Vault Operation Tasks

HashiCorp Cloud Platform (HCP) Vault provides access to critical operational tasks, such as sealing the cluster, accessing audit logs, and managing data snapshots.

In this tutorial, you will perform these operational tasks.

»Seal and unseal the Vault cluster

Intrusion detection or data breaches may require you to seal the Vault cluster.

»Seal the cluster

1. Under In case of emergency, click Seal this cluster.

   A Seal Vault? pop-up dialog displays a warning and explanation of the seal operation.

2. Enter SEAL into the Confirm seal field.

3. Click Seal.

The Vault cluster seals. The Vault Overview page changes to display the unseal interface.

»Unseal the cluster

1. Click Ready to unseal.

   A Unseal Vault? pop-up dialog displays a warning and explanation of the unseal operation.

   

2. Enter UNSEAL into the Confirm unseal field.

3. Click Unseal.

The Vault cluster unseals. The Vault Overview page displays the Vault configuration and available operations.

»Access the audit log for troubleshooting

Effective troubleshooting of requests and responses to Vault requires access to the audit device logs.

HCP Vault enables a File Audit Device by default. This device provides the last hour of Vault requests in a downloadable archive. These logs may be imported into your preferred tooling for auditing and troubleshooting.

1. Under Vault configuration, click Access audit logs.

   

   A Download audit logs pop-up dialog displays.

2. Use the Start date and Start time components to specify the audit log starting position. The log file will cover a 1 hour period after the date and time that you select.

   When the archive is created, a new Download audit logs pop-up dialog displays. The archive is presented with the specific time-frame covered by the log file.

   NOTE: The file is only available to download for 10 minutes; after this time elapses, you must begin the download process from the first step.

3. Click the download icon.

The downloaded file is a gzip compressed file. The filename contains the start and end timestamps as part of its filename (e.g. auditlogs-vault-cluster-202102021400-202102021500.gz).

»Data snapshots

Preserving Vault data is critical to production operations and particularly for disaster or sabotage recovery purposes. Vault offers a snapshot functionality for the underlying storage to preserve data based on your requirements.

»Create snapshot

Follow these steps to manually snapshot your Vault data as needed.

1. Select the Snapshots tab.

   The view displays a history of the snapshots created.

2. Click + Create snapshot.

   A Create snapshot pop-up dialog displays.

3. Enter a name in the Snapshot name field.

4. Click Create snapshot.

   The view displays the snapshot history. The latest snapshot is appended to the snapshot list. While the snapshot is in progress it will display a pending animation in the Status column.

   

When the snapshot operation completes and the snapshot is available, the Status changes to Ready.

»Restore snapshot

You can use the snapshots to restore data if it ever becomes necessary.

1. Select the Snapshots tab.

2. Select the ellipsis (...) menu next to the snapshot entry, and choose Restore.

3. A confirmation dialog appears; enter RESTORE and click Restore snapshot to confirm restoration.

4. A final dialog appears to inform you that the restoration of the selected snapshot is in progress.

»Delete snapshot

When you need to delete data snapshots, you can do so by following these steps.

1. Select the Snapshots tab.

2. Select the ellipsis (...) menu next to the snapshot entry, and choose Delete.

3. A confirmation dialog appears; enter DELETE and click Delete snapshot to confirm snapshot deletion.

4. A Snapshot deleting dialog appears. Once the snapshot is deleted, it no longer appears in the snapshot list.

»Next steps

You sealed the cluster, accessed audit logs, and managed data snapshots.

Learn more about Vault operations exploration of the Operations Fundamentals tutorials.