mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 11:38:02 +00:00
Rename master key -> root key in docs (#14542)
This commit is contained in:
Jim Kalafut
@@ -15,10 +15,10 @@ process by which Vault's storage backend is prepared to receive data. Since
|
||||
Vault servers share the same storage backend in HA mode, you only need to
|
||||
initialize one Vault to initialize the storage backend.
|
||||
|
||||
During initialization, Vault generates an in-memory master key and applies
|
||||
Shamir's secret sharing algorithm to disassemble that master key into a
|
||||
During initialization, Vault generates an in-memory root key and applies
|
||||
Shamir's secret sharing algorithm to disassemble that root key into a
|
||||
configuration number of key shares such that a configurable subset of those key
|
||||
shares must come together to regenerate the master key. These keys are often
|
||||
shares must come together to regenerate the root key. These keys are often
|
||||
called "unseal keys" in Vault's documentation.
|
||||
|
||||
This command cannot be run against already-initialized Vault cluster.
|
||||
@@ -75,7 +75,7 @@ flags](/docs/commands) included on all commands.
|
||||
`-n`.
|
||||
|
||||
- `-key-threshold` `(int: 3)` - Number of key shares required to reconstruct the
|
||||
master key. This must be less than or equal to -key-shares. This is aliased as
|
||||
root key. This must be less than or equal to -key-shares. This is aliased as
|
||||
`-t`.
|
||||
|
||||
- `-pgp-keys` `(string: "...")` - Comma-separated list of paths to files on disk
|
||||
|
||||
@@ -4,7 +4,7 @@ page_title: operator rekey - Command
|
||||
description: |-
|
||||
The "operator rekey" command generates a new set of unseal keys. This can
|
||||
optionally change the total number of key shares or the required threshold of
|
||||
those key shares to reconstruct the master key. This operation is zero
|
||||
those key shares to reconstruct the root key. This operation is zero
|
||||
downtime, but it requires the Vault is unsealed and a quorum of existing
|
||||
unseal keys are provided.
|
||||
---
|
||||
@@ -13,7 +13,7 @@ description: |-
|
||||
|
||||
The `operator rekey` command generates a new set of unseal keys. This can
|
||||
optionally change the total number of key shares or the required threshold of
|
||||
those key shares to reconstruct the master key. This operation is zero downtime,
|
||||
those key shares to reconstruct the root key. This operation is zero downtime,
|
||||
but it requires the Vault is unsealed and a quorum of existing unseal keys are
|
||||
provided.
|
||||
|
||||
@@ -128,7 +128,7 @@ flags](/docs/commands) included on all commands.
|
||||
`-n`
|
||||
|
||||
- `-key-threshold` `(int: 3)` - Number of key shares required to reconstruct the
|
||||
master key. This must be less than or equal to -key-shares. This is aliased as
|
||||
root key. This must be less than or equal to -key-shares. This is aliased as
|
||||
`-t`.
|
||||
|
||||
- `-nonce` `(string: "")` - Nonce value provided at initialization. The same
|
||||
|
||||
@@ -7,7 +7,7 @@ description: >-
|
||||
|
||||
stop responding to any operations until it is unsealed. When sealed, the Vault
|
||||
|
||||
server discards its in-memory master key to unlock the data, so it is
|
||||
server discards its in-memory root key to unlock the data, so it is
|
||||
|
||||
physically blocked from responding to operations unsealed.
|
||||
---
|
||||
@@ -16,11 +16,11 @@ description: >-
|
||||
|
||||
The `operator seal` seals the Vault server. Sealing tells the Vault server to
|
||||
stop responding to any operations until it is unsealed. When sealed, the Vault
|
||||
server discards its in-memory master key to unlock the data, so it is physically
|
||||
server discards its in-memory root key to unlock the data, so it is physically
|
||||
blocked from responding to operations unsealed.
|
||||
|
||||
If an unseal is in progress, sealing the Vault will reset the unsealing process.
|
||||
Users will have to re-enter their portions of the master key again.
|
||||
Users will have to re-enter their portions of the root key again.
|
||||
|
||||
This command does nothing if the Vault server is already sealed.
|
||||
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
layout: docs
|
||||
page_title: operator unseal - Command
|
||||
description: |-
|
||||
The "operator unseal" allows the user to provide a portion of the master key
|
||||
The "operator unseal" allows the user to provide a portion of the root key
|
||||
to unseal a Vault server.
|
||||
---
|
||||
|
||||
# operator unseal
|
||||
|
||||
The `operator unseal` allows the user to provide a portion of the master key to
|
||||
The `operator unseal` allows the user to provide a portion of the root key to
|
||||
unseal a Vault server. Vault starts in a sealed state. It cannot perform
|
||||
operations until it is unsealed. This command accepts a portion of the master
|
||||
key (an "unseal key").
|
||||
|
||||
Reference in New Issue
Block a user