* Document enabling config
* Fix nav data JSON after disabling over-zealous prettifier
* Address review feedback
* Add warning about reloading config during overload
* Bad metrics links
* Another bad link
* Add upgrade note about deprecation
---------
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
There was inconsistency in the capitalization of auto unseal in this doc. The initial heading had it right. It shouldn't be capitalized according to the documentation style guidance for feature capitalization. Also, high availability doesn't need to be capitalized.
Change warning to tag syntax so it's clear what should be part of the aside
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Added a note about seal-rewrap in the steps to perform seal migration post Vault 1.5.1
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Replace 'HCP Vault' with 'HCP Vault Dedicated'
* Replace 'HCP Vault' with 'HCP Vault Dedicated' where applicable
* Replace 'Terraform Cloud' with 'HCP Terraform'
* Minor format fixes
* Update the side-nav title to 'HCP Terraform'
* Undo changes to Terraform Cloud secrets engine
* first commit to move article from waf to vault docs
* Apply suggestions from code review
Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
* Update transform.mdx
Updated the description and moved image.
* updated resources
* passive voice fix
* passive voice fix
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Use vault auth enable instead of vault write, because I think it is more appropriate or the "new way"
Co-authored-by: Marc Boudreau <marc.boudreau@hashicorp.com>
* Do not refresh seal-wrapped values when there are unhealthy seals.
Modify Access.IsUpToDate() to consider entries as being up-to-date when one or
more encryption wrappers fail to encrypt the test value, since re-wrapping the
value would result in the loss of the ciphertext for the unhealthy wrappers.
In addition, make Access.IsUpToDate() return true is the key set ID has not been
populated and the caller has not forced key ID refresh.
Make Access.Encrypt() return an error for any encryption wrapper that is skipped
due to being unhealthy.
* Update Seal HA documentation.
Mention that the barrier key and the recovery keys cannot be rotated while there
are unhealthy seals.
Document environment variable VAULT_SEAL_REWRAP_SAFETY.
This removes the WebSockets endpoint for events
(which will be moved to the Enterprise repo) and
disables tests that rely on it unless they are
running in Enterprise.
It also updates documentation to document that
events are only available in Vault Enterprise.
The large paragraph is hard to read and it's easy to miss crucial details around when membership in an external group will be updated.
Membership isn't updated when the configuration of the external group is changed, which can be counterintuitive.
* Seal HA documentation updates
* anchor
* rel link
* remove beta
* try again on internal link
* still trying to get this internal redirect to work
* try without path
* VAULT-21427 change ui references from K/V to KV
* references in docs/
* website json data
* go command errors
* replace Key/Value with Key Value
* add changelog
* update test
* update secret list header badge
* two more test updates
* wip
* Initial draft of Seal HA docs
* nav data
* Fix env var name
* title
* Note partially wrapped values and disabled seal participation
* Update website/data/docs-nav-data.json
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* correct initial upgrade limitation
* Add note about shamir seals and migration
* fix nav json
* snapshot note
* availability note
* seal-backend-status
* Add a couple more clarifying statements
* header typo
* correct initial upgrade wording
* Update website/content/docs/configuration/seal/seal-ha.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/docs/concepts/seal.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Add `subscribe` capability to policies
... and `subscribe_event_types` to the policy body.
These are not currently enforced in the events system (as that
will require populating the full secrets path in the event).
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
