jaxxstorm
commented
6 years ago So, couple things.
1) the rekey endpoint seems to be unauthed. Anyone can start a rekey, which is nice. 2) we only need to submit to 1 vault in a datacenter. We should either use a goroutine to do all if we need to, or close it down with the datacenter flag. We need to pick a random vault server from a DC we choose.
A future enhancement would be store the rekey nonce in consul, but we can get there later.
This should be a subcommand of the overall rekey command:
locksmith rekey start.It should take the following parameters:
It will return a nonce, which should be output to be shared. In future, we can store this somewhere like consul