scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

website: remove TODO from transit quickstart

Browse Source
This commit is contained in:
Armon Dadgar
2015-04-27 14:58:53 -07:00
parent f2fe8dac79
commit 2bcba24561
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
website/source/docs/secrets/transit/index.html.md
View File

@@ -66,9 +66,9 @@ endpoint using our named key:
```
$ echo "the quick brown fox" | base64 | vault write transit/encrypt/foo plaintext=-
Success! Data written to: transit/encrypt/foo
Key Value
ciphertext vault:v0:czEwyKqGZY/limnuzDCUUe5AK0tbBObWqeZgFqxCuIqq7A84SeiOq3sKD0Y/KUvv
```
TODO: Should return the cipher text
The encryption endpoint expects the plaintext to be provided as a base64 encoded
strings, so we must first convert it. Vault does not store the plaintext or the
@@ -78,11 +78,13 @@ is free to store the ciphertext in a database or file at rest.
To decrypt, we simply use the decrypt endpoint using the same named key:
```
$ vault write transit/decrypt/foo ciphertext=foo
$ vault write transit/decrypt/foo ciphertext=vault:v0:czEwyKqGZY/limnuzDCUUe5AK0tbBObWqeZgFqxCuIqq7A84SeiOq3sKD0Y/KUvv
Key Value
plaintext dGhlIHF1aWNrIGJyb3duIGZveAo=
$ echo "dGhlIHF1aWNrIGJyb3duIGZveAo=" | base64 -D
the quick brown fox
```
TODO: Should return the plaintext
Using ACLs, it is possible to restrict using the transit backend such
that trusted operators can manage the named keys, and applications can