scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename master key to root key (#13324)

Browse Source 
* See what it looks like to replace "master key" with "root key".  There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)

* Restore accidentally deleted line

* Add changelog

* Update root->recovery

* Fix test

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
This commit is contained in:
Jim Kalafut
2021-12-06 17:12:20 -08:00
committed by GitHub
parent 1ad3ba0be2
commit a72a5ff754
23 changed files with 182 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
command/operator_init.go
View File

@@ -57,10 +57,10 @@ Usage: vault operator init [options]
same storage backend in HA mode, you only need to initialize one Vault to
initialize the storage backend.
During initialization, Vault generates an in-memory master key and applies
Shamir's secret sharing algorithm to disassemble that master key into a
During initialization, Vault generates an in-memory root key and applies
Shamir's secret sharing algorithm to disassemble that root key into a
configuration number of key shares such that a configurable subset of those
key shares must come together to regenerate the master key. These keys are
key shares must come together to regenerate the root key. These keys are
often called "unseal keys" in Vault's documentation.
This command cannot be run against an already-initialized Vault cluster.
@@ -105,7 +105,7 @@ func (c *OperatorInitCommand) Flags() *FlagSets {
Target: &c.flagKeyShares,
Default: defKeyShares,
Completion: complete.PredictAnything,
Usage: "Number of key shares to split the generated master key into. " +
Usage: "Number of key shares to split the generated root key into. " +
"This is the number of \"unseal keys\" to generate.",
})
@@ -115,7 +115,7 @@ func (c *OperatorInitCommand) Flags() *FlagSets {
Target: &c.flagKeyThreshold,
Default: defKeyThreshold,
Completion: complete.PredictAnything,
Usage: "Number of key shares required to reconstruct the master key. " +
Usage: "Number of key shares required to reconstruct the root key. " +
"This must be less than or equal to -key-shares.",
})
@@ -447,8 +447,8 @@ func (c *OperatorInitCommand) init(client *api.Client, req *api.InitRequest) int
c.UI.Output("")
c.UI.Output(wrapAtLength(fmt.Sprintf(
"Vault does not store the generated master key. Without at least %d "+
"keys to reconstruct the master key, Vault will remain permanently "+
"Vault does not store the generated root key. Without at least %d "+
"keys to reconstruct the root key, Vault will remain permanently "+
"sealed!",
req.SecretThreshold)))