flag provided but not defined: -stored-shares

[lauradiane]

• Vault Version:
  $ vault -v
  Vault v0.9.3+prem.hsm ('cf19c60258ae531107f6562fa8609c62ea039ad0') (cgo)

Saw same behavior on Vault v0.9.2+prem.hsm ('d2fe786e8430d4949f57a4a92566de82e17262b9') (cgo)

Expected Behavior:
Should be like 0.9.1+prem.hsm, where the stored-shares=1 flag is accepted for sys/rekey/init

Actual Behavior:

$ vault operator rekey -init -key-shares=1 -key-threshold=1 -stored-shares=1

flag provided but not defined: -stored-shares

Yet when you try without that flag it says that flag is required:

$ vault operator rekey -init -key-shares=1 -key-threshold=1 

Error initializing rekey: Error making API request.

URL: PUT http://0.0.0.0:8200/v1/sys/rekey/init
Code: 400. Errors:

* secret shares, secret threshold, and stored shares must be set to 1

The API docs say (at the top, in the header) that stored-shares is required for the HSM version, but stored-shares parameter is not included in sys/rekey/init: https://www.vaultproject.io/api/system/rekey.html#start-rekey

[madsonic]

The same thing happened for nounce but on a dev server.

$ vault version
Vault v0.10.3 ('533003e27840d9646cb4e7d23b3a113895da1dd0')
$ vault operator rekey - < myunsealkeys
Missing nonce value: specify it via the -nonce flag
$ vault operator rekey -nounce=d0e3a38f-4a46-202c-d050-6ef818399fd2
flag provided but not defined: -nounce
$ vault operator rekey -nounce="d0e3a38f-4a46-202c-d050-6ef818399fd2"
flag provided but not defined: -nounce

[chrishoffman]

@madsonic The flag is -nonce not -nounce

[madsonic]

hmmm in this case. should the error message be updated to be more accurate?

[jefferai]

@madsonic What would you suggest?

[madsonic]

initially when I read the message I thought that it meant the value for the flag was not defined. perhaps invalid flag might be better? but this is probably subjective. The best way would be to suggest corrections for mispelled flags but this would be a feature by itself