Shamir’s Secret Sharing is a cryptographic algorithm that allows a secret to be split into multiple
parts, called key shares, such that a certain number of key shares are required to reconstruct the
secret. The number of key shares and the threshold number are configurable parameters that
depend on the desired level of security and availability. Vault uses Shamir’s Secret Sharing to protect
its master key, which is used to encrypt and decrypt the data encryption key that secures the Vault
data. When Vault is initialized, it generates a master key and splits it into a configured number of key
shares, which are then distributed to trusted operators. To unseal Vault, the threshold number of key
shares must be provided to reconstruct the master key and decrypt the data encryption key. This
process ensures that no single operator can access the Vault data without the cooperation of other
key holders. Reference: https://developer.hashicorp.com/vault/docs/concepts/seal4,
https://developer.hashicorp.com/vault/docs/commands/operator/init5,
https://developer.hashicorp.com/vault/docs/commands/operator/unseal6
