mirror of
https://github.com/hashicorp/vault.git
synced 2026-06-04 14:25:35 -04:00
Vault documentation: updated docs to include a note about seal requirement (#15172)
* add note about seal requirement * fixed spelling error * updated notes * Update website/content/docs/configuration/seal/pkcs11.mdx Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> * Update website/content/docs/concepts/seal.mdx Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
This commit is contained in:
Loann Le
GitHub
parent
0cc6693252
commit
bf2667bd2c
7 changed files with 15 additions and 0 deletions
|
|
@ -81,6 +81,8 @@ access to the root key shards.
|
|||
|
||||
## Auto Unseal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the seal provider (HSM or cloud KMS) must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
Auto Unseal was developed to aid in reducing the operational complexity of
|
||||
keeping the unseal key secure. This feature delegates the responsibility of
|
||||
securing the unseal key from users to a trusted device or service. At startup
|
||||
|
|
|
|||
|
|
@ -10,6 +10,9 @@ description: >-
|
|||
|
||||
# `alicloudkms` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
|
||||
The AliCloud KMS seal configures Vault to use AliCloud KMS as the seal wrapping mechanism.
|
||||
The AliCloud KMS seal is activated by one of the following:
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ description: |-
|
|||
|
||||
# `awskms` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
The AWS KMS seal configures Vault to use AWS KMS as the seal wrapping mechanism.
|
||||
The AWS KMS seal is activated by one of the following:
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ description: >-
|
|||
|
||||
# `azurekeyvault` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
The Azure Key Vault seal configures Vault to use Azure Key Vault as the seal
|
||||
wrapping mechanism. The Azure Key Vault seal is activated by one of the following:
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ description: >-
|
|||
|
||||
# `gcpckms` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
The GCP Cloud KMS seal configures Vault to use GCP Cloud KMS as the seal
|
||||
wrapping mechanism. The GCP Cloud KMS seal is activated by one of the following:
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ description: |-
|
|||
|
||||
# `ocikms` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
The OCI KMS seal configures Vault to use OCI KMS as the seal wrapping mechanism.
|
||||
The OCI KMS seal is activated by one of the following:
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ description: |-
|
|||
|
||||
# `pkcs11` Seal
|
||||
|
||||
-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, HSM must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
|
||||
|
||||
The PKCS11 seal configures Vault to use an HSM with PKCS11 as the seal wrapping
|
||||
mechanism. Vault Enterprise's HSM PKCS11 support is activated by one of the
|
||||
following:
|
||||
|
|
|
|||
Loading…
Reference in a new issue