diff --git a/command/init.go b/command/init.go index 96fe161603..129f1029cb 100644 --- a/command/init.go +++ b/command/init.go @@ -96,12 +96,13 @@ Init Options: -pgp-keys If provided, must be a comma-separated list of files on disk containing binary- or base64-format - public PGP keys. The number of files must match - 'key-shares'. The output unseal keys will encrypted - and hex-encoded, in order, with the given public keys. - If you want to use them with the 'vault unseal' - command, you will need to hex decode and decrypt; - this will be the plaintext unseal key. + public PGP keys, or Keybase usernames specified as + "keybase:". The number of given entries + must match 'key-shares'. The output unseal keys will + encrypted and hex-encoded, in order, with the given + public keys. If you want to use them with the 'vault + unseal' command, you will need to hex decode and + decrypt; this will be the plaintext unseal key. ` return strings.TrimSpace(helpText) } diff --git a/command/rekey.go b/command/rekey.go index 80f4e92d1c..ac612a160e 100644 --- a/command/rekey.go +++ b/command/rekey.go @@ -233,12 +233,13 @@ Unseal Options: -pgp-keys If provided, must be a comma-separated list of files on disk containing binary- or base64-format - public PGP keys. The number of files must match - 'key-shares'. The output unseal keys will encrypted - and hex-encoded, in order, with the given public keys. - If you want to use them with the 'vault unseal' - command, you will need to hex decode and decrypt; - this will be the plaintext unseal key. + public PGP keys, or Keybase usernames specified as + "keybase:". The number of given entries + must match 'key-shares'. The output unseal keys will + encrypted and hex-encoded, in order, with the given + public keys. If you want to use them with the 'vault + unseal' command, you will need to hex decode and + decrypt; this will be the plaintext unseal key. ` return strings.TrimSpace(helpText) }