terragrunt applysalt vault*com saltutil.sync_allsalt vault*com saltutil.refresh_pillarsalt vault*com state.sls os_modifications test=true --state-output=changessalt vault*com state.highstate test=true --state-output=changessalt vault*com state.sls salt_minion.salt_minion_proxy test=true --state-output=changessalt vault*com state.sls vault test=true --state-output=changessalt vault*com state.sls vault pillar='{"kms_key_id": "<new-kms-key>"}' test=true --state-output=changesexport VAULT_ADDR=https://127.0.0.1export VAULT_SKIP_VERIFY=1vault statusvault operator init -recovery-shares=5 -recovery-threshold=2vim ~/.vault-tokenexport VAULT_ADDR=https://internal-vault-alb-test-778772793.us-gov-east-1.elb.amazonaws.com. Replace the ALB address with the current ALB DNS address. This is due to Golang DNS not updating when connected to XDR over VPN. Vault binary is written in Go.terragrunt applyvault write auth/aws/config/client sts_endpoint=https://sts.us-gov-east-1.amazonaws.com sts_region=us-gov-east-1vault token revoke <root-token>For additional Vault documentation see these locations:
https://github.mdr.defpoint.com/mdr-engineering/infrastructure-notes/blob/master/Vault%20Notes.md