How to unseal a Vault in practice?

It is possible to force that multiple keys have to be entered in order to unseal the vault. How does this work in practice? If someone has entered a key and there is another key required to unseal the vault should one ask a colleague to enter another key and how should this be done to prevent that colleague A or someone else sees that key?

I assume your vault would be being accessed over a network, so you would ask a colleague to use their own command line on their own workstation to enter their key. Mine requires 3 keys to unseal so I just have 3 users independently enter the vault unseal command with their key.

StackExchange DevOps Q#2458, answer score: 4