I haven't finished reading the docs yet, but this part[1] caught my attention:
> When a backend is unmounted, all of its secrets are revoked and its data is deleted.
If a backend is similar to a filesystem as mentioned in the docs, that's quite a surprise. If a backend is like a filesystem, the secrets (files) should become unavailable when unmounted, but should become available again after remounting the backend (filesystem).
Are the secrets actually _deleted_ (ie, can't be recovered again), or am I misunderstanding?
I'm responding a little late here, but hopefully you'll still see this.
Yes, when you unmount a backend, all the data is deleted. Vault mostly behaves like a filesystem, but not in this scenario. The raw data is not preserved. If you want to preserve the raw data, you can remount (move the mount point).
We didn't finish it for 0.1, but we already built in secret enumeration into the core. We plan to expose this at some point. If you want to unmount and preserve your secrets, you can always enumerate them and back them up elsewhere (unencrypted). This isn't yet available.
> When a backend is unmounted, all of its secrets are revoked and its data is deleted.
If a backend is similar to a filesystem as mentioned in the docs, that's quite a surprise. If a backend is like a filesystem, the secrets (files) should become unavailable when unmounted, but should become available again after remounting the backend (filesystem).
Are the secrets actually _deleted_ (ie, can't be recovered again), or am I misunderstanding?
[1] http://vaultproject.io/intro/getting-started/secret-backends...