As I can see from https://www.consul.io/api/operator/keyring.html HTTP API can be used for getting consul encryption key if we have Consul token, but this article does not cover the case when I want to get the primary encryption key.
During my research, I found that the primary key is in zero position all time, but it is not proved by documentation. My assumption was that I can get Consul encryption key by the following command:
All keys are treated equally which means there is no primary encryption key. Maybe you could share more details about your use case so I can better understand what you are looking for.
during the rotation process, some of the keys that will be returned by this API can be inactive. I want to be sure that the key that I’ll get by using this API will be active.