* Start import docs
* Use hideClipboard block on output
* Reorganize mappings and source docs
* Change experimental to alpha
* Change list tag to alpha
* Apply suggestions from code review
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Added `vault operator raft snapshot inspect` usage
* Update website/content/docs/commands/operator/raft.mdx
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Updating the vault leader step down documentation to include some extra info about possible failed requests during leader step down
* Add changelog.txt
* Update website/content/docs/commands/operator/step-down.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Major overhaul of `vault operator generate-root` CLI help
Resolves#15252
A major overhaul of the `vault operator generate-root` CLI help to
surface the fact that it is actually six separate commands in one,
rather than requiring users to independently deduce this mental model
themselves.
In the process of doing so, also standardize some terminology:
* Fix places which used the phrase "operational token" instead of
"operation token" to be consistent with the prevailing terminology.
* Fix places which used the phrase "recovery operation token" instead of
"recovery token" to be consistent with the prevailing terminology.
This PR currently focusses on the CLI help, but following review and
feedback, I assume I'll need to replicate many of the same changes in
website/content/docs/commands/operator/generate-root.mdx as well.
* Fix some tab characters which should have been spaces
* Update command/operator_generate_root.go
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Parallel migration (#18815)
* flagParallel sanity check
* Attempt to use ErrGroups
* Updated docs
* Allow 'start' and 'max-parallel' together
* parallel flag renamed to max-parallel
* tests for start + parallel
* Removed permit pool
* Updated docs to make it clearer that a high setting might not be honored based on storage backend setting
* System dependent max int size
* Default max-parallel 1 => 10
* Test folder/paths updated
Co-authored-by: Tomasz Pawelczak <10206601+gites@users.noreply.github.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* clarify that init recovery options are only available for auto unseal
* add some language consistency
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
* Add 'note' for surpassing dead server threshold time
* Update website/content/docs/commands/operator/raft.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* add raft index to telemetry
* add definitions and defaults to both autopilot pages
* adjust messages
* Revert "add raft index to telemetry"
This reverts commit 010b091c7e.
Added an example to explicitly show how to perform a Rekey operation when the Vault cluster is using Auto Unseal. This is placed as the second example.
The existing example code combines with the PGP keys so added a simple example without the PGP keys.
* docs for counting tokens without entities
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: swayne275 <swayne275@gmail.com>
* remove parens in docs
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* update documentation to be consistent with the non-entity token terminology
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* add line about client ids to the api docs
* syntax and grammar
Co-authored-by: swayne275 <swayne275@gmail.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* operator generate-root -decode: allow token from stdin
Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.
* add changelog entry for PR12881
* add check/test for empty decode value passed via stdin
* Add link to Learn's usage tutorial
* Update website/content/docs/commands/operator/usage.mdx
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
* Update init.mdx
Updated operator init documentation to try to avoid steering customers towards running Auto Unseal seals with recovery-shares=1 and recovery-threshold=1. This is a bad security posture, as it can allow a single user with access to that recovery share to create root tokens and do other very sensitive tasks.
Also rewrote parts of the HSM/KMS Options section to indicate that recovery-related options are not solely for HSM-mode Vault but are for ANY Auto Unseal seal.
* Update website/content/docs/commands/operator/init.mdx
Adding an appropriate number of recovery-pgp-keys
Co-authored-by: Yoko <yoko@hashicorp.com>
Co-authored-by: Yoko <yoko@hashicorp.com>
