From fff6f65a0dfe59e203c1bee37eb40c8fa6d7178a Mon Sep 17 00:00:00 2001
From: Brian Kassouf <briankassouf@users.noreply.github.com>
Date: Wed, 19 May 2021 11:02:23 -0700
Subject: [PATCH] Reload raft TLS keys on active startup (#11660) (#11663)

---
 vault/raft.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/vault/raft.go b/vault/raft.go
index f663d854d50c..7dc1be68fda0 100644
--- a/vault/raft.go
+++ b/vault/raft.go
@@ -186,6 +186,12 @@ func (c *Core) setupRaftActiveNode(ctx context.Context) error {
 	raftBackend.SetupAutopilot(c.activeContext, autopilotConfig, c.raftFollowerStates, disableAutopilot)
 
 	c.pendingRaftPeers = &sync.Map{}
+
+	// Reload the raft TLS keys to ensure we are using the latest version.
+	if err := c.checkRaftTLSKeyUpgrades(ctx); err != nil {
+		return err
+	}
+
 	return c.startPeriodicRaftTLSRotate(ctx)
 }