I can’t seem to find a straightforward answer even though the docs say the following:
Once unsealed [using master key], each security deposit boxes still requires the owner provide a key
What is the “owner’s key”?
I am trying to figure out whether all secrets stored by vault (in whatever backend) are readable by operator who is in possession of master key?
That is, can vault be used to store any personal secrets because they are somehow (if so, how?) encrypted using user’s/entity’s key (which might be generated during login on the client’s side), or, are all secrets encrypted only once using the same master key, that is, whoever has access to master key can decrypt the whole vault?