docs: add -verify documentation on operator rekey command (#7190)
This commit is contained in:
parent
1c589deef2
commit
a9081a94b5
|
@ -37,6 +37,16 @@ $ vault operator rekey \
|
||||||
-key-threshold=9
|
-key-threshold=9
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Initialize a rekey and activate the verification process:
|
||||||
|
|
||||||
|
```text
|
||||||
|
$ vault operator rekey \
|
||||||
|
-init \
|
||||||
|
-key-shares=15 \
|
||||||
|
-key-threshold=9 \
|
||||||
|
-verify
|
||||||
|
```
|
||||||
|
|
||||||
Rekey and encrypt the resulting unseal keys with PGP:
|
Rekey and encrypt the resulting unseal keys with PGP:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -79,6 +89,12 @@ Delete backed-up unseal keys:
|
||||||
$ vault operator rekey -backup-delete
|
$ vault operator rekey -backup-delete
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Perform the verification of the rekey using the verification nonce:
|
||||||
|
|
||||||
|
```text
|
||||||
|
$ vault operator rekey -verify -nonce="..."
|
||||||
|
```
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
The following flags are available in addition to the [standard set of
|
The following flags are available in addition to the [standard set of
|
||||||
|
@ -121,6 +137,10 @@ flags](/docs/commands/index.html) included on all commands.
|
||||||
- `-target` `(string: "barrier")` - Target for rekeying. "recovery" only applies
|
- `-target` `(string: "barrier")` - Target for rekeying. "recovery" only applies
|
||||||
when HSM support is enabled.
|
when HSM support is enabled.
|
||||||
|
|
||||||
|
- `-verify` `(bool: false)` - Indicate during the phase `-init` that the
|
||||||
|
verification process is activated for the rekey. Along with `-nonce` option
|
||||||
|
it indicates that the nonce given is for the verification process.
|
||||||
|
|
||||||
### Backup Options
|
### Backup Options
|
||||||
|
|
||||||
- `-backup` `(bool: false)` - Store a backup of the current PGP encrypted unseal
|
- `-backup` `(bool: false)` - Store a backup of the current PGP encrypted unseal
|
||||||
|
|
Loading…
Reference in a new issue