mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-12 14:21:10 +01:00
2b9b8f355b
* Update init.mdx Updated operator init documentation to try to avoid steering customers towards running Auto Unseal seals with recovery-shares=1 and recovery-threshold=1. This is a bad security posture, as it can allow a single user with access to that recovery share to create root tokens and do other very sensitive tasks. Also rewrote parts of the HSM/KMS Options section to indicate that recovery-related options are not solely for HSM-mode Vault but are for ANY Auto Unseal seal. * Update website/content/docs/commands/operator/init.mdx Adding an appropriate number of recovery-pgp-keys Co-authored-by: Yoko <yoko@hashicorp.com> Co-authored-by: Yoko <yoko@hashicorp.com>