Lupa Root Token Vault? Begini Cara Generate Ulang dengan Aman

Rivaldy Ahmad AzharRivaldy Ahmad Azhar
2 min read

Pastikan kalian menyimpan unseal key, contoh unsel key yang saya miliki.

Unseal key 1: u+uZSmPT716nwujVRWtWb914OpyaZ1cb46+RUulXMxfb
Unseal key 2: ip6wCHdzXoZ8QaHqcmtkYhr3mVT8gnJ7O3oOujOJKJWH
Unseal key 3: /1Vvq4IR55Bk0xiK8mjRAakiSqvVd1vp4uLX4ojsfI5v

Generate root token baru

vault operator generate-root -init

Nanti akan muncul output seperti ini

A One-Time-Password has been generated for you and is shown in the OTP field.
You will need this value to decode the resulting root token, so keep it safe.
Nonce         11f7de63-ed82-248a-0866-546bebc11a57
Started       true
Progress      0/3
Complete      false
OTP           PBlDEpvVPc04EmldBcwaO3HuDFd5
OTP Length    28

Generate lagi sebanyak 3x menggunakan kode nonce, karena threshold key vault nya 3x.

vault operator generate-root -nonce 11f7de63-ed82-248a-0866-546bebc11a57

Nanti akan muncul output seperti ini, masukan unseal keynya.

Operation nonce: 11f7de63-ed82-248a-0866-546bebc11a57
Unseal Key (will be hidden):

Nanti akan muncul output seperti ini, disini terlihat Progress nya 1/3, jadi perlu 2x generate root token lagi sampai 3/3.

Nonce       11f7de63-ed82-248a-0866-546bebc11a57
Started     true
Progress    1/3
Complete    false

Setelah selesai, tinggal decode dan masukan juga kode otp nya.

vault operator generate-root -decode ODQfaj9ABhhgEVcAAANbUnsMMiAnAisjLyNTBA -otp PBlDEpvVPc04EmldBcwaO3HuDFd5

Nanti akan muncul output root token

hvs.z0pN0rg4En769oEAh1cVke71

Verifikasi tokennya

export VAULT_TOKEN="hvs.z0pN0rg4En769oEAh1cVke71"

vault token lookup

Nanti akan muncul output seperti ini, terlihat path auth/token/root yang artinya ini token root.

Key                 Value
---                 -----
accessor            2vbd3Jq9TQzSaDqR32XquIQo
creation_time       1746813304
creation_ttl        0s
display_name        root
entity_id           n/a
expire_time         <nil>
explicit_max_ttl    0s
id                  hvs.z0pN0rg4En769oEAh1cVke71
meta                <nil>
num_uses            0
orphan              true
path                auth/token/root
policies            [root]
ttl                 0s
type                service
0
Subscribe to my newsletter

Read articles from Rivaldy Ahmad Azhar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

VaultSecurity

Written by

Rivaldy Ahmad Azhar
Rivaldy Ahmad Azhar