You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I currently have a non-HA Vault on my main machine, as I'm just building the automation of my infrastructure to make it HA. By that said, it sometimes distracts me, having the routine of getting the keys, starting the server, looking for my config, and unsealing. So, I asked myself: Why can't I just use my phone to decrypt the keys on the phone using the fingerprint (biometric authentication) as a security measure, in addition to 2FA (since you're using mobile anyway), and then make an API call from mobile to unseal the Vault?
so we have:
the keys stored and encrypted on the phone
pin and biometric authentication on the mobile side
2factor for api call and other auth like approle token
login and push a button to unseal your portions
so you have to store your unseal keys somewhere, why not on your phone, but encrypted
The text was updated successfully, but these errors were encountered:
Hi,
I currently have a non-HA Vault on my main machine, as I'm just building the automation of my infrastructure to make it HA. By that said, it sometimes distracts me, having the routine of getting the keys, starting the server, looking for my config, and unsealing. So, I asked myself: Why can't I just use my phone to decrypt the keys on the phone using the fingerprint (biometric authentication) as a security measure, in addition to 2FA (since you're using mobile anyway), and then make an API call from mobile to unseal the Vault?
so we have:
so you have to store your unseal keys somewhere, why not on your phone, but encrypted
The text was updated successfully, but these errors were encountered: