Minor website wording updates
This commit is contained in:
Jeff Mitchell
parent
5a047fba68
commit
db8772f15e
|
|
@ -96,9 +96,9 @@ to specify where the configuration is.
|
||||||
LimitMEMLOCK=infinity
|
LimitMEMLOCK=infinity
|
||||||
```
|
```
|
||||||
|
|
||||||
- `disable_sealwrap` `(bool: false)` – Disables using seal wrapping for any
|
- `disable_sealwrap` `(bool: false)` – Disables using [seal wrapping][sealwrap]
|
||||||
value except the master key. If this value is toggled, the new behavior will
|
for any value except the master key. If this value is toggled, the new
|
||||||
happen lazily (as values are read or written).
|
behavior will happen lazily (as values are read or written).
|
||||||
|
|
||||||
- `plugin_directory` `(string: "")` – A directory from which plugins are
|
- `plugin_directory` `(string: "")` – A directory from which plugins are
|
||||||
allowed to be loaded. Vault must have permission to read files in this
|
allowed to be loaded. Vault must have permission to read files in this
|
||||||
|
|
|
||||||
|
|
@ -20,21 +20,21 @@ sales](mailto:sales@hashicorp.com).
|
||||||
|
|
||||||
## Enabling/Disabling
|
## Enabling/Disabling
|
||||||
|
|
||||||
Seal Wrapping is enabled by default on supporting seals. This implies that the
|
Seal Wrap is enabled by default on supporting seals. This implies that the seal
|
||||||
seal must be available throughout Vault's runtime. Most cloud-based seals
|
must be available throughout Vault's runtime. Most cloud-based seals should be
|
||||||
should be quite reliable, but, for instance, if using an HSM in a non-HA setup
|
quite reliable, but, for instance, if using an HSM in a non-HA setup a
|
||||||
a connection interruption to the HSM will result in issues with Vault
|
connection interruption to the HSM will result in issues with Vault
|
||||||
functionality.
|
functionality.
|
||||||
|
|
||||||
To disable seal wrapping, set `disable_sealwrap = true` in Vault's
|
To disable seal wrapping, set `disable_sealwrap = true` in Vault's
|
||||||
configuration file. This will not affect auto-unsealing functionality; Vault's
|
[configuration file][configuration]. This will not affect auto-unsealing functionality; Vault's
|
||||||
master key will still be protected by the seal wrapping mechanism. It will
|
master key will still be protected by the seal wrapping mechanism. It will
|
||||||
simply prevent other storage entries within Vault from being seal wrapped.
|
simply prevent other storage entries within Vault from being seal wrapped.
|
||||||
|
|
||||||
*N.B.*: This is a lazy downgrade; as keys are accessed or written their seal
|
*N.B.*: This is a lazy downgrade; as keys are accessed or written their seal
|
||||||
wrapping status will change. Similarly, if the flag is removed, it will be a
|
wrapping status will change. Similarly, if the flag is removed, it will be a
|
||||||
lazy upgrade (which is the case when initially upgrading to a Seal Wrap
|
lazy upgrade (which is the case when initially upgrading to a seal
|
||||||
supporting version of Vault).
|
wrap-supporting version of Vault).
|
||||||
|
|
||||||
## FIPS 140-2 Compliance
|
## FIPS 140-2 Compliance
|
||||||
|
|
||||||
|
|
@ -106,3 +106,5 @@ replication traffic; in the meantime, a transparent TCP proxy that supports
|
||||||
certified FIPS 140-2 TLS (such as
|
certified FIPS 140-2 TLS (such as
|
||||||
[stunnel](https://www.stunnel.org/index.html)) can be used for replication
|
[stunnel](https://www.stunnel.org/index.html)) can be used for replication
|
||||||
traffic if meeting KeyTransit requirements for replication is necessary.
|
traffic if meeting KeyTransit requirements for replication is necessary.
|
||||||
|
|
||||||
|
[configuration]: /docs/configuration/index.html
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue