docs: add -verify documentation on operator rekey command (#7190)

2019-09-25 22:57:57 +02:00 · 2019-09-25 22:57:57 +02:00 · a9081a94b5
parent 1c589deef2
commit a9081a94b5
1 changed files with 20 additions and 0 deletions
--- a/website/source/docs/commands/operator/rekey.html.md
+++ b/website/source/docs/commands/operator/rekey.html.md
@ -37,6 +37,16 @@ $ vault operator rekey \
    -key-threshold=9
 ```

+Initialize a rekey and activate the verification process:
+
+```text
+$ vault operator rekey \
+    -init \
+    -key-shares=15 \
+    -key-threshold=9 \
+    -verify
+```
+
 Rekey and encrypt the resulting unseal keys with PGP:

 ```text
@ -79,6 +89,12 @@ Delete backed-up unseal keys:
 $ vault operator rekey -backup-delete
 ```

+Perform the verification of the rekey using the verification nonce:
+
+```text
+$ vault operator rekey -verify -nonce="..."
+```
+
 ## Usage

 The following flags are available in addition to the [standard set of
@ -121,6 +137,10 @@ flags](/docs/commands/index.html) included on all commands.
 - `-target` `(string: "barrier")` - Target for rekeying. "recovery" only applies
  when HSM support is enabled.

+- `-verify` `(bool: false)` - Indicate during the phase `-init` that the
+  verification process is activated for the rekey. Along with `-nonce` option
+  it indicates that the nonce given is for the verification process.
+
 ### Backup Options

 - `-backup` `(bool: false)` - Store a backup of the current PGP encrypted unseal