Description:
I have a situation that requires to mirgrate a hashicorp vault to new one. So I created this python script to do the trick.
Since i only use the secret, policies, and approles, i only make the tools to export these three things. What is required for the script.
To export
# set the vault token to the source vault server
base_path = "some base path"
python vault-operation.py export --root-path $base_path secrets
python vault-operation.py export --root-path $base_path policies
python vault-operation.py export --root-path $base_path approles
To import
# set the vault token to the destination vault server
base_path = "some base path"
python vault-operation.py import --root-path $base_path secrets
python vault-operation.py import --root-path $base_path policies
python vault-operation.py import --root-path $base_path approles
There will a new secret-id for each approle, replace the secret-id to make the existing connection keep working.