diff --git a/changelog/21223.txt b/changelog/21223.txt
new file mode 100644
index 000000000..96605f0a4
--- /dev/null
+++ b/changelog/21223.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Do not cache seal configuration to fix a bug that resulted in sporadic auto unseal failures.
+```
diff --git a/sdk/physical/cache.go b/sdk/physical/cache.go
index cc318a4c0..1471a8916 100644
--- a/sdk/physical/cache.go
+++ b/sdk/physical/cache.go
@@ -32,6 +32,11 @@ var cacheExceptionsPaths = []string{
 	"sys/expire/",
 	"core/poison-pill",
 	"core/raft/tls",
+
+	// Add barrierSealConfigPath and recoverySealConfigPlaintextPath to the cache
+	// exceptions to avoid unseal errors. See VAULT-17227
+	"core/seal-config",
+	"core/recovery-config",
 }
 
 // CacheRefreshContext returns a context with an added value denoting if the