* Update README
Let contributors know that docs will now be located in UDR
* Add comments to each mdx doc
Comment has been added to all mdx docs that are not partials
* chore: added changelog
changelog check failure
* wip: removed changelog
* Fix content errors
* Doc spacing
* Update website/content/docs/deploy/kubernetes/vso/helm.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
---------
Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* Update the page description for SEO improvement
* Update the description for SEO improvement
* Update the description
* Update website/content/docs/secrets/transform/ff3-tweak-details.mdx
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
* Fixing a typo
* Incorporate review feedback
---------
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
* Update signed-ssh-certificates.mdx
Add a pointer to the doc regarding reading back the pub key with the CLI
* Update website/content/docs/secrets/ssh/signed-ssh-certificates.mdx
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Explicitly call out SSH algorithm_signer default
Related: #11608
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use rsa-sha2-256 as the default SSH CA hash algo
As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be
accepting ssh-rsa signatures by default as these use the insecure SHA-1
algorithm.
For roles in which an explicit signature type wasn't specified, we
should change the default from SHA-1 to SHA-256 for security and
compatibility with modern OpenSSH releases.
See also: https://www.openssh.com/txt/release-8.2
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update docs mentioning new algorithm change
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix missing parenthesis, clarify new default value
* Add to side bar
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
* Update website docs regarding ssh role allowed_extensions parameter
- Add note within the upgrading to 1.9.0 about behaviour change
- Prefix the important note block within the main documentation about
signed ssh certificates that it applies pre-vault 1.9
- Update api docs for the allowed_extensions parameter within the ssh
role parameter.
* Apply suggestions from code review
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
