The Vault encryption key is stored in Vault’s backend storage.
The Vault encryption key is stored in Vault’s backend storage.
False. Vault does not store the encryption key directly in its backend storage. Instead, it uses a master key to encrypt data before storing it. The master key itself is protected and not stored directly in the backend storage to ensure security.
Vault stores it's own encryption key in it's own storage backend. The root key created during the Unseal step is the key to decrypt that key and not known to Vault or kept in the Storage Backend by design. https://developer.hashicorp.com/vault/docs/concepts/seal#why
Vault stores the encrypted master key (and all its data) within its own storage backend, that is to say it does not store anything on the transit vault cluster but just uses it to decrypt the key.