Generating new master key shares in Vault

Vault makes use of Shamir’s secret sharing scheme to split a master key into n pieces, requiring at least k of them to be presented at unseal time. At initialisation time, the user specifies what values n and k should take. However, Vault does not make it possible to change the number of shares after initialisation without recreating new shares for existing shareholders. Shamir’s scheme does allow this so I decided to raise a pull request implementing this functionality.

Written on March 25, 2017 by: