Updating HashiCorp Vault Enterprise Licensing
HashiCorp Vault Enterprise (HVE) is the next version up from the open source version. HVE is the solution for secrets management when an organization has to manage secrets across the organization – locally, regionally, or globally. This version also added functionality that is needed to ensure management of secrets on a larger scale. Functionality like Performance and DR Replication, Sentinel, and Performance Standby are just a few examples.
In order to use the HVE, an organization has to procure a license that will enable all of the enterprise features. This license can be obtained from an HashiCorp partner (ah hmmm…..RheoData) or from the HashiCorp sales teams.
Like many other vendors, the licenses that are provided typically have a expiration date on them. The expiration date corresponds to the terms of the license agreement and may expire is agreements are not renewed on a timely basis. This post is intended to show you how easy it is to update the license for HVE once obtained.
Messages
As the license counts down the days remaining, the HashiCorp Vault administrator may start seeing messages in their console or logs that reference when the license will expire. These messages look something like this:
2021-01-30T23:48:41.428Z [WARN] core.licensing: core: licensing warning: expiration_time=”2021-01-31 00:00:00 +0000 UTC” time_left=11m19s
2021-01-31T01:49:31.928Z [ERROR] core.licensing: core: licensing error: error=”invalid license or license is expired”
2021-01-31T01:49:31.928Z [INFO] core: marked as sealed
2021-01-31T01:49:31.929Z [INFO] core: pre-seal teardown starting
2021-01-31T01:49:31.929Z [INFO] core: stopping replication
2021-01-31T01:49:31.929Z [INFO] core: closed sync connection
2021-01-31T01:49:31.930Z [INFO] core: replication stopped
2021-01-31T01:49:31.930Z [INFO] rollback: stopping rollback manager
2021-01-31T01:49:31.931Z [INFO] secrets.database.database_560ae076: stopping periodic ticker
2021-01-31T01:49:31.931Z [INFO] core: pre-seal teardown complete
2021-01-31T01:49:32.432Z [INFO] core: stopping cluster listeners
2021-01-31T01:49:32.432Z [INFO] core.cluster-listener: forwarding rpc listeners stopped
2021-01-31T01:49:32.834Z [INFO] core.cluster-listener: rpc listeners successfully shut down
2021-01-31T01:49:32.835Z [INFO] core: cluster listeners successfully shut down
2021-01-31T01:49:32.835Z [INFO] core: vault is sealed
If your license happens to expire, you will not be able to use the enterprise functionality and preventing you from logging into the HashiCorp Vault Cluster.
Updating License
Before the license expires, it is a good idea to renew your agreement and obtain a new license. Once obtained, the HashiCorp Vault Cluster needs to be updated. By logging into either the primary or standby cluster the license can be updated by using the vault write command.
vault write /sys/license text={license key}This writes the license to the cluster and allows for continued operations.
What to do if license expires?
In the messages above, you will notice that the license expired. This prevented us form unsealing the HashiCorp Vault when wanting to work with it. In order to get around this and apply the new license, the following steps needed to be done:
1. Stop Vault
kill -9 {{vault pid}}2. Restart Vault
/opt/app/hashicorp/bin/vault server -config=/opt/app/hashicorp/config/vault.hcl &3. Unseal Vault
vault operator unseal {{key string}}4. Apply new license key
vault write /sys/license text={license key}Validate the License
There are two ways to validate the license has been successfully applied. The first way is via the command line and the second is within the UI provide by vault.
1. Check via command line.
From the command line run a vault read command and provide the directory path for the license.
vault read /sys/licenseThe resulting output will show the status of the license. The expiration date is what you want to look at (this has been highlighted)
[vault@vault16 ~]$ vault read /sys/license
Key Value
--- -----
expiration_time 2021-07-31T00:00:00Z
features [HSM Performance Replication DR Replication MFA Sentinel Seal Wrapping Control Groups Performance Standby Namespaces KMIP Entropy Augmentation Transform Secrets Engine Lease Count Quotas Key Management Secrets Engine]
license_id 69629a66-32d0-4b6f-92a7-c5f4ebaadea6
performance_standby_count 9999
start_time 2021-01-29T00:00:00Z2. Check via UI
Within the UI, in the far right-hand corner is a “status” menu. Under this menu, there is an option for License. This will bring up the License page. This page will show you the License ID and Valid From information. You can also update the license from this page if needed. The image below shows you what this looks like.
Enjoy!!!
@dbasolved
Filmizlesene ile hızlı film izleme fırsatını yakala, en yeni ve iyi filmleri Full HD 1080p kalitesiyle online ve bedava izle. Marion Frailey
Hi there, I do think your web site could possibly be having web browser compatibility issues. When I take a look at your site in Safari, it looks fine however when opening in Internet Explorer, it has some overlapping issues. I merely wanted to provide you with a quick heads up! Aside from that, fantastic blog! Antwan Grannum
Thanks for your whole work on this website. My niece takes pleasure in working on research and it is simple to grasp why. We all notice all relating to the powerful ways you render vital tricks via your website and therefore welcome response from website visitors on this topic while our own simple princess is without question understanding so much. Take pleasure in the rest of the year. Your performing a wonderful job. Kraig Bodensteiner
Together with the whole thing that seems to be developing throughout this subject matter, all your opinions are generally very exciting. On the other hand, I am sorry, but I can not subscribe to your entire plan, all be it radical none the less. It appears to us that your comments are actually not totally justified and in simple fact you are yourself not really completely certain of the point. In any case I did appreciate examining it. Aaron Kaliszuk
Youre so cool! I dont suppose Ive read anything like this before. So nice to search out any person with some original ideas on this subject. realy thanks for starting this up. this website is something that is wanted on the internet, somebody with a little bit originality. helpful job for bringing something new to the internet! Bill Bolder
enim facere autem vel possimus neque et corporis nihil autem corrupti cum aut perspiciatis cum nemo rerum unde omnis. minima magni exercitationem nulla quaerat aspernatur consectetur possimus nobis si
quidem quas ut inventore unde enim veritatis a optio dolore minus ut. deleniti inventore eum similique amet minima sed qui veniam ut dolorem itaque ab. dolor praesentium omnis consectetur est harum qu
sit modi similique et rem rem labore excepturi ex amet similique. recusandae dignissimos distinctio ea repellendus aliquam ut rerum odit et nostrum. sit ab provident est vel itaque accusantium error a