diff --git a/changelog/13678.txt b/changelog/13678.txt
new file mode 100644
index 000000000000..f8cbbf306016
--- /dev/null
+++ b/changelog/13678.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: add support for go-sockaddr templates in the top-level cluster_addr field
+```
\ No newline at end of file
diff --git a/command/server.go b/command/server.go
index 5b8eb634af8e..5cbe9ffc47ce 100644
--- a/command/server.go
+++ b/command/server.go
@@ -724,7 +724,6 @@ func (c *ServerCommand) runRecoveryMode() int {
 			c.logger.Info("goroutine trace", "stack", string(buf[:n]))
 		}
 	}
-
 }
 
 func logProxyEnvironmentVariables(logger hclog.Logger) {
@@ -2410,6 +2409,11 @@ CLUSTER_SYNTHESIS_COMPLETE:
 	}
 
 	if coreConfig.ClusterAddr != "" {
+		rendered, err := configutil.ParseSingleIPTemplate(coreConfig.ClusterAddr)
+		if err != nil {
+			return fmt.Errorf("Error parsing cluster address %s: %v", coreConfig.ClusterAddr, err)
+		}
+		coreConfig.ClusterAddr = rendered
 		// Force https as we'll always be TLS-secured
 		u, err := url.ParseRequestURI(coreConfig.ClusterAddr)
 		if err != nil {
diff --git a/vault/core.go b/vault/core.go
index c6b5631215fb..51c24c450912 100644
--- a/vault/core.go
+++ b/vault/core.go
@@ -1390,6 +1390,9 @@ func (c *Core) getUnsealKey(ctx context.Context, seal Seal) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if config == nil {
+		return nil, fmt.Errorf("failed to obtain seal/recovery configuration")
+	}
 
 	// Check if we don't have enough keys to unlock, proceed through the rest of
 	// the call only if we have met the threshold
@@ -2045,7 +2048,7 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c
 	}
 	if err := c.setupManagedKeyRegistry(); err != nil {
 		return err
-	  }
+	}
 	if err := c.loadCORSConfig(ctx); err != nil {
 		return err
 	}
@@ -3041,7 +3044,7 @@ func (c *Core) LogCompletedRequests(reqID string, statusCode int) {
 
 	// there is only one writer to this map, so skip checking for errors
 	reqData := v.(InFlightReqData)
-	c.logger.Log(logLevel, "completed_request","client_id", reqData.ClientID, "client_address", reqData.ClientRemoteAddr, "status_code", statusCode, "request_path", reqData.ReqPath, "request_method", reqData.Method)
+	c.logger.Log(logLevel, "completed_request", "client_id", reqData.ClientID, "client_address", reqData.ClientRemoteAddr, "status_code", statusCode, "request_path", reqData.ReqPath, "request_method", reqData.Method)
 }
 
 func (c *Core) ReloadLogRequestsLevel() {
@@ -3079,4 +3082,4 @@ func (c *Core) GetHAPeerNodesCached() []PeerNode {
 		})
 	}
 	return nodes
-}
\ No newline at end of file
+}