Add note on support for using rec keys on /sys/rekey (#3517)

hashicorp · Nov 6, 2017 · 447d13e · 447d13e
1 parent ee43880
commit 447d13e
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/website/source/api/system/rekey.html.md b/website/source/api/system/rekey.html.md
@@ -10,6 +10,11 @@ description: |-
 
 The `/sys/rekey` endpoints are used to rekey the unseal keys for Vault.
 
+On seals that support stored keys (e.g. HSM PKCS11), the recovery key share(s)
+can be provided to rekey the master key since no unseal keys are available. The
+secret shares, secret threshold, and stored shares parameteres must be set to 1.
+Upon successful rekey, no split unseal key shares are returned.
+
 ## Read Rekey Progress
 
 This endpoint reads the configuration and progress of the current rekey attempt.