HashiCorp Cloud Platform (HCP) Vault provides access to critical operational tasks, such as sealing the cluster, accessing audit logs, and managing data snapshots.
In this tutorial, you will perform these operational tasks.
NOTE: This tutorial assumes that you created and connected to the HCP Vault cluster in the Create a Vault Cluster on HashiCorp Cloud Platform (HCP) tutorial.
»Seal and unseal the Vault cluster
Intrusion detection or data breaches may require you to seal the Vault cluster.
WARNING: Sealing a cluster prevents all access to the cluster until it is unsealed.
»Seal the cluster
Under In case of emergency, click Seal this cluster.
A Seal Vault? pop-up dialog displays a warning and explanation of the seal operation.
Enter
SEAL
into the Confirm seal field.Click Seal.
The Vault cluster seals. The Vault Overview page changes to display the unseal interface.
»Unseal the cluster
Click Ready to unseal.
A Unseal Vault? pop-up dialog displays a warning and explanation of the unseal operation.
Enter
UNSEAL
into the Confirm unseal field.Click Unseal.
The Vault cluster unseals. The Vault Overview page displays the Vault configuration and available operations.
»Access the audit log for troubleshooting
Effective troubleshooting of requests and responses to Vault requires access to the audit device logs.
HCP Vault enables a File Audit Device by default. This device provides the last hour of Vault requests in a downloadable archive. These logs may be imported into your preferred tooling for auditing and troubleshooting.
Under Vault configuration, click Access audit logs.
A Download audit logs pop-up dialog displays.
Use the Start date and Start time components to specify the audit log starting position. The log file will cover a 1 hour period after the date and time that you select.
When the archive is created, a new Download audit logs pop-up dialog displays. The archive is presented with the specific time-frame covered by the log file.
NOTE: The file is only available to download for 10 minutes; after this time elapses, you must begin the download process from the first step.
Click the download icon.
The downloaded file is a gzip compressed file. The filename contains the start
and end timestamps as part of its filename (e.g.
auditlogs-vault-cluster-202102021400-202102021500.gz
).
»Data snapshots
Preserving Vault data is critical to production operations and particularly for disaster or sabotage recovery purposes. Vault offers a snapshot functionality for the underlying storage to preserve data based on your requirements.
»Create snapshot
Follow these steps to manually snapshot your Vault data as needed.
Select the Snapshots tab.
The view displays a history of the snapshots created.
Click + Create snapshot.
A Create snapshot pop-up dialog displays.
Enter a name in the Snapshot name field.
Click Create snapshot.
The view displays the snapshot history. The latest snapshot is appended to the snapshot list. While the snapshot is in progress it will display a pending animation in the Status column.
NOTE: The duration of time needed for the snapshot to complete can vary and largely depends on the size the of data stored in your Vault cluster.
When the snapshot operation completes and the snapshot is available, the Status changes to Ready.
»Restore snapshot
You can use the snapshots to restore data if it ever becomes necessary.
Select the Snapshots tab.
Select the ellipsis (...) menu next to the snapshot entry, and choose Restore.
A confirmation dialog appears; enter
RESTORE
and click Restore snapshot to confirm restoration.A final dialog appears to inform you that the restoration of the selected snapshot is in progress.
NOTE: You will also notice in this screenshot example, that a second snapshot is created just before the snapshot is restored. It is a periodic snapshot taken before the restore so that you can roll back from the restore to a point in time before it occurred if necessary.
»Delete snapshot
When you need to delete data snapshots, you can do so by following these steps.
Select the Snapshots tab.
Select the ellipsis (...) menu next to the snapshot entry, and choose Delete.
A confirmation dialog appears; enter
DELETE
and click Delete snapshot to confirm snapshot deletion.A Snapshot deleting dialog appears. Once the snapshot is deleted, it no longer appears in the snapshot list.
»Next steps
You sealed the cluster, accessed audit logs, and managed data snapshots.
Learn more about Vault operations exploration of the Operations Fundamentals tutorials.