luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/website/pages/api-docs/system/unseal.mdx

82 lines
1.7 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/unseal - HTTP API
sidebar_title: <code>/sys/unseal</code>
description: The `/sys/unseal` endpoint is used to unseal the Vault.
---
# `/sys/unseal`
The `/sys/unseal` endpoint is used to unseal the Vault.
## Submit Unseal Key
This endpoint is used to enter a single master key share to progress the
unsealing of the Vault. If the threshold number of master key shares is reached,
Vault will attempt to unseal the Vault. Otherwise, this API must be called
multiple times until that threshold is met.
Either the `key` or `reset` parameter must be provided; if both are provided,
`reset` takes precedence.
| Method | Path |
| :----- | :------------ |
| `PUT` | `/sys/unseal` |
### Parameters
- `key` `(string: "")` Specifies a single master key share. This is required
unless `reset` is true.
- `reset` `(bool: false)`  Specifies if previously-provided unseal keys are
discarded and the unseal process is reset.
- `migrate` `(bool: false)` - Available in 1.0 - Used to migrate the seal
from shamir to autoseal or autoseal to shamir. Must be provided on all unseal
key calls.
### Sample Payload
```json
{
"key": "abcd1234..."
}
```
### Sample Request
```shell-session
$ curl \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/unseal
```
### Sample Response
The "t" parameter is the threshold, and "n" is the number of shares.
```json
{
"sealed": true,
"t": 3,
"n": 5,
"progress": 2,
"version": "0.6.2"
}
```
Sample response when Vault is unsealed.
```json
{
"sealed": false,
"t": 3,
"n": 5,
"progress": 0,
"version": "0.6.2",
"cluster_name": "vault-cluster-d6ec3c7f",
"cluster_id": "3e8b3fec-3749-e056-ba41-b62a63b997e8"
}
```
Reference in New Issue View Git Blame Copy Permalink