From e78cca413d51cfd53eba74e0ac98c295db4b584e Mon Sep 17 00:00:00 2001 From: Victor Rodriguez Date: Mon, 14 Mar 2022 12:08:14 -0400 Subject: [PATCH] Document the managed key PKCS#11 parameter key_id. (#14476) --- website/content/api-docs/system/managed-keys.mdx | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/website/content/api-docs/system/managed-keys.mdx b/website/content/api-docs/system/managed-keys.mdx index cbf8f6776..5a215bd37 100644 --- a/website/content/api-docs/system/managed-keys.mdx +++ b/website/content/api-docs/system/managed-keys.mdx @@ -90,9 +90,13 @@ $ curl \ - `library` `(string: )` - The name of the `kms_library` stanza to use from Vault's config to lookup the local library path. See [kms_library stanza](/docs/configuration/kms-library) for further details. -- `key_label` `(string: )`: The label of the key to use. If the key - does not exist and generation is enabled, this is the label that will be given - to the generated key. +- `key_label` `(string: )` - The label of the key to use. If the key does not exist + and generation is enabled, this is the label that will be given to the generated key. This + value or `key_id` must be specified. + +- `key_id` `(string: )` - The id of a PKCS#11 key to use. As key ids are created by + the HSM, it is an error if the key does not yet exist. This value or `key_label` must be + specified. - `mechanism` `(string: )` - The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. The following are supported mechanisms