From 5d7ac8c108f2b79244f2a95b6be5edcd6290c8e9 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Wed, 26 Apr 2023 19:19:53 -0400 Subject: [PATCH] backport of commit 2532fd55fae5454ac28867ed0b664fc03d67d218 (#20384) Co-authored-by: Brian Shumate --- .../content/api-docs/system/replication/replication-dr.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/website/content/api-docs/system/replication/replication-dr.mdx b/website/content/api-docs/system/replication/replication-dr.mdx index ba9e299c7289..cb37e17ded4d 100644 --- a/website/content/api-docs/system/replication/replication-dr.mdx +++ b/website/content/api-docs/system/replication/replication-dr.mdx @@ -178,7 +178,8 @@ identifier can later be used to revoke a DR secondary's access. - `secondary_public_key` `(string: "")` – Specifies the secondary's generated public key, if using encryption rather than response wrapping to protect the - secondary credentials. (Vault 1.3+) + secondary credentials. (Vault 1.3+). Use this to avoid making an API call to + the primary during secondary activation. ### Sample Payload @@ -249,11 +250,11 @@ $ curl \ http://127.0.0.1:8200/v1/sys/replication/dr/primary/revoke-secondary ``` -## Fetch DR Secondary Public Key +## Generate DR Secondary Public Key (Vault 1.3+) -This endpoint allows fetching a public key that is used to encrypt the returned +This endpoint allows generating a public key that is used to encrypt the returned credential information (instead of using a response wrapped token). This avoids needing to make an API call to the primary during activation.