|
|
|
|
|
|
by jfindley
2766 days ago
|
|
|
It's one of my least favourite things about vault as a product - it would have been technically feasible to not require unsealing for read-only operations, and thus not made a 2am restart a critical failure. I made a PoC once (I don't think it's still published anywhere) that does exactly this. Unfortunately they chose not to do this. Admittedly simplicity is a feature in and of itself, and the read-only unsealing requires more complex asymmetric cryptography, but the excellent nacl[0] makes this a lot easier than it used to be. 0: https://nacl.cr.yp.to/box.html |
|
|