Hashicorp Vault – Creating a new root Token

Instructions were found here: https://www.hashicorp.com/blog/vault-0-5/

Generate One time Password:

vault generate-root -genotp

save OTP Output, example: tXJxQcj01NoR3whDnt9OxQ==

Initialize Process:

vault generate-root -init -otp=”<OTP Value>”

Example: vault generate-root -init -otp=”tXJxQcj01NoR3whDnt9OxQ==”

Enter Unseal Keys:

vault generate-root

Enter unseal key when prompted. Repeat with additional reseal keys as needed. Once threshold is reached, save Encoded Root Token.

Example: GYox3aZVAGXZfI9Gku1ohQ==

Decode Root Token:

vault generate-root -decode=”<Encoded root token>” -otp=”<One time password>”

Example: vault generate-root -decode=”GYox3aZVAGXZfI9Gku1ohQ==” -otp=”tXJxQcj01NoR3whDnt9OxQ==”

New Root token will be output

**Note: for security reasons, it is best to destroy the root token when it is no longer needed. Generate a new one as needed.