When “show idvaults” is used, information about a “vault operations key” is given on the console.What is this key used for?
It is not the same key as seen in the Vault trust or Password Reset Certificates, nor is it visible using ID Properties of the fault id using the Admin Client.
Subject: The vault operations key is used to encrypt ID files in the vault
The vault operations key (2048-bit key) is stored in the vault encrypted with the server’s ID. When ID files are stored in the vault, they are encrypted with a 256-bit AES key. The AES bulk key is encrypted with the vault operations key.