diff --git a/website/source/docs/guides/index.html.md b/website/source/docs/guides/index.html.md
index 7ea69a86bc..552439b523 100644
--- a/website/source/docs/guides/index.html.md
+++ b/website/source/docs/guides/index.html.md
@@ -14,5 +14,9 @@ guidance to do them safely.
The following guides are available:
-* [Generate Root](/docs/guides/generate-root.html) - This guide covers how to
-generate new root tokens using unseal keys.
+* [Generate a Root Token](/docs/guides/generate-root.html) - This guide covers
+ how to generate new root tokens using unseal keys.
+
+* [Setting Up and Managing Replication](/docs/guides/replication.html) - This
+ guide covers how to set up and manage Vault Replication, a part of Vault
+ Enterprise.
diff --git a/website/source/docs/guides/replication.html.md b/website/source/docs/guides/replication.html.md
index 4fc7c51835..f2e8c7599a 100644
--- a/website/source/docs/guides/replication.html.md
+++ b/website/source/docs/guides/replication.html.md
@@ -25,7 +25,11 @@ both](https://www.vaultproject.io/docs/http/sys-replication.html).
### Activating the Primary
-To activate the primary, run `vault write -f sys/replication/primary/enable`.
+To activate the primary, run:
+
+
+ $ vault write -f sys/replication/primary/enable
+
There is currently one optional argument: `primary_cluster_addr`. This can be
used to override the cluster address that the primary advertises to the
@@ -34,18 +38,24 @@ members of a single cluster and primary/secondary clusters.
### Fetching a Secondary Token
-To fetch a secondary bootstrap token, run `vault write
-sys/replication/primary/secondary-token id=`.
+To fetch a secondary bootstrap token, run:
-The value for ID is opaque to Vault and can be any identifying value you want;
+
+ $ vault write sys/replication/primary/secondary-token id=
+
+
+The value for `id` is opaque to Vault and can be any identifying value you want;
this can be used later to revoke the secondary and will be listed when you read
replication status on the primary. You will get back a normal wrapped response,
except that the token will be a JWT instead of UUID-formatted random bytes.
### Activating a Secondary
-To activate a secondary, run `vault write sys/replication/secondary/enable
-token=`.
+To activate a secondary using the fetched token, run:
+
+
+ $ vault write sys/replication/secondary/enable token=
+
You must provide the full token value. Be very careful when running this
command, as it will destroy all data currently stored in the secondary.
diff --git a/website/source/docs/http/sys-replication-common.html.md b/website/source/docs/http/sys-replication-common.html.md
new file mode 100644
index 0000000000..673cd9f577
--- /dev/null
+++ b/website/source/docs/http/sys-replication-common.html.md
@@ -0,0 +1,118 @@
+---
+layout: "http"
+page_title: "HTTP API: /sys/replication"
+sidebar_current: "docs-http-replication-common"
+description: |-
+ The '/sys/replication' endpoint focuses on managing general operations in Vault Enterprise replication sets
+---
+
+# /sys/replication/recover
+
+## POST
+
+
+ - Description
+ -
+ Attempts recovery if replication is in an adverse state. For example: an
+ error has caused replication to stop syncing.
+
+
+ - Method
+ - POST
+
+ - URL
+ - `/sys/replication/recover`
+
+ - Parameters
+ -
+ None
+
+
+ - Returns
+ -
+ A `200` response code and a warning.
+
+
+
+
+# /sys/replication/reindex
+
+## POST
+
+
+ - Description
+ -
+ Requires ‘sudo’ capability. Reindex the local data storage. This can cause
+ a very long delay depending on the number and size of objects in the data
+ store.
+
+
+ - Method
+ - POST
+
+ - URL
+ - `/sys/replication/reindex`
+
+ - Parameters
+ -
+ None
+
+
+ - Returns
+ -
+ A `200` response code and a warning.
+
+
+
+# /sys/replication/status
+
+## GET
+
+
+ - Description
+ -
+ Unauthenticated. Print information about the status of replication (mode,
+ sync progress, etc).
+
+
+ - Method
+ - GET
+
+ - URL
+ - `/sys/replication/status`
+
+ - Parameters
+ -
+ None
+
+
+ - Returns
+ -
+ The printed status of the replication environment. As an example, for a
+ primary, it will look something like:
+
+ ```javascript
+ {
+ "mode": "primary",
+ "cluster_id": "d4095d41-3aee-8791-c421-9bc7f88f7c3e",
+ "known_secondaries": [],
+ "last_wal": 0,
+ "merkle_root": "c3260c4c682ff2d6eb3c8bfd877134b3cec022d1",
+ "request_id": "009ea98c-06cd-6dc3-74f2-c4904b22e535",
+ "lease_id": "",
+ "renewable": false,
+ "lease_duration": 0,
+ "data": {
+ "cluster_id": "d4095d41-3aee-8791-c421-9bc7f88f7c3e",
+ "known_secondaries": [],
+ "last_wal": 0,
+ "merkle_root": "c3260c4c682ff2d6eb3c8bfd877134b3cec022d1",
+ "mode": "primary"
+ },
+ "wrap_info": null,
+ "warnings": null,
+ "auth": null
+ }
+ ```
+
+
diff --git a/website/source/layouts/http.erb b/website/source/layouts/http.erb
index 1bc7213056..fcf9f459a8 100644
--- a/website/source/layouts/http.erb
+++ b/website/source/layouts/http.erb
@@ -118,7 +118,7 @@
/sys/revoke-force
-
+
>
Response Wrapping
@@ -136,9 +136,9 @@
/sys/wrapping/wrap
-
+
- >
+ >
High Availability
-
+
- >
+ >
+ Replication
+
+
+
+ >
Key Rotation
-
+
- >
+ >
Debug
-
+
-
+
>
Secret Backends