scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit ebef296c30 (#23556)

Browse Source 
Co-authored-by: Scott Miller <smiller@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-10-09 15:47:05 -04:00
committed by GitHub
parent afd9d0b69b
commit 474643d84a
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
website/content/docs/concepts/seal.mdx
View File

@@ -324,12 +324,17 @@ be used in production deployments of Vault.
Seal High Availability (Seal HA) allows the configuration of more than one auto
seal mechanism such that Vault can tolerate the temporary loss of a seal service
or device for a time. With Seal HA Vault can also start up and unseal if one of the
or device for a time. With Seal HA configured with at least two and no more than
three auto seals, Vault can also start up and unseal if one of the
configured seals is still available (though Vault will remain in a degraded mode in
this case). While seals are unavailable, seal wrapping and entropy augmentation can
still occur using the remaining seals, and values produced while a seal is down will
be re-wrapped with all the seals when all seals become healthy again.
An operator should choose two seals that are unlikely to become unavailable at the
same time. For example, they may choose KMS keys in two cloud regions, from
two different providers; or a mix of HSM, KMS, or Transit seals.
When an operator configures an additional seal or removes a seal (one at a time)
and restarts Vault, Vault will automatically detect that it needs to re-wrap
CSPs and seal wrapped values, and will start the process. Seal re-wrapping can

4
website/content/docs/configuration/seal/seal-ha.mdx
View File

@@ -12,8 +12,8 @@ description: |-
@include 'alerts/beta.mdx'
[Seal High Availability](/vault/docs/concepts/seal#seal-high-availability-enterprise-beta)
is the ability to configure more than one seal in order to have resilience against
outage of a seal service or mechanism.
provides the means to configure at least two auto-seals (and no more than three)
in order to have resilience against outage of a seal service or mechanism.
Using Seal HA involves configuring extra seals in Vault's server configuration file
and restarting Vault, after having enabled the Seal HA beta feature by setting