Backport of Vault documentation: updated docs to include a note about…

… seal requirement into release/1.10.x (#15189) * backport of commit d7928f8 * backport of commit b398d4f * backport of commit d02d88e * backport of commit 68ca140 * backport of commit 1708cc6 Co-authored-by: taoism4504 <[email protected]> Co-authored-by: Loann Le <[email protected]>
hashicorp · Apr 26, 2022 · 9432586 · 9432586
1 parent e034d5f
commit 9432586
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 0 deletions.
diff --git a/website/content/docs/concepts/seal.mdx b/website/content/docs/concepts/seal.mdx
@@ -81,6 +81,8 @@ access to the root key shards.
 
 ## Auto Unseal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the seal provider (HSM or cloud KMS) must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. 
+
 Auto Unseal was developed to aid in reducing the operational complexity of
 keeping the unseal key secure. This feature delegates the responsibility of
 securing the unseal key from users to a trusted device or service. At startup

diff --git a/website/content/docs/configuration/seal/alicloudkms.mdx b/website/content/docs/configuration/seal/alicloudkms.mdx
@@ -10,6 +10,9 @@ description: >-
 
 # `alicloudkms` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
+
+
 The AliCloud KMS seal configures Vault to use AliCloud KMS as the seal wrapping mechanism.
 The AliCloud KMS seal is activated by one of the following:
 

diff --git a/website/content/docs/configuration/seal/awskms.mdx b/website/content/docs/configuration/seal/awskms.mdx
@@ -8,6 +8,8 @@ description: |-
 
 # `awskms` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
+
 The AWS KMS seal configures Vault to use AWS KMS as the seal wrapping mechanism.
 The AWS KMS seal is activated by one of the following:
 

diff --git a/website/content/docs/configuration/seal/azurekeyvault.mdx b/website/content/docs/configuration/seal/azurekeyvault.mdx
@@ -10,6 +10,8 @@ description: >-
 
 # `azurekeyvault` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
+
 The Azure Key Vault seal configures Vault to use Azure Key Vault as the seal
 wrapping mechanism. The Azure Key Vault seal is activated by one of the following:
 

diff --git a/website/content/docs/configuration/seal/gcpckms.mdx b/website/content/docs/configuration/seal/gcpckms.mdx
@@ -10,6 +10,8 @@ description: >-
 
 # `gcpckms` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information. 
+
 The GCP Cloud KMS seal configures Vault to use GCP Cloud KMS as the seal
 wrapping mechanism. The GCP Cloud KMS seal is activated by one of the following:
 

diff --git a/website/content/docs/configuration/seal/ocikms.mdx b/website/content/docs/configuration/seal/ocikms.mdx
@@ -8,6 +8,8 @@ description: |-
 
 # `ocikms` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, the KMS service must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
+
 The OCI KMS seal configures Vault to use OCI KMS as the seal wrapping mechanism.
 The OCI KMS seal is activated by one of the following:
 

diff --git a/website/content/docs/configuration/seal/pkcs11.mdx b/website/content/docs/configuration/seal/pkcs11.mdx
@@ -8,6 +8,8 @@ description: |-
 
 # `pkcs11` Seal
 
+-> **Note:** The Seal Wrap functionality is enabled by default. For this reason, HSM must be available throughout Vault's runtime and not just during the unseal process. Refer to the [Seal Wrap](/docs/enterprise/sealwrap) documenation for more information.
+
 The PKCS11 seal configures Vault to use an HSM with PKCS11 as the seal wrapping
 mechanism. Vault Enterprise's HSM PKCS11 support is activated by one of the
 following: