Re-initializing a Vault cluster using Integrated storage can be done by removing or renaming Vault's database on disk. This can be useful for resetting a node to re-join a Raft cluster.
Warning, these steps will remove all Vault data on the node. Please create a backup before removing data. |
- Locate your Vault configuration file
- The storage stanza will show the path to the raft storage database
storage "raft" {
path = "/var/raft/"
node_id = "node3"
retry_join {
leader_api_addr = "https://node1.vault.local:8200"
}
retry_join {
leader_api_addr = "https://node2.vault.local:8200"
}
}
- Stop the Vault service on the node
systemctl stop vault
- Remove the contents or the raft/ directory
rm -rf /var/raft/*
- Start the Vault service and verify the process is running
systemctl start vault
The node will be in an uninitialized state and can be initialized or joined to an existing cluster.
vault status
Key Value
--- -----
Seal Type shamir
Initialized false Sealed true Total Recovery Shares 0 Threshold 0 Unseal Progress 0/0 Unseal Nonce n/a Version 1.9.4+ent
Storage Type raft
HA Enabled true
While the node is uninitialized, the logs will state the security barrier is not initialized.
[INFO] core: security barrier not initialized=
For more information, see the Learn guides for integrated storage: