What occurs if a Vault is unsealed without the correct key shares?

When a Vault is unsealed, it relies on a mechanism called Shamir's Secret Sharing to secure its cryptographic key components. This means that the unsealing process requires a specific number of key shares to access the Vault's secrets and functionality. If the correct key shares are not provided during the unsealing process, the Vault remains in a sealed state. This is a crucial security feature designed to prevent unauthorized access to sensitive data.

The integrity of the Vault is maintained because it will not transition to an unsealed state without the necessary key shares, ensuring that only those with the proper credentials and components can access the stored secrets. Consequently, the inability to correct the unsealing process with the proper key shares effectively keeps the Vault sealed and inaccessible.