Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)

* Add example for AWS KMS AutoUnseal with PGP Keys A customer could not figure how to get this working today. This example would have helped them. We don't mention KMS anywhere in this section. * Changed reference from AWS KMS to Auto Unseal ``` bash Initialize Auto Unseal, but encrypt the recovery keys with pgp keys: ```
2018-12-18 16:42:10 +00:00 · 2018-12-18 16:42:10 +00:00 · c1fa76e9e2
parent b95fbbafe9
commit c1fa76e9e2
1 changed files with 10 additions and 1 deletions
--- a/website/source/docs/commands/operator/init.html.md
+++ b/website/source/docs/commands/operator/init.html.md
@ -44,6 +44,15 @@ $ vault operator init \
    -pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo"
 ```

+Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
+
+```text
+$ vault operator init \
+    -recovery-shares=1 \
+    -recovery-threshold=1 \
+    -recovery-pgp-keys="keybase:grahamhashicorp"
+```
+
 Encrypt the initial root token using a pgp key:

 ```text
@ -102,7 +111,7 @@ flags](/docs/commands/index.html) included on all commands.
 - `-consul-service` `(string: "vault")` - Name of the service in Consul under
  which the Vault servers are registered.

-### HSM Options
+### HSM and KMS Options

 - `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the
  recovery key shares. This is only used in HSM mode.