Vault documentation: updated key share/unseal images (#15526)

* updated images * added new image files
2025-10-29 17:52:32 +00:00 · 2022-05-20 10:59:30 -07:00
parent f80c2a854c
commit 74ac7578f9
6 changed files with 5 additions and 5 deletions
--- a/website/content/docs/concepts/seal.mdx
+++ b/website/content/docs/concepts/seal.mdx
@@ -37,7 +37,7 @@ the unseal key.

 ## Shamir seals

-![Shamir](/img/vault-shamir-storage.png)
+![Shahir seals](/img/vault-shamir-seal.png)

 The default Vault config uses a Shamir seal. Instead of distributing the unseal
 key as a single key to an operator, Vault uses an algorithm known as
@@ -89,7 +89,7 @@ securing the unseal key from users to a trusted device or service. At startup
 Vault will connect to the device or service implementing the seal and ask it
 to decrypt the root key Vault read from storage.

-![AutoUnseal](/img/vault-autounseal-storage.png)
+![Auto unseal](/img/vault-auto-unseal.png)

 There are certain operations in Vault besides unsealing that
 require a quorum of users to perform, e.g. generating a root token. When
--- a/website/content/docs/internals/architecture.mdx
+++ b/website/content/docs/internals/architecture.mdx
@@ -41,9 +41,9 @@ a root key. By default, Vault uses [Shamir's Secret
 Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing) to split the
 root key into a configured number of shards (referred as key shares or unseal
 keys). A certain threshold of shards is required to reconstruct the root key,
-which is then used to decrypt the Vault's encryption key. 
+which is then used to decrypt the Vault's encryption key.

-![Unseal keys](/img/unseal.png)
+![Unseal keys](/img/vault-shamir-seal.png)

 Refer to the [Seal/Unseal](/docs/concepts/seal#seal-unseal) documentation for
 further details.
--- a/website/content/docs/internals/rotation.mdx
+++ b/website/content/docs/internals/rotation.mdx
@@ -17,7 +17,7 @@ to split the root key into 5 shares, any 3 of which are required to reconstruct
 key. The root key is used to protect the encryption key, which is ultimately used to protect
 data written to the storage backend.

-[![Vault Shamir Secret Sharing Algorithm](/img/vault-shamir-secret-sharing.svg)](/img/vault-shamir-secret-sharing.svg)
+![Key Rotate](/img/vault-key-rotate.png)

 To support key rotation, we need to support changing the unseal keys, root key, and the
 backend encryption key. We split this into two separate operations, `rekey` and `rotate`.
--- a/website/public/img/vault-auto-unseal.png
+++ b/website/public/img/vault-auto-unseal.png
--- a/website/public/img/vault-key-rotate.png
+++ b/website/public/img/vault-key-rotate.png
--- a/website/public/img/vault-shamir-seal.png
+++ b/website/public/img/vault-shamir-seal.png