Skip to main content

operator seal

The operator seal seals the OpenBao server. Sealing tells the OpenBao server to stop responding to any operations until it is unsealed. When sealed, the OpenBao server discards its in-memory root key to unlock the data, so it is physically blocked from responding to operations unsealed.

If an unseal is in progress, sealing the OpenBao will reset the unsealing process. Users will have to re-enter their portions of the root key again.

This command does nothing if the OpenBao server is already sealed.

For more information on sealing and unsealing, please the seal concepts page.

Examples

Seal an OpenBao server:

$ bao operator seal
Success! OpenBao is sealed.

Usage

There are no flags beyond the standard set of flags included on all commands.