Fixed wrong rekey recovery backup client API URL (hashicorp#6841)

* Fixed wrong rekey recovery backup client API URL * Fixed wrong rekey recovery backup client API URL delete * Changed output for recovery backup key delete
kstevena · Jun 11, 2019 · 37f4b65 · 37f4b65
1 parent f06bfa3
commit 37f4b65
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/api/sys_rekey.go b/api/sys_rekey.go
@@ -234,7 +234,7 @@ func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) {
 }
 
 func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) {
-	r := c.c.NewRequest("GET", "/v1/sys/rekey/recovery-backup")
+	r := c.c.NewRequest("GET", "/v1/sys/rekey/recovery-key-backup")
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()
@@ -275,7 +275,7 @@ func (c *Sys) RekeyDeleteBackup() error {
 }
 
 func (c *Sys) RekeyDeleteRecoveryBackup() error {
-	r := c.c.NewRequest("DELETE", "/v1/sys/rekey/recovery-backup")
+	r := c.c.NewRequest("DELETE", "/v1/sys/rekey/recovery-key-backup")
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	defer cancelFunc()

diff --git a/command/operator_rekey.go b/command/operator_rekey.go
@@ -685,12 +685,22 @@ func (c *OperatorRekeyCommand) printUnsealKeys(client *api.Client, status *api.R
 
 	if len(resp.PGPFingerprints) > 0 && resp.Backup {
 		c.UI.Output("")
-		c.UI.Output(wrapAtLength(fmt.Sprintf(
-			"The encrypted unseal keys are backed up to \"core/unseal-keys-backup\"" +
-				"in the storage backend. Remove these keys at any time using " +
-				"\"vault operator rekey -backup-delete\". Vault does not automatically " +
-				"remove these keys.",
-		)))
+		switch strings.ToLower(strings.TrimSpace(c.flagTarget)) {
+		case "barrier":
+			c.UI.Output(wrapAtLength(fmt.Sprintf(
+				"The encrypted unseal keys are backed up to \"core/unseal-keys-backup\" " +
+					"in the storage backend. Remove these keys at any time using " +
+					"\"vault operator rekey -backup-delete\". Vault does not automatically " +
+					"remove these keys.",
+			)))
+		case "recovery", "hsm":
+			c.UI.Output(wrapAtLength(fmt.Sprintf(
+				"The encrypted unseal keys are backed up to \"core/recovery-keys-backup\" " +
+					"in the storage backend. Remove these keys at any time using " +
+					"\"vault operator rekey -backup-delete -target=recovery\". Vault does not automatically " +
+					"remove these keys.",
+			)))
+		}
 	}
 
 	switch status.VerificationRequired {