Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)
* Add example for AWS KMS AutoUnseal with PGP Keys A customer could not figure how to get this working today. This example would have helped them. We don't mention KMS anywhere in this section. * Changed reference from AWS KMS to Auto Unseal ``` bash Initialize Auto Unseal, but encrypt the recovery keys with pgp keys: ```
This commit is contained in:
parent
b95fbbafe9
commit
c1fa76e9e2
|
@ -44,6 +44,15 @@ $ vault operator init \
|
||||||
-pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo"
|
-pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
|
||||||
|
|
||||||
|
```text
|
||||||
|
$ vault operator init \
|
||||||
|
-recovery-shares=1 \
|
||||||
|
-recovery-threshold=1 \
|
||||||
|
-recovery-pgp-keys="keybase:grahamhashicorp"
|
||||||
|
```
|
||||||
|
|
||||||
Encrypt the initial root token using a pgp key:
|
Encrypt the initial root token using a pgp key:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -102,7 +111,7 @@ flags](/docs/commands/index.html) included on all commands.
|
||||||
- `-consul-service` `(string: "vault")` - Name of the service in Consul under
|
- `-consul-service` `(string: "vault")` - Name of the service in Consul under
|
||||||
which the Vault servers are registered.
|
which the Vault servers are registered.
|
||||||
|
|
||||||
### HSM Options
|
### HSM and KMS Options
|
||||||
|
|
||||||
- `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the
|
- `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the
|
||||||
recovery key shares. This is only used in HSM mode.
|
recovery key shares. This is only used in HSM mode.
|
||||||
|
|
Loading…
Reference in New Issue