luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/docs/http/sys-init.html.md

3.7 KiB
Raw Blame History

layout page_title sidebar_current description
http HTTP API: /sys/init docs-http-sys-init The '/sys/init' endpoint is used to initialize a new Vault.

/sys/init

GET

Description
Return the initialization status of a Vault.
Method
GET
Parameters
None
Returns
```javascript
{
  "initialized": true
}
```

PUT

Description
Initializes a new Vault. The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM.
Method
PUT
Parameters
  • root_token_pgp_key optional A PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.
  • secret_shares required The number of shares to split the master key into.
  • secret_threshold required The number of shares required to reconstruct the master key. This must be less than or equal to secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares.
  • pgp_keys optional An array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares.
  • stored_shares required The number of shares that should be encrypted by the HSM and stored for auto-unsealing (Vault HSM only). Currently must be the same as secret_shares.
  • recovery_shares required The number of shares to split the recovery key into (Vault HSM only).
  • recovery_threshold required The number of shares required to reconstruct the recovery key (Vault HSM only). This must be less than or equal to recovery_shares.
  • recovery_pgp_keys optional An array of PGP public keys used to encrypt the output recovery keys (Vault HSM only). Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as recovery_shares.
Returns
A JSON-encoded object including the (possibly encrypted, if pgp_keys was provided) master keys, base 64 encoded master keys and initial root token: 
```javascript
{
  "keys": ["one", "two", "three"],
  "keys_base64": ["cR9No5cBC", "F3VLrkOo", "zIDSZNGv"],
  "root_token": "foo"
}
```
See Also
For more information on the PGP/Keybase.io process please see the [Vault GPG and Keybase integration documentation](/docs/concepts/pgp-gpg-keybase.html).