Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)

* Add example for AWS KMS AutoUnseal with PGP Keys

A customer could not figure how to get this working today. 
This example would have helped them. We don't mention KMS anywhere in this section.

* Changed reference from AWS KMS to Auto Unseal

``` bash
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```
This commit is contained in:
Graham Land 2018-12-18 16:42:10 +00:00 committed by Chris Hoffman
parent b95fbbafe9
commit c1fa76e9e2
1 changed files with 10 additions and 1 deletions

View File

@ -44,6 +44,15 @@ $ vault operator init \
-pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo" -pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo"
``` ```
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```text
$ vault operator init \
-recovery-shares=1 \
-recovery-threshold=1 \
-recovery-pgp-keys="keybase:grahamhashicorp"
```
Encrypt the initial root token using a pgp key: Encrypt the initial root token using a pgp key:
```text ```text
@ -102,7 +111,7 @@ flags](/docs/commands/index.html) included on all commands.
- `-consul-service` `(string: "vault")` - Name of the service in Consul under - `-consul-service` `(string: "vault")` - Name of the service in Consul under
which the Vault servers are registered. which the Vault servers are registered.
### HSM Options ### HSM and KMS Options
- `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the - `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the
recovery key shares. This is only used in HSM mode. recovery key shares. This is only used in HSM mode.