luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/docs/configuration/seal/index.html.md
RJ Spiker fca7cb3794 website: update sidebar_title in front matter to use <code> (#5636) 
* website: replace deprecated <tt> with <code> in front matter sidebar_title

* website: wrap front matter sidebar_title in <code> for commands pages
2018-10-29 15:58:37 -04:00

1.3 KiB
Raw Blame History

layout page_title sidebar_title sidebar_current description
docs Seals - Configuration <code>seal</code> docs-configuration-seal The seal stanza configures the seal type to use for additional data protection.

seal Stanza

The seal stanza configures the seal type to use for additional data protection, such as using HSM or Cloud KMS solutions to encrypt and decrypt the master key. This stanza is optional, and in the case of the master key, Vault will use the Shamir algorithm to cryptographically split the master key if this is not configured.

As of Vault 0.9.0, the seal can also be used for seal wrapping to add an extra layer of protection and satisfy compliance and regulatory requirements. This feature is only available in Vault Enterprise.

For more examples, please choose a specific auto unsealing technology from the sidebar.

Configuration

Seal configuration can be done through the Vault configuration file using the seal stanza:

seal [NAME] {
  # ...
}

For example:

seal "pkcs11" {
  # ...
}

For configuration options which also read an environment variable, the environment variable will take precedence over values in the configuration file.