docs: add -verify documentation on operator rekey command (#7190)

This commit is contained in:
Marc-Aurèle Brothier 2019-09-25 22:57:57 +02:00 committed by Jim Kalafut
parent 1c589deef2
commit a9081a94b5

View file

@ -37,6 +37,16 @@ $ vault operator rekey \
-key-threshold=9 -key-threshold=9
``` ```
Initialize a rekey and activate the verification process:
```text
$ vault operator rekey \
-init \
-key-shares=15 \
-key-threshold=9 \
-verify
```
Rekey and encrypt the resulting unseal keys with PGP: Rekey and encrypt the resulting unseal keys with PGP:
```text ```text
@ -79,6 +89,12 @@ Delete backed-up unseal keys:
$ vault operator rekey -backup-delete $ vault operator rekey -backup-delete
``` ```
Perform the verification of the rekey using the verification nonce:
```text
$ vault operator rekey -verify -nonce="..."
```
## Usage ## Usage
The following flags are available in addition to the [standard set of The following flags are available in addition to the [standard set of
@ -121,6 +137,10 @@ flags](/docs/commands/index.html) included on all commands.
- `-target` `(string: "barrier")` - Target for rekeying. "recovery" only applies - `-target` `(string: "barrier")` - Target for rekeying. "recovery" only applies
when HSM support is enabled. when HSM support is enabled.
- `-verify` `(bool: false)` - Indicate during the phase `-init` that the
verification process is activated for the rekey. Along with `-nonce` option
it indicates that the nonce given is for the verification process.
### Backup Options ### Backup Options
- `-backup` `(bool: false)` - Store a backup of the current PGP encrypted unseal - `-backup` `(bool: false)` - Store a backup of the current PGP encrypted unseal