diff --git a/changelog/21223.txt b/changelog/21223.txt
new file mode 100644
index 000000000000..96605f0a4a3f
--- /dev/null
+++ b/changelog/21223.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Do not cache seal configuration to fix a bug that resulted in sporadic auto unseal failures.
+```
diff --git a/sdk/physical/cache.go b/sdk/physical/cache.go
index ffac33189bbc..7e61ca5590f5 100644
--- a/sdk/physical/cache.go
+++ b/sdk/physical/cache.go
@@ -30,6 +30,11 @@ var cacheExceptionsPaths = []string{
 	"core/poison-pill",
 	"core/raft/tls",
 	"core/license",
+
+	// Add barrierSealConfigPath and recoverySealConfigPlaintextPath to the cache
+	// exceptions to avoid unseal errors. See VAULT-17227
+	"core/seal-config",
+	"core/recovery-config",
 }
 
 // CacheRefreshContext returns a context with an added value denoting if the