* Clarify Tokens use and structure recommendation
* Update website/content/docs/concepts/tokens.mdx
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Fix sudo paths missing from OpenAPI and docs
Various sudo (a.k.a. root-protected) paths are implemented in
non-standard ways, and as a result:
* are not declared as x-vault-sudo in the OpenAPI spec
* and as a result of that, are not included in the hardcoded patterns
powering the Vault CLI `-output-policy` flag
* and in some cases are missing from the table of all sudo paths in the
docs too
Fix these problems by:
* Adding `seal` and `step-down` to the list of root paths for the system
backend. They don't need to be there for enforcement, as those two
special endpoints bypass the standard request handling code, but they
do need to be there for the OpenAPI generator to be able to know they
require sudo.
The way in which those two endpoints do things differently can be
observed in the code search results for `RootPrivsRequired`:
https://github.com/search?q=repo%3Ahashicorp%2Fvault%20RootPrivsRequired&type=code
* Fix the implementation of `auth/token/revoke-orphan` to implement
endpoint sudo requirements in the standard way. Currently, it has an
**incorrect** path declared in the special paths metadata, and then
compensates with custom code throwing an error within the request
handler function itself.
* changelog
* As discussed in PR, delete test which is just testing equality of a constant
* Restore sudo check as requested, and add comment
* Update vault/token_store.go
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
---------
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* VAULT-15546 First pass at Vault Proxy docs
* VAULT-15546 correct errors
* VAULT-15546 fully qualify paths
* VAULT-15546 remove index
* VAULT-15546 Some typos and clean up
* VAULT-15546 fix link
* VAULT-15546 Add redirects so old links stay working
* VAULT-15546 more explicit redirects
* VAULT-15546 typo fixes
* Suggestions for Vault Agent & Vault Proxy docs (#20612)
* Rename 'agentandproxy' to 'agent-and-proxy' for better URL
* Update the index pages for each section
* VAULT-15546 fix link typo
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* Add a stronger warning about the usage of recovery keys
* Update website/content/docs/concepts/seal.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Keep the mitigation text in the warning box
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
This article seems to use the terms "shares" and "shards" interchangeably to describe the parts in which the secret is split under SSS.
While both seem to be correct, sticking to one term would save a newbie reader (like myself) the confusion.
Since the Wikipedia article that's linked in this article only mentions "shares" and the CLI flags (for recovery keys) also use `-shares`, I opted for that.
Since 1.9 k8s auth method supports setting Name reported by auth method to Service Account name which is not reflected in this doc
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* add raft index to telemetry
* add definitions and defaults to both autopilot pages
* adjust messages
* Revert "add raft index to telemetry"
This reverts commit 010b091c7e.
* Update seal.mdx
The following sentence does not read easily:
"Take down the old active node, update its configuration of the old active node to use the new seal blocks (completely unaware of the old seal type) and bring it back up."
I have changed this to the sentence below, which I believe reads better.
Take down the old active node, update its configuration to use the new seal blocks (completely unaware of the old seal type) and bring it back up.
* Update website/content/docs/concepts/seal.mdx
* trigger ci
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: taoism4504 <loann@hashicorp.com>
* VAULT-6615 Update docs for 1.12 quota changes
* VAULT-6615 Add info about globbing
* VAULT-6615 some small updates for role param
* Update website/content/docs/enterprise/lease-count-quotas.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/lease-count-quotas.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
