mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 11:38:02 +00:00
e4aba1516d
* Do not refresh seal-wrapped values when there are unhealthy seals. Modify Access.IsUpToDate() to consider entries as being up-to-date when one or more encryption wrappers fail to encrypt the test value, since re-wrapping the value would result in the loss of the ciphertext for the unhealthy wrappers. In addition, make Access.IsUpToDate() return true is the key set ID has not been populated and the caller has not forced key ID refresh. Make Access.Encrypt() return an error for any encryption wrapper that is skipped due to being unhealthy. * Update Seal HA documentation. Mention that the barrier key and the recovery keys cannot be rotated while there are unhealthy seals. Document environment variable VAULT_SEAL_REWRAP_SAFETY.