migrate or backup vault data between two physical backends. in one operation or in a cron job.
tested with: vault v0.7
, consul
, dynamodb
- Before you run this tool, make sure that you are not running vault in the destination backend
create a config.json
file with this structure
{
"to": {
"name": "[[Backend Name]]",
"config": "[[Backend Config]]"
},
"from": {
"name": "[[Backend Name]]",
"config": "{[[Backend Config]]"
}
}
where from
, is the source backend, and to
is the destination
remember only use strings in the backend config values!!!
- from dynamodb to consul
{
"to": {
"name": "consul",
"config": {
"address": "127.0.0.7:8500",
"path": "vault",
"token": "xxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
}
},
"from": {
"name": "dynamodb",
"config": {
"ha_enabled": "true",
"table": "vault",
"write_capacity": "1",
"access_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"secret_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
},
"schedule": "@daily"
}
this will backup each 24 hours your data in dynamodb to a consul instance.
full list of storage backends and configuration options: Vault Storage Backends
schedule
is optional if is not defined the command will run only once, for more documentation about is format please check robfig/cron
curl -LO https://github.com/nebtex/vault-migrator/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/vault-migrator/master/stable.txt)/vault-migrator_darwin_amd64.zip
curl -LO https://github.com/nebtex/vault-migrator/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/vault-migrator/master/stable.txt)/vault-migrator_linux_amd64.zip
curl -LO https://github.com/nebtex/vault-migrator/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/vault-migrator/master/stable.txt)/vault-migrator_windows_amd64.zip
unzip and make the vault-migrator binary executable and move it to your PATH
full list of downloads for other platforms here
vault-migrator --config ${your_config_path}
docker pull nebtex/vault-migrator:$(curl -s https://raw.githubusercontent.com/nebtex/vault-migrator/master/stable.txt)
docker run -v ${your_config}:/etc/vault-migrator.json nebtex/vault-migrator
To contribute to this project, see CONTRIBUTING.
vault-migrator is licensed under the APACHE License v2. See LICENSE for the full license text.