I did a brief search on this:
https://groups.google.com/forum/#!searchin/vault-tool/pgp_keys%7Csort:date
https://groups.google.com/forum/#!searchin/vault-tool/root_token_pgp_key%7Csort:date
But both of the results seem to talk more about keybase keys or the existence of the parameters, rather than serialization.
This search result looked promising, but it passes the file names for the keys in as parameters:
https://chiefy.github.io/using-pgp-keys-with-hashicorp-s-vault#initializing-our-vault
Even this guide I found focuses on the keybase.io references, rather than a big honkin' full public key:
https://chairnerd.seatgeek.com/practical-vault-usage#initialization
I assume that I can just modify the Sample Payload posted here: https://www.vaultproject.io/api/system/init.html#sample-payload
{
"secret_shares": 10,
"secret_threshold": 5,
"pgp_keys": ["LS0tLS1CRUd...", "NmRkZElYbGlK..."],
"root_token_pgp_key": "LS0tLS1CRUd..."
}
The question is, how do I end up with a value for the pgp_keys
and root_token_pgp_key
parameters with which to replace my dummy value of LS0tLS1CRUd...
?
Do I base64 serialize the whole key, newlines and all?
I believe the key itself already is base64 serialized.
Can I just replace the newlines with spaces and throw it in there?
Anyway, on behalf of me, and on behalf of those of us who are still feeling too iffy about the whole keybase.io thing, I intend to do further research on this and test it out later this afternoon.