mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-04 20:06:27 +02:00
Code Issues Projects Releases Wiki Activity

Update website docs around root token generation

Browse Source
This commit is contained in:
Jeff Mitchell 2018-10-10 11:51:05 -04:00
parent 7cd1984a4d
commit 320d1b7c07
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
website/source/api/system/generate-root.html.md
View File

@ -54,15 +54,18 @@ This endpoint initializes a new root generation attempt. Only a single root
generation attempt can take place at a time. One (and only one) of `otp` or
`pgp_key` are required.
Note: `otp` can be empty, in which case an OTP of suitable length will be
generated for you, which is recommended. Future versions of Vault will remove
the need to set this parameter at all.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/generate-root/attempt` | `200 application/json` |
### Parameters
- `otp` `(string: <required-unless-pgp>)`  Specifies a base64-encoded 16-byte
value. The raw bytes of the token will be XOR'd with this value before being
returned to the final unseal key provider.
- `otp` `(string: <required-unless-pgp>)`  Set, but leave this value blank, to
have Vault generate a suitable OTP and return it.
- `pgp_key` `(string: <required-unless-otp>)` Specifies a base64-encoded PGP
public key. The raw bytes of the token will be encrypted with this value
@ -72,7 +75,7 @@ generation attempt can take place at a time. One (and only one) of `otp` or
```json
{
"otp": "CB23=="
"otp": ""
}
```
@ -94,7 +97,8 @@ $ curl \
"progress": 1,
"required": 3,
"encoded_token": "",
"pgp_fingerprint": "816938b8a29146fbe245dd29e7cbaf8e011db793",
"otp": "2vPFYG8gUSW9npwzyvxXMug0",
"otp_length" :24,
"complete": false
}
```

14
website/source/api/system/replication-dr.html.md
View File

@ -457,15 +457,18 @@ This endpoint initializes a new generation attempt. Only a single
generation attempt can take place at a time. One (and only one) of `otp` or
`pgp_key` are required.
Note: `otp` can be empty, in which case an OTP of suitable length will be
generated for you, which is recommended. Future versions of Vault will remove
the need to set this parameter at all.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/replication/dr/secondary/generate-operation-token/attempt` | `200 application/json` |
### Parameters
- `otp` `(string: <required-unless-pgp>)`  Specifies a base64-encoded 16-byte
value. The raw bytes of the token will be XOR'd with this value before being
returned to the final unseal key provider.
- `otp` `(string: <required-unless-pgp>)`  Set, but leave this value blank, to
have Vault generate a suitable OTP and return it.
- `pgp_key` `(string: <required-unless-otp>)` Specifies a base64-encoded PGP
public key. The raw bytes of the token will be encrypted with this value
@ -475,7 +478,7 @@ generation attempt can take place at a time. One (and only one) of `otp` or
```json
{
"otp": "CB23=="
"otp": ""
}
```
@ -497,7 +500,8 @@ $ curl \
"progress": 1,
"required": 3,
"encoded_token": "",
"pgp_fingerprint": "816938b8a29146fbe245dd29e7cbaf8e011db793",
"otp": "2vPFYG8gUSW9npwzyvxXMug0",
"otp_length" :24,
"complete": false
}
```