| layout | page_title | description |
|---|---|---|
docs |
operator step-down - Command |
The "operator step-down" forces the Vault server at the given address to step
down from active duty. |
The operator step-down forces the active Vault node within an HA cluster
to step down from active duty. When executed against a non-active node, i.e. a
standby or performance standby node,
the request will be forwarded to the active node. While the
affected node will have a delay before attempting to acquire
the leader lock again, if no other Vault nodes acquire the
lock beforehand, it is possible for the same node to re-acquire
the lock and become active again. Due to the locking architecture, there may be a period of time
before another node grabs the lock and finishes transitioning to active operation where the cluster has no active node. During the period where none of the nodes are active, forwarding of requests to the leader node will fail.
Force a Vault server to step down as the leader:
$ vault operator step-down
Success! Stepped down: http://127.0.0.1:8200
There are no flags beyond the standard set of flags included on all commands.
You must belong to a policy with update and sudo permissions to use the
vault operator step-down command:
path "sys/step-down" {
capabilities = ["update", "sudo"]
}