following value to the PostgreSQL optional extra parameters in the Replicated management console dashboard: sslmode=disable.
Solution 4: Upgrade Terraform Enterprise
If you are using a release prior to v202110-1, upgrade to version v202110-1 or a later release. This version contains fixes that may address the underlying cause of the connectivity loss.