Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clarify that init recovery options are only available for auto unseal #17862

Merged
merged 3 commits into from
Nov 10, 2022
Merged

clarify that init recovery options are only available for auto unseal #17862

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
94b785f
clarify that init recovery options are only available for auto unseal
ccapurso Nov 9, 2022
868edf3
add some language consistency
ccapurso Nov 9, 2022
674830c
additional consistent language
ccapurso Nov 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 6 additions & 6 deletions website/content/api-docs/system/init.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ $ curl \

This endpoint initializes a new Vault. The Vault must not have been previously
initialized. The recovery options, as well as the stored shares option, are only
available when using Auto Unseal.
available when using [Auto Unseal](/docs/concepts/seal#auto-unseal).

| Method | Path |
| :----- | :---------- |
Expand Down Expand Up @@ -65,17 +65,17 @@ Additionally, the following options are only supported using Auto Unseal:
should be encrypted by the HSM and stored for auto-unsealing. Currently must
be the same as `secret_shares`.

- `recovery_shares` `(int: <required>)` – Specifies the number of shares to
split the recovery key into.
- `recovery_shares` `(int: 0)` – Specifies the number of shares to
split the recovery key into. This is only available when using Auto Unseal.

- `recovery_threshold` `(int: <required>)` – Specifies the number of shares
- `recovery_threshold` `(int: 0)` – Specifies the number of shares
required to reconstruct the recovery key. This must be less than or equal to
`recovery_shares`.
`recovery_shares`. This is only available when using Auto Unseal.

- `recovery_pgp_keys` `(array<string>: nil)` – Specifies an array of PGP public
keys used to encrypt the output recovery keys. Ordering is preserved. The keys
must be base64-encoded from their original binary representation. The size of
this array must be the same as `recovery_shares`.
this array must be the same as `recovery_shares`. This is only available when using Auto Unseal.

### Sample Payload

Expand Down
6 changes: 3 additions & 3 deletions website/content/docs/commands/operator/init.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,13 +109,13 @@ flags](/docs/commands) included on all commands.
### HSM and KMS Options

- `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the
recovery key shares. This is only used with Auto Unseal seals (HSM, KMS and Transit seals).
recovery key shares. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals).

- `-recovery-shares` `(int: 5)` - Number of key shares to split the recovery key
into. This is only used with Auto Unseal seals (HSM, KMS and Transit seals).
into. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals).

- `-recovery-threshold` `(int: 3)` - Number of key shares required to
reconstruct the recovery key. This is only used with Auto Unseal seals (HSM, KMS and Transit seals).
reconstruct the recovery key. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals).

- `-stored-shares` `(int: 0)` - Number of unseal keys to store on an HSM. This
must be equal to `-key-shares`.
Expand Down