From bf2667bd2cb96f8b493ef6b3277fd8fcaa707c03 Mon Sep 17 00:00:00 2001 From: Loann Le <84412881+taoism4504@users.noreply.github.com> Date: Tue, 26 Apr 2022 12:13:03 -0700 Subject: [PATCH] Vault documentation: updated docs to include a note about seal requirement (#15172) * add note about seal requirement * fixed spelling error * updated notes * Update website/content/docs/configuration/seal/pkcs11.mdx Co-authored-by: Yoko Hyakuna * Update website/content/docs/concepts/seal.mdx Co-authored-by: Yoko Hyakuna Co-authored-by: Yoko Hyakuna --- website/content/docs/concepts/seal.mdx | 2 ++ website/content/docs/configuration/seal/alicloudkms.mdx | 3 +++ website/content/docs/configuration/seal/awskms.mdx | 2 ++ website/content/docs/configuration/seal/azurekeyvault.mdx | 2 ++ website/content/docs/configuration/seal/gcpckms.mdx | 2 ++ website/content/docs/configuration/seal/ocikms.mdx | 2 ++ website/content/docs/configuration/seal/pkcs11.mdx | 2 ++ 7 files changed, 15 insertions(+) diff --git a/website/content/docs/concepts/seal.mdx b/website/content/docs/concepts/seal.mdx index 2790dee0fe..9aeec7a6b8 100644 --- a/website/content/docs/concepts/seal.mdx +++ b/website/content/docs/concepts/seal.mdx @@ -81,6 +81,8 @@ access to the root key shards. ## Auto Unseal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the seal provider (HSM or cloud KMS) must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + Auto Unseal was developed to aid in reducing the operational complexity of keeping the unseal key secure. This feature delegates the responsibility of securing the unseal key from users to a trusted device or service. At startup diff --git a/website/content/docs/configuration/seal/alicloudkms.mdx b/website/content/docs/configuration/seal/alicloudkms.mdx index 86be912ab1..169a187160 100644 --- a/website/content/docs/configuration/seal/alicloudkms.mdx +++ b/website/content/docs/configuration/seal/alicloudkms.mdx @@ -10,6 +10,9 @@ description: >- # `alicloudkms` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + + The AliCloud KMS seal configures Vault to use AliCloud KMS as the seal wrapping mechanism. The AliCloud KMS seal is activated by one of the following: diff --git a/website/content/docs/configuration/seal/awskms.mdx b/website/content/docs/configuration/seal/awskms.mdx index 86195482da..b3fed4cefe 100644 --- a/website/content/docs/configuration/seal/awskms.mdx +++ b/website/content/docs/configuration/seal/awskms.mdx @@ -8,6 +8,8 @@ description: |- # `awskms` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + The AWS KMS seal configures Vault to use AWS KMS as the seal wrapping mechanism. The AWS KMS seal is activated by one of the following: diff --git a/website/content/docs/configuration/seal/azurekeyvault.mdx b/website/content/docs/configuration/seal/azurekeyvault.mdx index 1e74da7157..4dfb79a776 100644 --- a/website/content/docs/configuration/seal/azurekeyvault.mdx +++ b/website/content/docs/configuration/seal/azurekeyvault.mdx @@ -10,6 +10,8 @@ description: >- # `azurekeyvault` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + The Azure Key Vault seal configures Vault to use Azure Key Vault as the seal wrapping mechanism. The Azure Key Vault seal is activated by one of the following: diff --git a/website/content/docs/configuration/seal/gcpckms.mdx b/website/content/docs/configuration/seal/gcpckms.mdx index 1b9dc512a0..2db269b79e 100644 --- a/website/content/docs/configuration/seal/gcpckms.mdx +++ b/website/content/docs/configuration/seal/gcpckms.mdx @@ -10,6 +10,8 @@ description: >- # `gcpckms` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + The GCP Cloud KMS seal configures Vault to use GCP Cloud KMS as the seal wrapping mechanism. The GCP Cloud KMS seal is activated by one of the following: diff --git a/website/content/docs/configuration/seal/ocikms.mdx b/website/content/docs/configuration/seal/ocikms.mdx index 380d43c84e..cd5f0c4866 100644 --- a/website/content/docs/configuration/seal/ocikms.mdx +++ b/website/content/docs/configuration/seal/ocikms.mdx @@ -8,6 +8,8 @@ description: |- # `ocikms` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + The OCI KMS seal configures Vault to use OCI KMS as the seal wrapping mechanism. The OCI KMS seal is activated by one of the following: diff --git a/website/content/docs/configuration/seal/pkcs11.mdx b/website/content/docs/configuration/seal/pkcs11.mdx index 48e90bccab..d71016e1a6 100644 --- a/website/content/docs/configuration/seal/pkcs11.mdx +++ b/website/content/docs/configuration/seal/pkcs11.mdx @@ -8,6 +8,8 @@ description: |- # `pkcs11` Seal +-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, HSM must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. + The PKCS11 seal configures Vault to use an HSM with PKCS11 as the seal wrapping mechanism. Vault Enterprise's HSM PKCS11 support is activated by one of the following: