From 3a7ce59d01dabcf4cef55a17a2304eabbe684fbe Mon Sep 17 00:00:00 2001 From: Chris Capurso <1036769+ccapurso@users.noreply.github.com> Date: Thu, 10 Nov 2022 15:43:11 -0500 Subject: [PATCH] clarify that init recovery options are only available for auto unseal (#17862) * clarify that init recovery options are only available for auto unseal * add some language consistency Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> --- website/content/api-docs/system/init.mdx | 12 ++++++------ website/content/docs/commands/operator/init.mdx | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/website/content/api-docs/system/init.mdx b/website/content/api-docs/system/init.mdx index df4a5334a6..a54d18184e 100644 --- a/website/content/api-docs/system/init.mdx +++ b/website/content/api-docs/system/init.mdx @@ -35,7 +35,7 @@ $ curl \ This endpoint initializes a new Vault. The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only -available when using Auto Unseal. +available when using [Auto Unseal](/docs/concepts/seal#auto-unseal). | Method | Path | | :----- | :---------- | @@ -65,17 +65,17 @@ Additionally, the following options are only supported using Auto Unseal: should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as `secret_shares`. -- `recovery_shares` `(int: )` – Specifies the number of shares to - split the recovery key into. +- `recovery_shares` `(int: 0)` – Specifies the number of shares to + split the recovery key into. This is only available when using Auto Unseal. -- `recovery_threshold` `(int: )` – Specifies the number of shares +- `recovery_threshold` `(int: 0)` – Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to - `recovery_shares`. + `recovery_shares`. This is only available when using Auto Unseal. - `recovery_pgp_keys` `(array: nil)` – Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of - this array must be the same as `recovery_shares`. + this array must be the same as `recovery_shares`. This is only available when using Auto Unseal. ### Sample Payload diff --git a/website/content/docs/commands/operator/init.mdx b/website/content/docs/commands/operator/init.mdx index 6a5f133c16..b9457f3a7e 100644 --- a/website/content/docs/commands/operator/init.mdx +++ b/website/content/docs/commands/operator/init.mdx @@ -109,13 +109,13 @@ flags](/docs/commands) included on all commands. ### HSM and KMS Options - `-recovery-pgp-keys` `(string: "...")` - Behaves like `-pgp-keys`, but for the - recovery key shares. This is only used with Auto Unseal seals (HSM, KMS and Transit seals). + recovery key shares. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals). - `-recovery-shares` `(int: 5)` - Number of key shares to split the recovery key - into. This is only used with Auto Unseal seals (HSM, KMS and Transit seals). + into. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals). - `-recovery-threshold` `(int: 3)` - Number of key shares required to - reconstruct the recovery key. This is only used with Auto Unseal seals (HSM, KMS and Transit seals). + reconstruct the recovery key. This is only available with [Auto Unseal](/docs/concepts/seal#auto-unseal) seals (HSM, KMS and Transit seals). - `-stored-shares` `(int: 0)` - Number of unseal keys to store on an HSM. This must be equal to `-key-shares`.