* Add a missing parameter
* Update website/content/docs/configuration/replication.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Fix the cross referencing link
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Allow setting of Consul ServiceMeta tags from config file
probably a bad idea, let's see how it works
scaffold tests
* kick circleci
* Add links to consul docs
Co-authored-by: Violet Hynes <a.xenasis@gmail.com>
* add changelog note
* use relative developer docs links
* address feedback
* please linter
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Document enabling config
* Fix nav data JSON after disabling over-zealous prettifier
* Address review feedback
* Add warning about reloading config during overload
* Bad metrics links
* Another bad link
* Add upgrade note about deprecation
---------
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
per customer request in support ticket #141025 I've updated the description of tls_disable_client_certs to provide clarification.
previous pr for this change was approved but needed to be resubmitted because of problems with my GH account. See #26601
* Docs- Update info on key rotation
Added a sentence about needing to seal-rewrap if you want to disable or delete old key.
* rectified the url for seal-rewrap
rectified the url for seal-rewrap
* fixed some grammar
* Update website/content/docs/configuration/seal/pkcs11.mdx
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Replace 'HCP Vault' with 'HCP Vault Dedicated'
* Replace 'HCP Vault' with 'HCP Vault Dedicated' where applicable
* Replace 'Terraform Cloud' with 'HCP Terraform'
* Minor format fixes
* Update the side-nav title to 'HCP Terraform'
* Undo changes to Terraform Cloud secrets engine
* Update documentation for namespace/mount entry size limit
* Clarify defaults
* Better wording for storage size partial that appears on different pages
* Active voice!
* No this
* Fix confusing terminology
* Add support for x_forwarded_for_client_cert_header
* add changelog entry
* add tests for a badly and properly formatted certs
* both conditions should be true
* handle case where r.TLS is nil
* prepend client_certs to PeerCertificates list
* Add support for x_forwarded_for_client_cert_header
* add changelog entry
* add tests for a badly and properly formatted certs
* both conditions should be true
* handle case where r.TLS is nil
* prepend client_certs to PeerCertificates list
* add option for decoders to handle different proxies
* Add support for x_forwarded_for_client_cert_header
* add changelog entry
* add tests for a badly and properly formatted certs
* both conditions should be true
* handle case where r.TLS is nil
* prepend client_certs to PeerCertificates list
* add option for decoders to handle different proxies
* fix tests
* fix typo
---------
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* starting on docs
* add docs for raft-wal
* some tweaks
* Apply suggestions from code review
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
* Edits for Raft WAL (#26123)
* not just one filename
* update file pattern for wal files
---------
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Add a configuration flag for enabling multiseal (Seal HA), CE side
* imports
* no quotes
* get rid of dep on ent config
* Abstract enableMultiSeal for a build time switch
* license headers
* wip
* gate physical seal gen fetch by a param
* docs tweak, remove core flag
* updates from the ent pr
* update stub
* update test fixtures for enable_multiseal
* use accessor
* add a test fixture for non-multiseal diagnose
* remove debugging crtuch
* Do handle phys seal gen info even if multiseal is off, in order to facilitate enable/disable safeties
* more enabled flag handling
* Accept seal gen info if we were previously disabled, and persist it
* update unit test
* Validation happens postUnseal, so this test is invalid
* Dont continue setting conf if seal loading fails during SIGHUP
* Update website/content/docs/configuration/seal/seal-ha.mdx
Thanks, that does sound much clearer
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* use validation if previous gen was enabled
* unit test update
* stub SetMultisealEnabled
* bring over more changes from ent
* this was an unfix
---------
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Do not refresh seal-wrapped values when there are unhealthy seals.
Modify Access.IsUpToDate() to consider entries as being up-to-date when one or
more encryption wrappers fail to encrypt the test value, since re-wrapping the
value would result in the loss of the ciphertext for the unhealthy wrappers.
In addition, make Access.IsUpToDate() return true is the key set ID has not been
populated and the caller has not forced key ID refresh.
Make Access.Encrypt() return an error for any encryption wrapper that is skipped
due to being unhealthy.
* Update Seal HA documentation.
Mention that the barrier key and the recovery keys cannot be rotated while there
are unhealthy seals.
Document environment variable VAULT_SEAL_REWRAP_SAFETY.
* Seal HA documentation updates
* anchor
* rel link
* remove beta
* try again on internal link
* still trying to get this internal redirect to work
* try without path
* docs(web repl): add initial docs about the UI REPL
* feature(repl): add link to the new docs in the REPL
* chore(repl): Web CLI or Broweser CLI -> Web REPL
* Use Hds::Link::Inline instead of DocLink
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/console/ui-panel.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/docs/commands/web.mdx
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/docs/commands/web.mdx
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Fix typos and update phrasing.
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* docs(web repl): add a refrence to the repl docs on the ui config page
* Update KV version 2 reference
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* fix linting
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* server: fix bug where deadlock detection was on for expiration and quotas
* trim spaces
* Add tests
* Use trimspace and lower
* Update test
* changelog
* fix config parsing
