Add documentation for cubbyhole

website/source/docs/secrets/cubbyhole/index.html.md

@@ -0,0 +1,50 @@
+---
+layout: "docs"
+page_title: "Secret Backend: Cubbyhole"
+sidebar_current: "docs-secrets-cubbyhole"
+description: |-
+  The cubbyhole secret backend can store arbitrary secrets scoped to a single token.
+---
+
+# Cubbyhole Secret Backend
+
+Name: `cubbyhole`
+
+The `cubbyhole` secret backend is used to store arbitrary secrets within
+the configured physical storage for Vault. It is mounted at the `cubbyhole/`
+prefix by default and cannot be mounted elsewhere or removed.
+
+This backend differs from the `generic` backend in that the `generic` backend's
+values are accessible to any token with read privileges on that path. In this
+backend, paths are scoped per token; no token can read secrets placed in
+another token's cubbyhole. When the token expires, its cubbyhole is destroyed.
+
+Also unlike the `generic` backend, because the cubbyhole's lifetime is linked
+to an authentication token, there is no concept of a lease or lease TTL for
+values contained in the token's cubbyhole.
+
+Writing to a key in the `cubbyhole/` backend will replace the old value,
+the sub-fields are not merged together.
+
+## Quick Start
+
+The `cubbyhole` backend allows for writing keys with arbitrary values.
+
+As an example, we can write a new key "foo" to the `cubbyhole` backend, which
+is mounted at `cubbyhole/`:
+
+```
+$ vault write cubbyhole/foo zip=zap
+Success! Data written to: cubbyhole/foo
+```
+
+This writes the key with the "zip" field set to "zap". We can test this by doing
+a read:
+
+```
+$ vault read cubbyhole/foo
+Key           	Value
+zip           	zap
+```
+
+As expected, the value previously set is returned to us.

website/source/layouts/docs.erb

@@ -105,25 +105,33 @@
 							<a href="/docs/secrets/aws/index.html">AWS</a>
 						</li>
 
+						<li<%= sidebar_current("docs-secrets-cassandra") %>>
+							<a href="/docs/secrets/cassandra/index.html">Cassandra</a>
+						</li>
+
 						<li<%= sidebar_current("docs-secrets-consul") %>>
 							<a href="/docs/secrets/consul/index.html">Consul</a>
 						</li>
 
-						<li<%= sidebar_current("docs-secrets-pki") %>>
-							<a href="/docs/secrets/pki/index.html">PKI (Certificates)</a>
-                        </li>
+						<li<%= sidebar_current("docs-secrets-cubbyhole") %>>
+							<a href="/docs/secrets/cubbyhole/index.html">Cubbyhole</a>
+						</li>
 
-						<li<%= sidebar_current("docs-secrets-postgresql") %>>
-							<a href="/docs/secrets/postgresql/index.html">PostgreSQL</a>
-                        </li>
+						<li<%= sidebar_current("docs-secrets-generic") %>>
+							<a href="/docs/secrets/generic/index.html">Generic</a>
+						</li>
 
 						<li<%= sidebar_current("docs-secrets-mysql") %>>
 							<a href="/docs/secrets/mysql/index.html">MySQL</a>
 						</li>
 
-						<li<%= sidebar_current("docs-secrets-cassandra") %>>
-							<a href="/docs/secrets/cassandra/index.html">Cassandra</a>
-						</li>
+						<li<%= sidebar_current("docs-secrets-pki") %>>
+							<a href="/docs/secrets/pki/index.html">PKI (Certificates)</a>
+            </li>
+
+						<li<%= sidebar_current("docs-secrets-postgresql") %>>
+							<a href="/docs/secrets/postgresql/index.html">PostgreSQL</a>
+            </li>
 
 						<li<%= sidebar_current("docs-secrets-ssh") %>>
 							<a href="/docs/secrets/ssh/index.html">SSH</a>
@@ -133,10 +141,6 @@
 							<a href="/docs/secrets/transit/index.html">Transit</a>
 						</li>
 
-						<li<%= sidebar_current("docs-secrets-generic") %>>
-							<a href="/docs/secrets/generic/index.html">Generic</a>
-						</li>
-
 						<li<%= sidebar_current("docs-secrets-custom") %>>
 							<a href="/docs/secrets/custom.html">Custom</a>
 						</li>
@@ -146,26 +150,14 @@
 				<li<%= sidebar_current("docs-auth") %>>
 					<a href="/docs/auth/index.html">Auth Backends</a>
 					<ul class="nav">
-						<li<%= sidebar_current("docs-auth-token") %>>
-                            <a href="/docs/auth/token.html">Tokens</a>
+						<li<%= sidebar_current("docs-auth-appid") %>>
+							<a href="/docs/auth/app-id.html">App ID</a>
 						</li>
 
 						<li<%= sidebar_current("docs-auth-github") %>>
 							<a href="/docs/auth/github.html">GitHub</a>
 						</li>
 
-						<li<%= sidebar_current("docs-auth-appid") %>>
-							<a href="/docs/auth/app-id.html">App ID</a>
-						</li>
-
-						<li<%= sidebar_current("docs-auth-userpass") %>>
-							<a href="/docs/auth/userpass.html">Username &amp; Password</a>
-                        </li>
-
-						<li<%= sidebar_current("docs-auth-cert") %>>
-							<a href="/docs/auth/cert.html">TLS Certificates</a>
-                        </li>
-
 						<li<%= sidebar_current("docs-auth-ldap") %>>
 							<a href="/docs/auth/ldap.html">LDAP</a>
 						</li>
@@ -173,6 +165,18 @@
 						<li<%= sidebar_current("docs-auth-mfa") %>>
 							<a href="/docs/auth/mfa.html">MFA</a>
 						</li>
+
+						<li<%= sidebar_current("docs-auth-cert") %>>
+							<a href="/docs/auth/cert.html">TLS Certificates</a>
+            </li>
+
+						<li<%= sidebar_current("docs-auth-token") %>>
+              <a href="/docs/auth/token.html">Tokens</a>
+						</li>
+
+						<li<%= sidebar_current("docs-auth-userpass") %>>
+							<a href="/docs/auth/userpass.html">Username &amp; Password</a>
+						</li>
 					</ul>
 				</li>