luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Minor website wording updates

This commit is contained in:
Jeff Mitchell 2018-02-12 15:28:06 -05:00
parent 5a047fba68
commit db8772f15e
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/source/docs/configuration/index.html.md
View File

@ -96,9 +96,9 @@ to specify where the configuration is.
LimitMEMLOCK=infinity
```
- `disable_sealwrap` `(bool: false)`  Disables using seal wrapping for any
value except the master key. If this value is toggled, the new behavior will
happen lazily (as values are read or written).
- `disable_sealwrap` `(bool: false)`  Disables using [seal wrapping][sealwrap]
for any value except the master key. If this value is toggled, the new
behavior will happen lazily (as values are read or written).
- `plugin_directory` `(string: "")` A directory from which plugins are
allowed to be loaded. Vault must have permission to read files in this

16
website/source/docs/enterprise/sealwrap/index.html.md
View File

@ -20,21 +20,21 @@ sales](mailto:sales@hashicorp.com).
## Enabling/Disabling
Seal Wrapping is enabled by default on supporting seals. This implies that the
seal must be available throughout Vault's runtime. Most cloud-based seals
should be quite reliable, but, for instance, if using an HSM in a non-HA setup
a connection interruption to the HSM will result in issues with Vault
Seal Wrap is enabled by default on supporting seals. This implies that the seal
must be available throughout Vault's runtime. Most cloud-based seals should be
quite reliable, but, for instance, if using an HSM in a non-HA setup a
connection interruption to the HSM will result in issues with Vault
functionality.
To disable seal wrapping, set `disable_sealwrap = true` in Vault's
configuration file. This will not affect auto-unsealing functionality; Vault's
[configuration file][configuration]. This will not affect auto-unsealing functionality; Vault's
master key will still be protected by the seal wrapping mechanism. It will
simply prevent other storage entries within Vault from being seal wrapped.
*N.B.*: This is a lazy downgrade; as keys are accessed or written their seal
wrapping status will change. Similarly, if the flag is removed, it will be a
lazy upgrade (which is the case when initially upgrading to a Seal Wrap
supporting version of Vault).
lazy upgrade (which is the case when initially upgrading to a seal
wrap-supporting version of Vault).
## FIPS 140-2 Compliance
@ -106,3 +106,5 @@ replication traffic; in the meantime, a transparent TCP proxy that supports
certified FIPS 140-2 TLS (such as
[stunnel](https://www.stunnel.org/index.html)) can be used for replication
traffic if meeting KeyTransit requirements for replication is necessary.
[configuration]: /docs/configuration/index.html