open-vault/website/pages/docs/concepts/recovery-mode.mdx

---
layout: docs
page_title: Recovery Mode
sidebar_title: Recovery Mode
description: Recovery mode allows for doing surgery on a Vault that won't start.
---

# Recovery Mode

Vault can be started using the `-recovery` flag to bring it up in Recovery Mode.

In recovery mode, Vault:

- is automatically unsealed once a recovery token is issued
- apart from recovery token operations, only supports the `sys/raw` endpoint
- `raw` requests must be authenticated using a recovery token
- won't form clusters or handle requests forwarded by standbys

## Recovery tokens

Recovery tokens are issued in much the same way as root tokens are generated:
the API is basically the same, only using a different endpoint. Unlike root
tokens, the recovery token is not persisted, so if Vault is restarted into
recovery mode a new one must be generated.

Only a single recovery token can be generated. If lost, restart Vault and
generate a new one.

## Raw requests

Requests can be issued to `sys/raw` in just the same way as in regular Vault
server mode. The only difference is that in recovery mode, `X-Vault-Token`
must contain a recovery token instead of a service or batch token.

## Raft rejoin

Raft integrated storage is the immediate motivation for recovery mode. With
other backends it was always possible to delete data directly from a storage
backend, but that's impractical with a Raft backend. That said, recovery mode
works with any backend.

In order to bring the Vault server up reliably, using any node's raft data,
recovery mode Vault automatically resizes the cluster to size 1. This means
that after having used recovery mode, part of the procedure for returning to
active service must include rejoining the raft cluster.
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`---`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`layout: docs`
			`page_title: Recovery Mode`
			`sidebar_title: Recovery Mode`
			`description: Recovery mode allows for doing surgery on a Vault that won't start.`
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`---`

			`# Recovery Mode`

			Vault can be started using the `-recovery` flag to bring it up in Recovery Mode.

			`In recovery mode, Vault:`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`- is automatically unsealed once a recovery token is issued`
			- apart from recovery token operations, only supports the `sys/raw` endpoint
			- `raw` requests must be authenticated using a recovery token
			`- won't form clusters or handle requests forwarded by standbys`

			`## Recovery tokens`

			`Recovery tokens are issued in much the same way as root tokens are generated:`
			`the API is basically the same, only using a different endpoint. Unlike root`
			`tokens, the recovery token is not persisted, so if Vault is restarted into`
			`recovery mode a new one must be generated.`

			`Only a single recovery token can be generated. If lost, restart Vault and`
			`generate a new one.`

			`## Raw requests`

			Requests can be issued to `sys/raw` in just the same way as in regular Vault
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			server mode. The only difference is that in recovery mode, `X-Vault-Token`
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`must contain a recovery token instead of a service or batch token.`

			`## Raft rejoin`

New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`Raft integrated storage is the immediate motivation for recovery mode. With`
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`other backends it was always possible to delete data directly from a storage`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`backend, but that's impractical with a Raft backend. That said, recovery mode`
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`works with any backend.`

			`In order to bring the Vault server up reliably, using any node's raft data,`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`recovery mode Vault automatically resizes the cluster to size 1. This means`
Add recovery mode docs. (#7667) 2019-10-29 20:42:47 +00:00			`that after having used recovery mode, part of the procedure for returning to`
			`active service must include rejoining the raft cluster.`