storage/raft: Refresh TLS keyring on snapshot restore (#8546)

2025-11-20 18:21:09 +01:00 · 2020-03-13 13:39:14 -07:00 · 2020-03-13 13:39:14 -07:00 · 84bb04eca4
commit 84bb04eca4
parent 74b06003fe
1 changed files with 6 additions and 0 deletions
--- a/vault/raft.go
+++ b/vault/raft.go
@ -484,6 +484,12 @@ func (c *Core) raftSnapshotRestoreCallback(grabLock bool, sealNode bool) func(co
 		// Purge the cache so we make sure we are operating on fresh data
 		c.physicalCache.Purge(ctx)

+		// Refresh the raft TLS keys
+		if err := c.checkRaftTLSKeyUpgrades(ctx); err != nil {
+			c.logger.Info("failed to perform TLS key upgrades, sealing", "error", err)
+			return err
+		}
+
 		// Reload the keyring in case it changed. If this fails it's likely
 		// we've changed master keys.
 		err := c.performKeyUpgrades(ctx)