From ec8befbaacd6903025cc124074ceee0de722424a Mon Sep 17 00:00:00 2001 From: Didi Kohen Date: Wed, 3 Jan 2018 18:18:38 +0200 Subject: [PATCH] Clarify that keybase is supported only in the CLI (#3744) --- website/source/docs/concepts/pgp-gpg-keybase.html.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/website/source/docs/concepts/pgp-gpg-keybase.html.md b/website/source/docs/concepts/pgp-gpg-keybase.html.md index 9e84ae44d2..ca4cc0385d 100644 --- a/website/source/docs/concepts/pgp-gpg-keybase.html.md +++ b/website/source/docs/concepts/pgp-gpg-keybase.html.md @@ -16,6 +16,14 @@ and services like Keybase.io to provide an additional layer of security when performing certain operations. This page details the various PGP integrations, their use, and operation. +Keybase.io support is available only in the command-line tool and not via the +Vault HTTP API, tools that help with initialization should use the Keybase.io +API in order to obtain the GPG keys needed for a secure initialization if you +want them to use Keybase for keys. + +Once the Vault has been initialized, it is possible to use Keybase to decrypt +the shards and unseal normally. + ## Initializing with PGP One of the early fundamental problems when bootstrapping and initializing Vault was that the first user (the initializer) received a plain-text copy of all of