vaultOperatorRekeyOptions top-level property
Implementation
final List<Option> vaultOperatorRekeyOptions = [
Option(
name: '-cancel',
description: 'Reset the rekeying progress. This will discard any submitted unseal keys or configuration. The default is false'
),
Option(
name: '-init',
description: 'Initialize the rekeying operation. This can only be done if no rekeying operation is in progress. Customize the new number of key shares and key threshold using the -key-shares and -key-threshold flags. The default is false'
),
Option(
name: ['-key-shares', '-n'],
description: 'Number of key shares to split the generated root key into. This is the number of \'unseal keys\' to generate. This is aliased as \'-n\'. The default is 5',
args: [
Arg(
name: 'int',
suggestions: [
FigSuggestion(name: '5')
],
defaultValue: '5'
)
]
),
Option(
name: ['-key-threshold', '-t'],
description: 'Number of key shares required to reconstruct the root key. This must be less than or equal to -key-shares. This is aliased as \'-t\'. The default is 3',
args: [
Arg(
name: 'int',
suggestions: [
FigSuggestion(name: '5')
],
defaultValue: '5'
)
]
),
Option(
name: '-nonce',
description: 'Nonce value provided at initialization. The same nonce value must be provided with each unseal key',
args: [
Arg(
name: 'string'
)
],
priority: 38
),
Option(
name: '-pgp-keys',
description: 'Comma-separated list of paths to files on disk containing public PGP keys OR a comma-separated list of Keybase usernames using the format \'keybase:<username>\'. When supplied, the generated unseal keys will be encrypted and base64-encoded in the order specified in this list. The number of entries must match -key-shares, unless -stored-shares are used',
args: [
Arg(
name: 'pgp_key',
suggestions: [
FigSuggestion(name: 'keybase:user1'),
FigSuggestion(name: '/path/to/pgp/key1,/path/to/pgp/key2')
],
template: 'filepaths'
)
]
),
Option(
name: '-status',
description: 'Print the status of the current attempt without providing an unseal key. The default is false'
),
Option(
name: '-target',
description: 'Target for rekeying. \'recovery\' only applies when HSM support is enabled. The default is barrier',
args: [
Arg(
name: 'string',
suggestions: [
FigSuggestion(name: 'barrier')
],
defaultValue: 'barrier'
)
]
),
Option(
name: '-verify',
description: 'Indicates that the action (-status, -cancel, or providing a key share) will be affecting verification for the current rekey attempt. The default is false'
),
Option(
name: '-backup',
description: 'Store a backup of the current PGP encrypted unseal keys in Vault\'s core. The encrypted values can be recovered in the event of failure or discarded after success. See the -backup-delete and -backup-retrieve options for more information. This option only applies when the existing unseal keys were PGP encrypted. The default is false'
),
Option(
name: '-backup-delete',
description: 'Delete any stored backup unseal keys. The default is false'
),
Option(
name: '-backup-retries',
description: 'Retrieve the backed-up unseal keys. This option is only available if the PGP keys were provided and the backup has not been deleted. The default is false'
)
];
