diff --git a/website/source/docs/internals/architecture.html.md b/website/source/docs/internals/architecture.html.md index 9bedd36a5..a7099e2c5 100644 --- a/website/source/docs/internals/architecture.html.md +++ b/website/source/docs/internals/architecture.html.md @@ -58,7 +58,7 @@ clarify what is being discussed: ACL policies. * **Secret** - A secret is the term for anything returned by Vault which contains confidential - or cryptographic material. Not all everything returned by Vault is a secret, for example + or cryptographic material. Not everything returned by Vault is a secret, for example system configuration, status information, or backend policies are not considered Secrets. Secrets always have an associated lease. This means clients cannot assume that the secret contents can be used indefinitely. Vault will revoke a secret at the end of the lease, and @@ -138,7 +138,7 @@ Once authenticated, requests are made providing the client token. The token is u to verify the client is authorized and to load the relevant policies. The policies are used to authorize the client request. The request is then routed to the secret backend, which is processed depending on the type of backend. If the backend returns a secret, -the core registers it with the expiration manager and attaches the a lease ID. +the core registers it with the expiration manager and attaches a lease ID. The lease ID is used by clients to renew or revoke their secret. If a client allows the lease to expire, the expiration manager automatically revokes the secret. diff --git a/website/source/docs/internals/security.html.md b/website/source/docs/internals/security.html.md index ed4b0a281..5e146b41f 100644 --- a/website/source/docs/internals/security.html.md +++ b/website/source/docs/internals/security.html.md @@ -48,7 +48,7 @@ The following are not parts of the Vault threat model: * Protecting against arbitrary control of the storage backend. An attacker that can perform arbitrary operations against the storage backend can - undermine in any number of ways that are difficult or impossible to protect + undermine security in any number of ways that are difficult or impossible to protect against. As an example, an attacker could delete or corrupt all the contents of the storage backend causing total data loss for Vault. The ability to control reads would allow an attacker to snapshot in a well-known state and rollback state