diff --git a/vault/core.go b/vault/core.go
index 13528d0f8d..b36dbe2cc3 100644
--- a/vault/core.go
+++ b/vault/core.go
@@ -619,12 +619,6 @@ func (c *Core) Initialize(config *SealConfig) (*InitResult, error) {
 		return nil, fmt.Errorf("master key generation failed: %v", err)
 	}
 
-	// Initialize the barrier
-	if err := c.barrier.Initialize(masterKey); err != nil {
-		c.logger.Printf("[ERR] core: failed to initialize barrier: %v", err)
-		return nil, fmt.Errorf("failed to initialize barrier: %v", err)
-	}
-
 	// Return the master key if only a single key part is used
 	results := new(InitResult)
 	if config.SecretShares == 1 {
@@ -639,6 +633,12 @@ func (c *Core) Initialize(config *SealConfig) (*InitResult, error) {
 		}
 		results.SecretShares = shares
 	}
+
+	// Initialize the barrier
+	if err := c.barrier.Initialize(masterKey); err != nil {
+		c.logger.Printf("[ERR] core: failed to initialize barrier: %v", err)
+		return nil, fmt.Errorf("failed to initialize barrier: %v", err)
+	}
 	c.logger.Printf("[INFO] core: security barrier initialized")
 
 	// Unseal the barrier