[website] Link Cleaning (#8205)

* update dependencies

* remove hard-coded vaultproject.io on local links

* remove 'index.html' from internal links

* remove '.html' at end of internal links

* manual review cleanup

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
This commit is contained in:
Jeff Escalante 2020-01-22 15:05:41 -05:00 committed by Calvin Leung Huang
parent a9aaba8adb
commit 4f87851926
314 changed files with 2249 additions and 3610 deletions

3846
website/package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault AliCloud auth method.
This is the API documentation for the Vault AliCloud auth method. For
general information about the usage and operation of the AliCloud method, please
see the [Vault AliCloud auth method documentation](/docs/auth/alicloud.html).
see the [Vault AliCloud auth method documentation](/docs/auth/alicloud).
This documentation assumes the AliCloud auth method is mounted at the `/auth/alicloud`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -12,7 +12,7 @@ Please use AppRole instead.
This is the API documentation for the Vault App ID auth method. For
general information about the usage and operation of the App ID method, please
see the [Vault App ID method documentation](/docs/auth/app-id.html).
see the [Vault App ID method documentation](/docs/auth/app-id).
This documentation assumes the App ID method is mounted at the `/auth/app-id`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault AppRole auth method.
This is the API documentation for the Vault AppRole auth method. For
general information about the usage and operation of the AppRole method, please
see the [Vault AppRole method documentation](/docs/auth/approle.html).
see the [Vault AppRole method documentation](/docs/auth/approle).
This documentation assumes the AppRole method is mounted at the `/auth/approle`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault AWS auth method.
This is the API documentation for the Vault AWS auth method. For
general information about the usage and operation of the AWS method, please
see the [Vault AWS method documentation](/docs/auth/aws.html).
see the [Vault AWS method documentation](/docs/auth/aws).
This documentation assumes the AWS method is mounted at the `/auth/aws`
path in Vault. Since it is possible to enable auth methods at any location,
@ -137,7 +137,7 @@ $ curl \
## Configure Identity Integration
This configures the way that Vault interacts with the
[Identity](/docs/secrets/identity/index.html) store. The default (as of Vault
[Identity](/docs/secrets/identity) store. The default (as of Vault
1.0.3) is `role_id` for both values.
| Method | Path |
@ -150,7 +150,7 @@ This configures the way that Vault interacts with the
using the `iam` auth method. Valid choices are `role_id`, `unique_id`, and
`full_arn` When `role_id` is selected, the randomly generated ID of the role
is used. When `unique_id` is selected, the [IAM Unique
ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers#identifiers-unique-ids)
of the IAM principal (either the user or role) is used as the identity alias
name. When `full_arn` is selected, the ARN returned by the
`sts:GetCallerIdentity` call is used as the alias name. This is either
@ -705,7 +705,7 @@ list in order to satisfy that constraint.
role inferencing is activated. This only applies to the iam auth method.
- `resolve_aws_unique_ids` `(bool: true)` - When set, resolves the
`bound_iam_principal_arn` to the
[AWS Unique ID](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
[AWS Unique ID](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers#identifiers-unique-ids)
for the bound principal ARN. This field is ignored when
`bound_iam_principal_arn` ends with a wildcard character.
This requires Vault to be able to call `iam:GetUser` or `iam:GetRole` on the

View file

@ -11,7 +11,7 @@ description: |-
This is the API documentation for the Vault Azure auth method
plugin. To learn more about the usage and operation, see the
[Vault Azure method documentation](/docs/auth/azure.html).
[Vault Azure method documentation](/docs/auth/azure).
This documentation assumes the plugin method is mounted at the
`/auth/azure` path in Vault. Since it is possible to enable auth methods

View file

@ -11,7 +11,7 @@ description: |-
This is the API documentation for the Vault TLS Certificate authentication
method. For general information about the usage and operation of the TLS
Certificate method, please see the [Vault TLS Certificate method documentation](/docs/auth/cert.html).
Certificate method, please see the [Vault TLS Certificate method documentation](/docs/auth/cert).
This documentation assumes the TLS Certificate method is mounted at the
`/auth/cert` path in Vault. Since it is possible to enable auth methods at any

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Cloud Foundry auth meth
This is the API documentation for the Vault CF auth method. For
general information about the usage and operation of the CF method, please
see the [Vault CF method documentation](/docs/auth/cf.html).
see the [Vault CF method documentation](/docs/auth/cf).
This documentation assumes the CF method is mounted at the `/auth/cf`
path in Vault. Since it is possible to enable auth methods at any location,
@ -20,7 +20,7 @@ please update your API calls accordingly.
Configure the root CA certificate to be used for verifying instance identity
certificates, and configure access to the CF API. For detailed instructions
on how to obtain these values, please see the [Vault CF method
documentation](/docs/auth/cf.html).
documentation](/docs/auth/cf).
| Method | Path |
| :----- | ----------------- |

View file

@ -11,7 +11,7 @@ description: |-
This is the API documentation for the Vault Google Cloud auth method. To learn
more about the usage and operation, see the
[Vault Google Cloud method documentation](/docs/auth/gcp.html).
[Vault Google Cloud method documentation](/docs/auth/gcp).
This documentation assumes the plugin method is mounted at the
`/auth/gcp` path in Vault. Since it is possible to enable auth methods

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault GitHub auth method.
This is the API documentation for the Vault GitHub auth method. For
general information about the usage and operation of the GitHub method, please
see the [Vault GitHub method documentation](/docs/auth/github.html).
see the [Vault GitHub method documentation](/docs/auth/github).
This documentation assumes the GitHub method is enabled at the `/auth/github`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -11,7 +11,7 @@ description: |-
This is the API documentation for the Vault JWT/OIDC auth method
plugin. To learn more about the usage and operation, see the
[Vault JWT/OIDC method documentation](/docs/auth/jwt.html).
[Vault JWT/OIDC method documentation](/docs/auth/jwt).
This documentation assumes the plugin method is mounted at the
`/auth/jwt` path in Vault. Since it is possible to enable auth methods
@ -281,7 +281,7 @@ Obtain an authorization URL from Vault to start an OIDC login flow.
- `redirect_uri` `(string: <required>)` - Path to the callback to complete the login. This will be
of the form, "https://.../oidc/callback" where the leading portion is dependent on your Vault
server location, port, and the mount of the JWT plugin. This must be configured with Vault and the
provider. See [Redirect URIs](/docs/auth/jwt.html#redirect-uris) for more information.
provider. See [Redirect URIs](/docs/auth/jwt#redirect-uris) for more information.
### Sample Payload

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Kerberos auth method pl
This is the API documentation for the Vault Kerberos auth method plugin. To
learn more about the usage and operation, see the
[Vault Kerberos auth method](/docs/auth/kerberos.html).
[Vault Kerberos auth method](/docs/auth/kerberos).
This documentation assumes the Kerberos auth method is mounted at the
`auth/kerberos` path in Vault. Since it is possible to enable auth methods at

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Kubernetes auth method
This is the API documentation for the Vault Kubernetes auth method plugin. To
learn more about the usage and operation, see the
[Vault Kubernetes auth method](/docs/auth/kubernetes.html).
[Vault Kubernetes auth method](/docs/auth/kubernetes).
This documentation assumes the Kubernetes method is mounted at the
`/auth/kubernetes` path in Vault. Since it is possible to enable auth methods at

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault LDAP auth method.
This is the API documentation for the Vault LDAP auth method. For
general information about the usage and operation of the LDAP method, please
see the [Vault LDAP method documentation](/docs/auth/ldap.html).
see the [Vault LDAP method documentation](/docs/auth/ldap).
This documentation assumes the LDAP method is mounted at the `/auth/ldap`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault OCI auth method plugin.
This is the API documentation for the Vault OCI auth method plugin. To
learn more about the usage and operation, see the
[Vault OCI auth method](/docs/auth/oci.html).
[Vault OCI auth method](/docs/auth/oci).
This documentation assumes the OCI method is mounted at the
`/auth/oci` path in Vault. Since it is possible to enable auth methods at

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Okta auth method.
This is the API documentation for the Vault Okta auth method. For
general information about the usage and operation of the Okta method, please
see the [Vault Okta method documentation](/docs/auth/okta.html).
see the [Vault Okta method documentation](/docs/auth/okta).
This documentation assumes the Okta method is mounted at the `/auth/okta`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault RADIUS auth method.
This is the API documentation for the Vault RADIUS auth method. For
general information about the usage and operation of the RADIUS method, please
see the [Vault RADIUS method documentation](/docs/auth/radius.html).
see the [Vault RADIUS method documentation](/docs/auth/radius).
This documentation assumes the RADIUS method is mounted at the `/auth/radius`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault token auth method.
This is the API documentation for the Vault token auth method. For
general information about the usage and operation of the token method, please
see the [Vault Token method documentation](/docs/auth/token.html).
see the [Vault Token method documentation](/docs/auth/token).
## List Accessors
@ -84,7 +84,7 @@ during this call.
- `lease` `(string: "")` - DEPRECATED; use `ttl` instead
- `ttl` `(string: "")` - The TTL period of the token, provided as "1h", where
hour is the largest suffix. If not provided, the token is valid for the
[default lease TTL](/docs/configuration/index.html), or indefinitely if the
[default lease TTL](/docs/configuration), or indefinitely if the
root policy is used.
- `type` `(string: "")` - The token type. Can be "batch" or "service". Defaults
to the type specified by the role configuration named by `role_name`.

View file

@ -11,7 +11,7 @@ description: |-
This is the API documentation for the Vault Username & Password auth method. For
general information about the usage and operation of the Username and Password method, please
see the [Vault Userpass method documentation](/docs/auth/userpass.html).
see the [Vault Userpass method documentation](/docs/auth/userpass).
This documentation assumes the Username & Password method is mounted at the `/auth/userpass`
path in Vault. Since it is possible to enable auth methods at any location,

View file

@ -37,7 +37,7 @@ either the `X-Vault-Token` HTTP Header or as `Authorization` HTTP Header using
the `Bearer <token>` scheme.
Otherwise, a client token can be retrieved via [authentication
backends](/docs/auth/index.html).
backends](/docs/auth).
Each auth method has one or more unauthenticated login endpoints. These
endpoints can be reached without any authentication, and are used for
@ -50,7 +50,7 @@ client or passed via the `X-Vault-Token` or `Authorization` header for future re
## Namespaces
If using the [Namespaces](/docs/enterprise/namespaces/index.html) feature, API
If using the [Namespaces](/docs/enterprise/namespaces) feature, API
operations are relative to the namespace value passed in via the
`X-Vault-Namespace` header. For instance, if the request path is to
`secret/foo`, and the header is set to `ns1/ns2/`, the final request path Vault
@ -186,7 +186,7 @@ To retrieve the help for any API within Vault, including mounted backends, auth
methods, etc. then append `?help=1` to any URL. If you have valid permission to
access the path, then the help text will be return a markdown-formatted block in the `help` attribute of the response.
Additionally, with the [OpenAPI generation](/api/system/internal-specs-openapi.html) in Vault, you will get back a small
Additionally, with the [OpenAPI generation](/api/system/internal-specs-openapi) in Vault, you will get back a small
OpenAPI document in the `openapi` attribute. This document is relevant for the path you're looking up and any paths under it - also note paths in the OpenAPI document are relative to the initial path queried.
Example request:
@ -289,4 +289,4 @@ A maximum request size of 32MB is imposed to prevent a denial of service attack
with arbitrarily large requests; this can be tuned per `listener` block in
Vault's server configuration file.
[agent]: /docs/agent/index.html#listener-stanza
[agent]: /docs/agent#listener-stanza

View file

@ -34,4 +34,4 @@ The following list of tools is maintained by the community of Vault users; Hashi
- [Vault-CRD](https://vault.koudingspawn.de/) - Synchronize secrets stored in HashiCorp Vault to Kubernetes Secrets for better GitOps without secrets stored in git manifest files.
- [nc-vault-env](https://github.com/namecheap/nc-vault-env) - JS CLI tool that fetches secrets in parallel, puts them into the environment and then `exec`s the process that needs them. Supports auth token renewal, multiple auth backends, verbose logging and dummy mode.
Want to add your own project, or one that you use? Additions are welcome via [pull requests](https://github.com/hashicorp/vault/blob/master/website/source/api/relatedtools.html.md).
Want to add your own project, or one that you use? Additions are welcome via [pull requests](https://github.com/hashicorp/vault/blob/master/website/pages/api-docs/relatedtools.mdx).

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Active Directory secret
This is the API documentation for the Vault AD secrets engine. For general
information about the usage and operation of the AD secrets engine, please see
the [Vault Active Directory documentation](/docs/secrets/ad/index.html).
the [Vault Active Directory documentation](/docs/secrets/ad).
This documentation assumes the AD secrets engine is enabled at the `/ad` path
in Vault. Since it is possible to enable secrets engines at any location, please

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault AliCloud secrets engine
This is the API documentation for the Vault AliCloud secrets engine. For general
information about the usage and operation of the AliCloud secrets engine, please see
the [Vault AliCloud documentation](/docs/secrets/alicloud/index.html).
the [Vault AliCloud documentation](/docs/secrets/alicloud).
This documentation assumes the AliCloud secrets engine is enabled at the `/alicloud` path
in Vault. Since it is possible to enable secrets engines at any location, please
@ -29,7 +29,7 @@ To use instance metadata, leave the static credential configuration unset.
At present, this endpoint does not confirm that the provided AliCloud credentials are
valid AliCloud credentials with proper permissions.
Please see the [Vault AliCloud documentation](/docs/secrets/alicloud/index.html) for
Please see the [Vault AliCloud documentation](/docs/secrets/alicloud) for
the policies that should be attached to the access key you provide.
| Method | Path |
@ -78,7 +78,7 @@ The `role` endpoint configures how Vault will generate credentials for users of
- `name` (string, required) Specifies the name of the role to generate credentials against. This is part of the request URL.
- `remote_policies` (string, optional) - The names and types of a pre-existing policies to be applied to the generate access token. Example: "name:AliyunOSSReadOnlyAccess,type:System".
- `inline_policies` (string, optional) - The policy document JSON to be generated and attached to the access token.
- `role_arn` (string, optional) - The ARN of a role that will be assumed to obtain STS credentials. See [Vault AliCloud documentation](/docs/secrets/alicloud/index.html) regarding trusted actors.
- `role_arn` (string, optional) - The ARN of a role that will be assumed to obtain STS credentials. See [Vault AliCloud documentation](/docs/secrets/alicloud) regarding trusted actors.
- `ttl` (int, optional) - The duration in seconds after which the issued token should expire. Defaults to 0, in which case the value will fallback to the system/mount defaults.
- `max_ttl` (int, optional) - The maximum allowed lifetime of tokens issued using this role.

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault AWS secrets engine.
This is the API documentation for the Vault AWS secrets engine. For general
information about the usage and operation of the AWS secrets engine, please see
the [Vault AWS documentation](/docs/secrets/aws/index.html).
the [Vault AWS documentation](/docs/secrets/aws).
This documentation assumes the AWS secrets engine is enabled at the `/aws` path
in Vault. Since it is possible to enable secrets engines at any location, please

View file

@ -223,8 +223,8 @@ $ curl \
## Revoking/Renewing Secrets
See docs on how to [renew](/api/system/leases.html#renew-lease) and [revoke](/api/system/leases.html#revoke-lease) leases.
See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api/system/leases#revoke-lease) leases.
[docs]: /docs/secrets/azure/index.html
[roles]: /docs/secrets/azure/index.html#roles
[groups]: /docs/secrets/azure/index.html#azure-groups
[docs]: /docs/secrets/azure
[roles]: /docs/secrets/azure#roles
[groups]: /docs/secrets/azure#azure-groups

View file

@ -10,12 +10,12 @@ description: This is the API documentation for the Vault Cassandra secrets engin
~> **Deprecation Note:** This backend is deprecated in favor of the
combined databases backend added in v0.7.1. See the API documentation for
the new implementation of this backend at
[Cassandra database plugin HTTP API](/api/secret/databases/cassandra.html).
[Cassandra database plugin HTTP API](/api/secret/databases/cassandra).
This is the API documentation for the Vault Cassandra secrets engine. For
general information about the usage and operation of the Cassandra backend,
please see the
[Vault Cassandra backend documentation](/docs/secrets/cassandra/index.html).
[Vault Cassandra backend documentation](/docs/secrets/cassandra).
This documentation assumes the Cassandra backend is mounted at the `/cassandra`
path in Vault. Since it is possible to enable secrets engines at any location,
@ -55,7 +55,7 @@ Cassandra.
private key; a certificate, private key, and issuing CA certificate; or just a
CA certificate. For convenience format is the same as the output of the
`issue` command from the `pki` backend; see
[the pki documentation](/docs/secrets/pki/index.html).
[the pki documentation](/docs/secrets/pki).
- `protocol_version` `(int: 2)`  Specifies the CQL protocol version to use.

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Consul secrets engine.
This is the API documentation for the Vault Consul secrets engine. For general
information about the usage and operation of the Consul secrets engine, please
see the [Vault Consul documentation](/docs/secrets/consul/index.html).
see the [Vault Consul documentation](/docs/secrets/consul).
This documentation assumes the Consul secrets engine is enabled at the `/consul`
path in Vault. Since it is possible to enable secrets engines at any location,
@ -75,7 +75,7 @@ updated attributes.
- `policy` `(string: <policy or policies>)` Specifies the base64 encoded ACL policy. The
ACL format can be found in the [Consul ACL
documentation](https://www.consul.io/docs/internals/acl.html). This is
documentation](https://www.consul.io/docs/internals/acl). This is
required unless the `token_type` is `management`.
- `policies` `(list: <policy or policies>)` The list of policies to assign to the generated

View file

@ -10,7 +10,7 @@ description: This is the API documentation for the Vault Cubbyhole secrets engin
This is the API documentation for the Vault Cubbyhole secrets engine. For
general information about the usage and operation of the Cubbyhole secrets
engine, please see the
[Vault Cubbyhole documentation](/docs/secrets/cubbyhole/index.html).
[Vault Cubbyhole documentation](/docs/secrets/cubbyhole).
This documentation assumes the Cubbyhole secrets engine is enabled at the
`/cubbyhole` path in Vault. Since it is possible to enable secrets engines at

View file

@ -16,7 +16,7 @@ configured roles for the Cassandra database.
## Configure Connection
In addition to the parameters defined by the [Database
Secrets Engine](/api/secret/databases/index.html#configure-connection), this plugin
Secrets Engine](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -51,7 +51,7 @@ has a number of parameters to further configure a connection.
private key; a certificate, private key, and issuing CA certificate; or just a
CA certificate. For convenience format is the same as the output of the
`issue` command from the `pki` secrets engine; see
[the pki documentation](/docs/secrets/pki/index.html).
[the pki documentation](/docs/secrets/pki).
- `skip_verification` `(bool: false)` - Skip permissions checks when a connection to Cassandra
is first created. These checks ensure that Vault is able to create roles, but can be resource
@ -121,7 +121,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for Elasticsearch.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -65,7 +65,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the HANA database.
## Configure Connection
In addition to the parameters defined by the [database
secrets engine](/api/secret/databases/index.html#configure-connection), this plugin
secrets engine](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path | Produces |
@ -74,7 +74,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -10,7 +10,7 @@ description: Top page for database secrets engine information
This is the API documentation for the Vault Database secrets engine. For
general information about the usage and operation of the database secrets engine,
please see the
[Vault database secrets engine documentation](/docs/secrets/databases/index.html).
[Vault database secrets engine documentation](/docs/secrets/databases).
This documentation assumes the database secrets engine is enabled at the
`/database` path in Vault. Since it is possible to enable secrets engines at any
@ -228,7 +228,7 @@ This endpoint creates or updates a role definition.
- `max_ttl` `(string/int: 0)` - Specifies the maximum TTL for the leases
associated with this role. Accepts time suffixed strings ("1h") or an integer
number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](https://www.vaultproject.io/docs/concepts/tokens.html#the-general-case).
number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).
- `creation_statements` `(list: <required>)` Specifies the database
statements executed to create and configure a user. See the plugin's API page

View file

@ -16,7 +16,7 @@ configured roles for the Influxdb database.
## Configure Connection
In addition to the parameters defined by the [Database
Secrets Engine](/api/secret/databases/index.html#configure-connection), this plugin
Secrets Engine](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -51,7 +51,7 @@ has a number of parameters to further configure a connection.
private key; a certificate, private key, and issuing CA certificate; or just a
CA certificate. For convenience format is the same as the output of the
`issue` command from the `pki` secrets engine; see
[the pki documentation](/docs/secrets/pki/index.html).
[the pki documentation](/docs/secrets/pki).
- `connect_timeout` `(string: "5s")` Specifies the connection timeout to use.
@ -103,7 +103,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the MongoDB database.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -65,7 +65,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the MSSQL database.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -74,7 +74,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the MySQL database.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -74,7 +74,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the Oracle database.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -71,7 +71,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -16,7 +16,7 @@ configured roles for the PostgreSQL database.
## Configure Connection
In addition to the parameters defined by the [Database
Backend](/api/secret/databases/index.html#configure-connection), this plugin
Backend](/api/secret/databases#configure-connection), this plugin
has a number of parameters to further configure a connection.
| Method | Path |
@ -74,7 +74,7 @@ $ curl \
Statements are configured during role creation and are used by the plugin to
determine what is sent to the database on user creation, renewing, and
revocation. For more information on configuring roles see the [Role
API](/api/secret/databases/index.html#create-role) in the database secrets engine docs.
API](/api/secret/databases#create-role) in the database secrets engine docs.
### Parameters

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Google Cloud secrets en
This is the API documentation for the Vault Google Cloud Platform (GCP)
secrets engine. For general information about the usage and operation of
the GCP secrets engine, please see [these docs](/docs/secrets/gcp/index.html).
the GCP secrets engine, please see [these docs](/docs/secrets/gcp).
This documentation assumes the GCP secrets engine is enabled at the `/gcp` path
in Vault. Since it is possible to mount secrets engines at any path, please
@ -26,9 +26,9 @@ This endpoint configures shared information for the secrets engine.
### Parameters
- `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
See docs for [alternative ways](/docs/secrets/gcp/index.html#passing-credentials-to-vault)
See docs for [alternative ways](/docs/secrets/gcp#passing-credentials-to-vault)
to pass in to this parameter, as well as the
[required permissions](/docs/secrets/gcp/index.html#required-permissions).
[required permissions](/docs/secrets/gcp#required-permissions).
- `ttl` (`int: 0 || string:"0s"`) Specifies default config TTL for long-lived credentials
(i.e. service account keys). Accepts integer number of seconds or Go duration format string.
@ -90,7 +90,7 @@ $ curl \
| :----- | :------------------- |
| `POST` | `/gcp/roleset/:name` |
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp/index.html#rolesets) for the GCP secrets backend
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#rolesets) for the GCP secrets backend
to learn more about what happens when you create or update a roleset.
**If you update a roleset's bindings, this will effectively revoke any secrets
@ -120,7 +120,7 @@ generated under this roleset.**
#### Sample Bindings:
See [bindings format docs](/docs/secrets/gcp/index.html#roleset-bindings) for more information.
See [bindings format docs](/docs/secrets/gcp#roleset-bindings) for more information.
```hcl
resource "//cloudresourcemanager.googleapis.com/projects/mygcpproject" {
@ -380,5 +380,5 @@ $ curl \
## Revoking/Renewing Secrets
See docs on how to [renew](/api/system/leases.html#renew-lease) and [revoke](/api/system/leases.html#revoke-lease) leases.
See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api/system/leases#revoke-lease) leases.
Note this only applies to service account keys.

View file

@ -10,7 +10,7 @@ description: This is the API documentation for the Vault Google Cloud KMS secret
This is the API documentation for the Vault Google Cloud KMS secrets engine. For
general information about the usage and operation of the Google Cloud KMS
secrets engine, please see the
[Google Cloud KMS documentation](/docs/secrets/gcpkms/index.html).
[Google Cloud KMS documentation](/docs/secrets/gcpkms).
This documentation assumes the Google Cloud KMS secrets engine is enabled at the
`/gcpkms` path in Vault. Since it is possible to enable secrets engines at any

View file

@ -9,13 +9,13 @@ description: This is the API documentation for the Vault Identity secrets engine
This is the API documentation for the Vault Identity secrets engine. For general
information about the usage and operation of the Identity secrets engine, please
see the [Vault Identity documentation](/docs/secrets/identity/index.html).
see the [Vault Identity documentation](/docs/secrets/identity).
## API Sections
- [Entity](entity.html)
- [Entity Alias](entity-alias.html)
- [Group](group.html)
- [Group Alias](group-alias.html)
- [Identity Tokens](tokens.html)
- [Lookup](lookup.html)
- [Entity](entity)
- [Entity Alias](entity-alias)
- [Group](group)
- [Group Alias](group-alias)
- [Identity Tokens](tokens)
- [Lookup](lookup)

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault KMIP secrets engine.
This is the API documentation for the Vault KMIP secrets engine. For general
information about the usage and operation of
the KMIP secrets engine, please see [these docs](/docs/secrets/kmip/index.html).
the KMIP secrets engine, please see [these docs](/docs/secrets/kmip).
This documentation assumes the KMIP secrets engine is enabled at the `/kmip` path
in Vault. Since it is possible to mount secrets engines at any path, please

View file

@ -9,8 +9,8 @@ description: This is the API documentation for the Vault KV secrets engine.
This backend can be run in one of two versions. Each of which have a distinct API.
Choose the version below you are running. For more information on the KV secrets
engine see the [Vault kv documentation](/docs/secrets/kv/index.html).
engine see the [Vault kv documentation](/docs/secrets/kv).
- [KV Version 1 API](/api/secret/kv/kv-v1.html)
- [KV Version 1 API](/api/secret/kv/kv-v1)
- [KV Version 2 API](/api/secret/kv/kv-v2.html)
- [KV Version 2 API](/api/secret/kv/kv-v2)

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault KV secrets engine.
This is the API documentation for the Vault KV secrets engine. For general
information about the usage and operation of the kv secrets engine, please
see the [Vault kv documentation](/docs/secrets/kv/index.html).
see the [Vault kv documentation](/docs/secrets/kv).
This documentation assumes the kv secrets engine is enabled at the
`/secret` path in Vault. Since it is possible to enable secrets engines at any
@ -54,7 +54,7 @@ $ curl \
_Note_: the `lease_duration` field, which will be populated if a "ttl" field
was included in the data, is advisory. No lease is created. This is a way for
writers to indicate how often a given value should be re-read by the client.
See the [Vault KV secrets engine documentation](/docs/secrets/kv/index.html)
See the [Vault KV secrets engine documentation](/docs/secrets/kv)
for more details.
## List Secrets
@ -122,7 +122,7 @@ policy granting the `update` capability.
be held at the given location. Multiple key/value pairs can be specified, and
all will be returned on a read operation. A key called `ttl` will trigger
some special behavior. See the [Vault KV secrets engine
documentation](/docs/secrets/kv/index.html) for details.
documentation](/docs/secrets/kv) for details.
### Sample Payload

View file

@ -10,7 +10,7 @@ description: This is the API documentation for the Vault KV secrets engine.
This is the API documentation for the Vault KV secrets engine while running in
versioned mode. For general information about the usage and operation of the kv
secrets engine, please see the [Vault kv
documentation](/docs/secrets/kv/index.html).
documentation](/docs/secrets/kv).
This documentation assumes the kv secrets engine is enabled at the
`/secret` path in Vault and that versioning has been enabled. Since it is

View file

@ -10,12 +10,12 @@ description: This is the API documentation for the Vault MongoDB secrets engine.
~> **Deprecation Note:** This secrets engine is deprecated in favor of the
combined databases secrets engine added in v0.7.1. See the API documentation for
the new implementation of this secrets engine at
[MongoDB database plugin HTTP API](/api/secret/databases/mongodb.html).
[MongoDB database plugin HTTP API](/api/secret/databases/mongodb).
This is the API documentation for the Vault MongoDB secrets engine. For general
information about the usage and operation of the MongoDB secrets engine, please
see the
[Vault MongoDB secrets engine documentation](/docs/secrets/mongodb/index.html).
[Vault MongoDB secrets engine documentation](/docs/secrets/mongodb).
This documentation assumes the MongoDB secrets engine is enabled at the
`/mongodb` path in Vault. Since it is possible to enable secrets engines at any

View file

@ -10,11 +10,11 @@ description: This is the API documentation for the Vault MSSQL secrets engine.
~> **Deprecation Note:** This secrets engine is deprecated in favor of the
combined databases secrets engine added in v0.7.1. See the API documentation for
the new implementation of this secrets engine at
[MSSQL database plugin HTTP API](/api/secret/databases/mssql.html).
[MSSQL database plugin HTTP API](/api/secret/databases/mssql).
This is the API documentation for the Vault MSSQL secrets engine. For general
information about the usage and operation of the MSSQL secrets engine, please
see the [Vault MSSQL documentation](/docs/secrets/mssql/index.html).
see the [Vault MSSQL documentation](/docs/secrets/mssql).
This documentation assumes the MSSQL secrets engine is enabled at the `/mssql`
path in Vault. Since it is possible to enable secrets engines at any location,

View file

@ -10,11 +10,11 @@ description: This is the API documentation for the Vault MySQL secrets engine.
~> **Deprecation Note:** This secrets engine is deprecated in favor of the
combined databases secrets engine added in v0.7.1. See the API documentation for
the new implementation of this secrets engine at
[MySQL/MariaDB database plugin HTTP API](/api/secret/databases/mysql-maria.html).
[MySQL/MariaDB database plugin HTTP API](/api/secret/databases/mysql-maria).
This is the API documentation for the Vault MySQL secrets engine. For general
information about the usage and operation of the MySQL secrets engine, please
see the [Vault MySQL documentation](/docs/secrets/mysql/index.html).
see the [Vault MySQL documentation](/docs/secrets/mysql).
This documentation assumes the MySQL secrets engine is enabled at the `/mysql`
path in Vault. Since it is possible to enable secrets engines at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Nomad secret backend.
This is the API documentation for the Vault Nomad secret backend. For general
information about the usage and operation of the Nomad backend, please see the
[Vault Nomad backend documentation](/docs/secrets/nomad/index.html).
[Vault Nomad backend documentation](/docs/secrets/nomad).
This documentation assumes the Nomad backend is mounted at the `/nomad` path
in Vault. Since it is possible to mount secret backends at any location, please
@ -182,7 +182,7 @@ updated attributes.
- `policies` `(string: "")` Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad.
- `global` `(bool: "false")` Specifies if the token should be global, as defined in the [Nomad Documentation](https://www.nomadproject.io/guides/acl.html#acl-tokens).
- `global` `(bool: "false")` Specifies if the token should be global, as defined in the [Nomad Documentation](https://www.nomadproject.io/guides/acl#acl-tokens).
- `type` `(string: "client")` - Specifies the type of token to create when
using this role. Valid values are `"client"` or `"management"`.

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault PKI secrets engine.
This is the API documentation for the Vault PKI secrets engine. For general
information about the usage and operation of the PKI secrets engine, please see
the [PKI documentation](/docs/secrets/pki/index.html).
the [PKI documentation](/docs/secrets/pki).
This documentation assumes the PKI secrets engine is enabled at the `/pki` path
in Vault. Since it is possible to enable secrets engines at any location, please
@ -545,7 +545,7 @@ $ curl \
This endpoint allows submitting the signed CA certificate corresponding to a
private key generated via `/pki/intermediate/generate`. The certificate should
be submitted in PEM format; see the documentation for
[/pki/config/ca](/api/secret/pki/index.html#submit-ca-information) for some
[/pki/config/ca](/api/secret/pki#submit-ca-information) for some
hints on submitting.
| Method | Path |

View file

@ -10,12 +10,12 @@ description: This is the API documentation for the Vault PostgreSQL secrets engi
~> **Deprecation Note:** This secrets engine is deprecated in favor of the
combined databases secrets engine added in v0.7.1. See the API documentation for
the new implementation of this secrets engine at
[PostgreSQL database plugin HTTP API](/api/secret/databases/postgresql.html).
[PostgreSQL database plugin HTTP API](/api/secret/databases/postgresql).
This is the API documentation for the Vault PostgreSQL secrets engine. For
general information about the usage and operation of the PostgreSQL secrets
engine, please see the [PostgreSQL
documentation](/docs/secrets/postgresql/index.html).
documentation](/docs/secrets/postgresql).
This documentation assumes the PostgreSQL secrets engine is enabled at the
`/postgresql` path in Vault. Since it is possible to enable secrets engines at

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault RabbitMQ secrets engine
This is the API documentation for the Vault RabbitMQ secrets engine. For general
information about the usage and operation of the RabbitMQ secrets engine, please
see the [RabbitMQ documentation](/docs/secrets/rabbitmq/index.html).
see the [RabbitMQ documentation](/docs/secrets/rabbitmq).
This documentation assumes the RabbitMQ secrets engine is enabled at the
`/rabbitmq` path in Vault. Since it is possible to enable secrets engines at any

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault SSH secrets engine.
This is the API documentation for the Vault SSH secrets engine. For general
information about the usage and operation of the SSH secrets engine, please see
the [SSH documentation](/docs/secrets/ssh/index.html).
the [SSH documentation](/docs/secrets/ssh).
This documentation assumes the SSH secrets engine is enabled at the `/ssh` path
in Vault. Since it is possible to enable secrets engines at any location, please

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault TOTP secrets engine.
This is the API documentation for the Vault TOTP secrets engine. For general
information about the usage and operation of the TOTP secrets engine, please see
the [TOTP documentation](/docs/secrets/totp/index.html).
the [TOTP documentation](/docs/secrets/totp).
This documentation assumes the TOTP secrets engine is enabled at the `/totp`
path in Vault. Since it is possible to enable secrets engines at any location,

View file

@ -9,7 +9,7 @@ description: This is the API documentation for the Vault Transit secrets engine.
This is the API documentation for the Vault Transit secrets engine. For general
information about the usage and operation of the Transit secrets engine, please
see the [transit documentation](/docs/secrets/transit/index.html).
see the [transit documentation](/docs/secrets/transit).
This documentation assumes the transit secrets engine is enabled at the
`/transit` path in Vault. Since it is possible to enable secrets engines at any
@ -401,10 +401,7 @@ Use the base64-encoded plaintext in the payload:
}
```
!> Vault HTTP API imposes a maximum request size of 32MB to prevent a denial
of service attack. This can be tuned per [`listener`
block](/docs/configuration/listener/tcp.html) in the Vault server
configuration.
!> Vault HTTP API imposes a maximum request size of 32MB to prevent a denial of service attack. This can be tuned per [`listener` block](/docs/configuration/listener/tcp) in the Vault server configuration.
### Sample Request
@ -1328,4 +1325,4 @@ $ curl \
},
```
[sys-plugin-reload-backend]: /api/system/plugins-reload-backend.html#reload-plugins
[sys-plugin-reload-backend]: /api/system/plugins-reload-backend#reload-plugins

View file

@ -16,7 +16,7 @@ The set of included paths is based on the permissions of the request token.
The response may include Vault-specific [extensions](https://github.com/oai/openapi-specification/blob/master/versions/3.0.2.md#specification-extensions). Three are currently defined:
- `x-vault-sudo` - Endpoint requires [sudo](https://www.vaultproject.io/docs/concepts/policies.html#sudo) privileges.
- `x-vault-sudo` - Endpoint requires [sudo](/docs/concepts/policies#sudo) privileges.
- `x-vault-unauthenticated` - Endpoint is unauthenticated.
- `x-vault-create-supported` - Endpoint allows creation of new items, in addition to updating existing items.

View file

@ -13,10 +13,10 @@ description: >-
## Supported MFA types.
- [TOTP](/api/system/mfa/totp.html)
- [TOTP](/api/system/mfa/totp)
- [Okta](/api/system/mfa/okta.html)
- [Okta](/api/system/mfa/okta)
- [Duo](/api/system/mfa/duo.html)
- [Duo](/api/system/mfa/duo)
- [PingID](/api/system/mfa/pingid.html)
- [PingID](/api/system/mfa/pingid)

View file

@ -10,7 +10,7 @@ description: The `/sys/raw` endpoint is used to access the raw underlying store
The `/sys/raw` endpoint is used to access the raw underlying store in Vault.
This endpoint is off by default. See the
[Vault configuration documentation](/docs/configuration/index.html) to
[Vault configuration documentation](/docs/configuration) to
enable.
## Read Raw

View file

@ -7,4 +7,4 @@ description: |-
The '/sys/storage' endpoints are used to manage Vault's storage backends.
---
This API sub-section is currently only used to manage [Raft](raft.html) storage backend.
This API sub-section is currently only used to manage [Raft](raft) storage backend.

View file

@ -33,7 +33,7 @@ configured Sinks, subject to their configuration.
Sinks support some advanced features, including the ability for the written
values to be encrypted or
[response-wrapped](/docs/concepts/response-wrapping.html).
[response-wrapped](/docs/concepts/response-wrapping).
Both mechanisms can be used concurrently; in this case, the value will be
response-wrapped, then encrypted.

View file

@ -8,7 +8,7 @@ description: AliCloud Method for Vault Agent Auto-Auth
# Vault Agent Auto-Auth AliCloud Method
The `alicloud` method performs authentication against the [AliCloud Auth
method](https://www.vaultproject.io/docs/auth/alicloud.html).
method](/docs/auth/alicloud).
## Credentials

View file

@ -9,7 +9,7 @@ description: AppRole Method for Vault Agent Auto-Auth
The `approle` method reads in a role ID and a secret ID from files and sends
the values to the [AppRole Auth
method](https://www.vaultproject.io/docs/auth/approle.html).
method](/docs/auth/approle).
The method caches values and it is safe to delete the role ID/secret ID files
after they have been read. In fact, by default, after reading the secret ID,
@ -32,7 +32,7 @@ cached.
- `secret_id_response_wrapping_path` `(string: optional)` - If set, the value
at `secret_id_file_path` will be expected to be a [Response-Wrapping
Token](https://www.vaultproject.io/docs/concepts/response-wrapping.html)
Token](/docs/concepts/response-wrapping)
containing the output of the secret ID retrieval endpoint for the role (e.g.
`auth/approle/role/webservers/secret-id`) and the creation path for the
response-wrapping token must match the value set here.

View file

@ -8,7 +8,7 @@ description: AWS Method for Vault Agent Auto-Auth
# Vault Agent Auto-Auth AWS Method
The `aws` method performs authentication against the [AWS Auth
method](https://www.vaultproject.io/docs/auth/aws.html). Both `ec2` and `iam`
method](/docs/auth/aws). Both `ec2` and `iam`
authentication types are supported. If `ec2` is used, the agent will store the
reauthentication value in memory and use it for reauthenticating, but will not
persist it to disk.
@ -49,13 +49,13 @@ parameters unset in your configuration.
- `region` `(string: "us-east-1")` - The region to use for signing the authentication request. The
region Agent uses should match that corresponding to
[`sts_endpoint`](https://www.vaultproject.io/api/auth/aws/index.html#sts_endpoint),
[`sts_endpoint`](/api/auth/aws#sts_endpoint),
if a custom endpoint has been configured on the Vault server.
- `session_token` `(string: optional)` - The session token to use for authentication, if needed.
- `header_value` `(string: optional)` - If configured in Vault, the value to use for
[`iam_server_id_header_value`](https://www.vaultproject.io/api/auth/aws/index.html#iam_server_id_header_value).
[`iam_server_id_header_value`](/api/auth/aws#iam_server_id_header_value).
## Learn

View file

@ -9,7 +9,7 @@ description: Azure Method for Vault Agent Auto-Auth
The `azure` method reads in Azure instance credentials and uses them to
authenticate with the [Azure Auth
method](https://www.vaultproject.io/docs/auth/azure.html). It reads most
method](/docs/auth/azure). It reads most
parameters needed for authentication directly from instance information based
on the value of the `resource` parameter.

View file

@ -11,10 +11,10 @@ The `cert` method uses the configured TLS certificates from the `vault` stanza o
the agent configuration and takes an optional `name` parameter. There is no option
to use certificates which differ from those used in the `vault` stanza.
See TLS settings in the [`vault` Stanza](https://vaultproject.io/docs/agent/index.html#vault-stanza)
See TLS settings in the [`vault` Stanza](/docs/agent#vault-stanza)
## Configuration
- `name` `(string: optional)` - The trusted certificate role which should be used
when authenticating with TLS. If a `name` is not specified, the auth method will
try to authenticate against [all trusted certificates](https://www.vaultproject.io/docs/auth/cert.html#authentication).
try to authenticate against [all trusted certificates](/docs/auth/cert#authentication).

View file

@ -8,7 +8,7 @@ description: CF Method for Vault Agent Auto-Auth
# Vault Agent Auto-Auth CF Method
The `cf` method performs authentication against the [CF Auth
method](https://www.vaultproject.io/docs/auth/cf.html).
method](/docs/auth/cf).
## Credentials

View file

@ -8,7 +8,7 @@ description: GCP Method for Vault Agent Auto-Auth
# Vault Agent Auto-Auth GCP Method
The `gcp` method performs authentication against the [GCP Auth
method](https://www.vaultproject.io/docs/auth/gcp.html). Both `gce` and `iam`
method](/docs/auth/gcp). Both `gce` and `iam`
authentication types are supported.
## Credentials

View file

@ -8,7 +8,7 @@ description: JWT Method for Vault Agent Auto-Auth
# Vault Agent Auto-Auth JWT Method
The `jwt` method reads in a JWT from a file and sends it to the [JWT Auth
method](https://www.vaultproject.io/docs/auth/jwt.html). Since JWTs often have
method](/docs/auth/jwt). Since JWTs often have
limited lifetime, it constantly watches for a new JWT to be written, and when
found it will immediately ingress this value, delete the file, and use the new
JWT to perform a reauthentication.

View file

@ -10,7 +10,7 @@ description: Kubernetes Method for Vault Agent Auto-Auth
The `kubernetes` method reads in a Kubernetes service account token from the
running pod (via `/var/run/secrets/kubernetes.io/serviceaccount/token`) and
sends it to the [Kubernetes Auth
method](https://www.vaultproject.io/docs/auth/kubernetes.html).
method](/docs/auth/kubernetes).
## Configuration

View file

@ -40,7 +40,7 @@ specific scenarios.
## Using Auto-Auth Token
Vault Agent allows for easy authentication to Vault in a wide variety of
environments using [Auto-Auth](/docs/agent/autoauth/index.html). By setting the
environments using [Auto-Auth](/docs/agent/autoauth). By setting the
`use_auto_auth_token` (see below) configuration, clients will not be required
to provide a Vault token to the requests made to the agent. When this
configuration is set, if the request doesn't already bear a token, then the

View file

@ -172,9 +172,9 @@ template {
}
```
[vault]: /docs/agent/index.html#vault-stanza
[autoauth]: /docs/agent/autoauth/index.html
[caching]: /docs/agent/caching/index.html
[template]: /docs/agent/template/index.html
[listener]: /docs/agent/index.html#listener-stanza
[listener_main]: /docs/configuration/listener/tcp.html
[vault]: /docs/agent#vault-stanza
[autoauth]: /docs/agent/autoauth
[caching]: /docs/agent/caching
[template]: /docs/agent/template
[listener]: /docs/agent#listener-stanza
[listener_main]: /docs/configuration/listener/tcp

View file

@ -80,4 +80,4 @@ block.
## API
Audit devices also have a full HTTP API. Please see the [Audit device API
docs](/api/system/audit.html) for more details.
docs](/api/system/audit) for more details.

View file

@ -109,5 +109,5 @@ can be found found in the
## API
The AliCloud auth method has a full HTTP API. Please see the
[AliCloud Auth API](/api/auth/alicloud/index.html) for more
[AliCloud Auth API](/api/auth/alicloud) for more
details.

View file

@ -8,7 +8,7 @@ description: The AppID auth method is a mechanism for machines to authenticate w
# AppID Auth Method
~> **DEPRECATED!** As of Vault 0.6.1, AppID is deprecated in favor of
[AppRole](/docs/auth/approle.html). AppRole can accommodate the same workflow as
[AppRole](/docs/auth/approle). AppRole can accommodate the same workflow as
AppID while enabling much more secure and flexible management and other types
of authentication workflows. No new features or enhancements are planned for App
ID, and new users should use AppRole instead of AppID.
@ -121,5 +121,5 @@ management tool.
## API
The AppID auth method has a full HTTP API. Please see the
[AppID auth method API](/api/auth/app-id/index.html) for more
[AppID auth method API](/api/auth/app-id) for more
details.

View file

@ -207,8 +207,7 @@ full set of client credentials (RoleID and SecretID) in order to create the
entry, even if these are then distributed via different paths. However, in Pull
mode, even though the RoleID must be known in order to distribute it to the
client, the SecretID can be kept confidential from all parties except for the
final authenticating client by using [Response
Wrapping](/docs/concepts/response-wrapping.html).
final authenticating client by using [Response Wrapping](/docs/concepts/response-wrapping).
Push mode is available for App-ID workflow compatibility, which in some
specific cases is preferable, but in most cases Pull mode is more secure and
@ -234,5 +233,5 @@ guide for a step-by-step tutorial.
## API
The AppRole auth method has a full HTTP API. Please see the
[AppRole API](/api/auth/approle/index.html) for more
[AppRole API](/api/auth/approle) for more
details.

View file

@ -429,7 +429,7 @@ not specify the policy component, the client will inherit the allowed policies s
on the role. If the role tag creation specifies the policy component but it contains
no policies, the token will contain only the `default` policy; by default, this policy
allows only manipulation (revocation, renewal, lookup) of the existing token, plus
access to its [cubbyhole](/docs/secrets/cubbyhole/index.html).
access to its [cubbyhole](/docs/secrets/cubbyhole).
This can be useful to allow instances access to a secure "scratch space" for
storing data (via the token's cubbyhole) but without granting any access to
other resources provided by or resident in Vault.
@ -728,5 +728,5 @@ The response will be in JSON. For example:
## API
The AWS auth method has a full HTTP API. Please see the
[AWS Auth API](/api/auth/aws/index.html) for more
[AWS Auth API](/api/auth/aws) for more
details.

View file

@ -21,7 +21,7 @@ Currently supports authentication for:
## Prerequisites:
The following documentation assumes that the method has been
[mounted](/docs/plugin/index.html) at `auth/azure`.
[mounted](/docs/plugin) at `auth/azure`.
- A configured [Azure AD application](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications) which is used as the resource for generating MSI access tokens.
- Client credentials (shared secret) for accessing the Azure Resource Manager with read access to compute endpoints. See [Azure AD Service to Service Client Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service)
@ -37,7 +37,7 @@ The next sections review how the authN/Z workflows work. If you
have already reviewed these sections, here are some quick links to:
- [Usage](#usage)
- [API documentation](/api/auth/azure/index.html) docs.
- [API documentation](/api/auth/azure) docs.
## Authentication
@ -134,7 +134,7 @@ tool.
authentication type, as well as overall constraints and configuration for
the generated auth tokens.
For the complete list of role options, please see the [API documentation](/api/auth/azure/index.html).
For the complete list of role options, please see the [API documentation](/api/auth/azure).
### Via the API
@ -175,7 +175,7 @@ method as an external plugin. The azure plugin method is integrated into Vault a
a builtin method by default.
Assuming you have saved the binary `vault-plugin-auth-azure` to some folder and
configured the [plugin directory](/docs/internals/plugins.html#plugin-directory)
configured the [plugin directory](/docs/internals/plugins#plugin-directory)
for your server at `path/to/plugins`:
1. Enable the plugin in the catalog:
@ -194,4 +194,4 @@ for your server at `path/to/plugins`:
## API
The Azure Auth Plugin has a full HTTP API. Please see the [API documentation](/api/auth/azure/index.html) for more details.
The Azure Auth Plugin has a full HTTP API. Please see the [API documentation](/api/auth/azure) for more details.

View file

@ -127,4 +127,4 @@ management tool.
## API
The TLS Certificate auth method has a full HTTP API. Please see the
[TLS Certificate API](/api/auth/cert/index.html) for more details.
[TLS Certificate API](/api/auth/cert) for more details.

View file

@ -296,5 +296,5 @@ match the certificates you're checking.
## API
The CF auth method has a full HTTP API. Please see the [CF Auth API](/api/auth/cf/index.html)
The CF auth method has a full HTTP API. Please see the [CF Auth API](/api/auth/cf)
for more details.

View file

@ -342,7 +342,7 @@ The GCP Auth Plugin has a full HTTP API. Please see the
[signjwt-method]: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signJwt
[cloud-creds]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application
[service-accounts]: https://cloud.google.com/compute/docs/access/service-accounts
[api-docs]: /api/auth/gcp/index.html
[identity-group-aliases]: /api/secret/identity/group-alias.html
[api-docs]: /api/auth/gcp
[identity-group-aliases]: /api/secret/identity/group-alias
[instance-identity]: https://cloud.google.com/compute/docs/instances/verifying-instance-identity
[repo]: https://github.com/hashicorp/vault-plugin-auth-gcp

View file

@ -109,5 +109,5 @@ management tool.
## API
The GitHub auth method has a full HTTP API. Please see the
[GitHub Auth API](/api/auth/github/index.html) for more
[GitHub Auth API](/api/auth/github) for more
details.

View file

@ -13,12 +13,12 @@ responsible for assigning identity and a set of policies to a user.
Having multiple auth methods enables you to use an auth method that makes the
most sense for your use case of Vault and your organization.
For example, on developer machines, the [GitHub auth method](/docs/auth/github.html)
is easiest to use. But for servers the [AppRole](/docs/auth/approle.html)
For example, on developer machines, the [GitHub auth method](/docs/auth/github)
is easiest to use. But for servers the [AppRole](/docs/auth/approle)
method is the recommended choice.
To learn more about authentication, see the
[authentication concepts page](/docs/concepts/auth.html).
[authentication concepts page](/docs/concepts/auth).
## Enabling/Disabling Auth Methods
@ -28,7 +28,7 @@ Auth methods can be enabled/disabled using the CLI or the API.
$ vault auth enable userpass
```
When enabled, auth methods are similar to [secrets engines](/docs/secrets/index.html):
When enabled, auth methods are similar to [secrets engines](/docs/secrets):
they are mounted within the Vault mount table and can be accessed
and configured using the standard read/write API. All auth methods are mounted underneath the `auth/` prefix.

View file

@ -114,7 +114,7 @@ JSON Pointer can be used as a selector. Refer to the
## OIDC Authentication
This section covers the setup and use of OIDC roles. If a JWT is to be provided directly,
refer to the [JWT Authentication](/docs/auth/jwt.html#jwt-authentication) section below. Basic
refer to the [JWT Authentication](/docs/auth/jwt#jwt-authentication) section below. Basic
familiarity with [OIDC concepts](https://developer.okta.com/blog/2017/07/25/oidc-primer-part-1)
is assumed.
@ -143,7 +143,7 @@ Logging in via the Vault UI requires a redirect URI of the form:
The "host:port" must be correct for the Vault server, and "path" must match the path the JWT
backend is mounted at (e.g. "oidc" or "jwt").
If [namespaces](https://www.vaultproject.io/docs/enterprise/namespaces/index.html) are being used,
If [namespaces](/docs/enterprise/namespaces) are being used,
they must be added as query parameters, for example:
`https://vault.example.com:8200/ui/vault/auth/oidc/oidc/callback?namespace=my_ns`
@ -180,7 +180,7 @@ The callback listener may be customized with the following optional parameters:
The OIDC authentication flow has been successfully tested with a number of providers. A full
guide to configuring OAuth/OIDC applications is beyond the scope of Vault documentation, but a
collection of provider configuration steps has been collected to help get started:
[OIDC Provider Setup](/docs/auth/jwt_oidc_providers.html)
[OIDC Provider Setup](/docs/auth/jwt_oidc_providers)
### OIDC Configuration Troubleshooting
@ -204,7 +204,7 @@ why things aren't working. Some tips for setting up OIDC:
`cat jwt.json | jq -r .access_token | cut -d. -f2 | base64 -D`
- As of Vault 1.2, the [`verbose_oidc_logging`](/api/auth/jwt/index.html#verbose_oidc_logging) role
- As of Vault 1.2, the [`verbose_oidc_logging`](/api/auth/jwt#verbose_oidc_logging) role
option is available which will log the received OIDC token if debug-level logging is enabled. This can
be helpful when debugging provider setup and verifying that the received claims are what you expect.
Since claims data is logged verbatim and may contain sensitive information, this option should not be
@ -270,7 +270,7 @@ management tool.
1. Use the `/config` endpoint to configure Vault. To support JWT roles, either local keys or an OIDC
Discovery URL must be present. For OIDC roles, OIDC Discovery URL, OIDC Client ID and OIDC Client Secret are required. For the
list of available configuration options, please see the [API documentation](/api/auth/jwt/index.html).
list of available configuration options, please see the [API documentation](/api/auth/jwt).
```text
$ vault write auth/jwt/config \
@ -302,4 +302,4 @@ management tool.
## API
The JWT Auth Plugin has a full HTTP API. Please see the
[API docs](/api/auth/jwt/index.html) for more details.
[API docs](/api/auth/jwt) for more details.

View file

@ -8,7 +8,7 @@ description: OIDC provider configuration quick starts
This page collects high-level setup steps on how to configure an OIDC
application for various providers. For more general usage and operation
information, see the [Vault JWT/OIDC method documentation](https://www.vaultproject.io/docs/auth/jwt.html).
information, see the [Vault JWT/OIDC method documentation](/docs/auth/jwt).
OIDC providers are often highly configurable and you should become familiar with
their recommended settings and best practices. The instructions below are
@ -33,17 +33,17 @@ Reference: [Azure Active Directory v2.0 and the OpenID Connect protocol](https:/
it will not be accessible after you leave the page.
Please note [Azure AD v2.0 endpoints](https://docs.microsoft.com/en-gb/azure/active-directory/develop/azure-ad-endpoint-comparison)
are required for [external groups](https://www.vaultproject.io/docs/secrets/identity/index.html#external-vs-internal-groups) to work.
are required for [external groups](/docs/secrets/identity#external-vs-internal-groups) to work.
- `groupMembershipClaims` should be changed from `none` in the
[App registration manifest](https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest).
Options are "All" or "Security"
- In the [OIDC Role config](https://www.vaultproject.io/api/auth/jwt/index.html#create-role)
- In the [OIDC Role config](/api/auth/jwt#create-role)
the scope `"https://graph.microsoft.com/.default"` should be added to add groups
to the jwt token and `groups_claim` should be set to `groups`.
- Finally Azure AD group can be referenced by using the groups `objectId` as the [group alias name](https://www.vaultproject.io/api/secret/identity/group-alias.html) for the external group.
- Finally Azure AD group can be referenced by using the groups `objectId` as the [group alias name](/api/secret/identity/group-alias) for the external group.
### CLI setup instructions:

View file

@ -26,8 +26,8 @@ it into HashiCorp's maintenance.
## Prerequisites
Kerberos is a very hands-on auth method. Other auth methods like
[LDAP](https://www.vaultproject.io/docs/auth/ldap.html) and
[Azure](https://www.vaultproject.io/docs/auth/azure.html) only require
[LDAP](/docs/auth/ldap) and
[Azure](/docs/auth/azure) only require
a cursory amount of knowledge for configuration and use.
Kerberos, on the other hand, is best used by people already familiar
with it. We recommend that you use simpler authentication methods if
@ -113,14 +113,14 @@ $ vault write auth/kerberos/config/ldap \
```
The LDAP above relies upon the same code as the LDAP auth method.
See [its documentation](https://www.vaultproject.io/docs/auth/ldap.html)
See [its documentation](/docs/auth/ldap)
for further discussion of available parameters.
- Configure the Vault policies that should be granted to those
who successfully authenticate based on their LDAP group membership.
Since this is identical to the LDAP auth method, see
[Group Membership Resolution](https://www.vaultproject.io/docs/auth/ldap.html#group-membership-resolution)
and [LDAP Group -> Policy Mapping](https://www.vaultproject.io/docs/auth/ldap.html#ldap-group-gt-policy-mapping)
[Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-gt-policy-mapping)
for further discussion.
```text
@ -194,7 +194,7 @@ in the `keytab` file.
After you've stripped the issue down to its simplest form, if you still
encounter difficulty resolving it, it will be much easier to gain assistance
by posting your reproduction to the [Vault Forum](https://discuss.hashicorp.com/c/vault)
or by providing it to [HashiCorp Support](https://www.hashicorp.com/support.html)
or by providing it to [HashiCorp Support](https://www.hashicorp.com/support)
(if applicable.)
### Additional Troubleshooting Resources
@ -219,5 +219,5 @@ client.
## API
The Kerberos auth method has a full HTTP API. Please see the
[Kerberos auth method API](/api/auth/kerberos/index.html) for more
[Kerberos auth method API](/api/auth/kerberos) for more
details.

View file

@ -81,7 +81,7 @@ management tool.
!> **NOTE:** The pattern Vault uses to authenticate Pods depends on sharing
the JWT token over the network. Given the [security model of
Vault](/docs/internals/security.html), this is allowable because Vault is
Vault](/docs/internals/security), this is allowable because Vault is
part of the trusted compute base. In general, Kubernetes applications should
**not** share this JWT with other applications, as it allows API calls to be
made on behalf of the Pod and can result in unintended access being granted
@ -136,6 +136,6 @@ subjects:
## API
The Kubernetes Auth Plugin has a full HTTP API. Please see the
[API docs](/api/auth/kubernetes/index.html) for more details.
[API docs](/api/auth/kubernetes) for more details.
[k8s-tokenreview]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#tokenreview-v1-authentication-k8s-io

View file

@ -254,5 +254,5 @@ It should be noted that user -> policy mapping happens at token creation time. A
## API
The LDAP auth method has a full HTTP API. Please see the
[LDAP auth method API](/api/auth/ldap/index.html) for more
[LDAP auth method API](/api/auth/ldap) for more
details.

View file

@ -13,7 +13,7 @@ description: |-
edition of Vault. This system is not supported by HashiCorp. Vault Enterprise
contains a fully-supported MFA system that is significantly more complete and
flexible and which can be used throughout Vault's API. See the [Vault
Enterprise MFA](/docs/enterprise/mfa/index.html) page for more information.
Enterprise MFA](/docs/enterprise/mfa) page for more information.
Several auth methods support multi-factor authentication (MFA). Once
enabled for a method, users are required to provide additional verification,

View file

@ -102,7 +102,7 @@ Create the Vault admin role:
You will see a response that includes a token with the previously added policy.
1. Use the received token to read secrets, writer secrets, and add roles per the instructions in [https://www.vaultproject.io/docs/secrets/kv/kv-v1.html](https://www.Vaultproject.io/docs/secrets/kv/kv-v1.html).
1. Use the received token to read secrets, writer secrets, and add roles per the instructions in [/docs/secrets/kv/kv-v1](/docs/secrets/kv/kv-v1).
1. Log into Vault using the user API key.
- [Add an API Key](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm) for a user in the console. This user should be part of a group that has previously been added to the Vault admin role.
@ -112,7 +112,7 @@ You will see a response that includes a token with the previously added policy.
`vault login -method=oci auth_type=apikey role=vaultadminrole`
1. Stop Vault and re-start it in the production environment. See [https://www.vaultproject.io/docs/configuration](https://www.Vaultproject.io/docs/configuration/) for more information.
1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
1. Repeat all steps in this [Configure the OCI Auth Method](#OnboardingtoOCIAuthMethod-ConfiguretheOCIAuthMethod) section while in the production environment.
### Manage Roles in the OCI Auth method
@ -200,4 +200,4 @@ POST http://127.0.0.1/v1/auth/oci/login/devrole
## API
The OCI Auth method has a full HTTP API. Please see the [API docs](/api/auth/oci/index.html) for more details.
The OCI Auth method has a full HTTP API. Please see the [API docs](/api/auth/oci) for more details.

View file

@ -113,4 +113,4 @@ management tool.
## API
The Okta auth method has a full HTTP API. Please see the
[Okta Auth API](/api/auth/okta/index.html) for more details.
[Okta Auth API](/api/auth/okta) for more details.

View file

@ -79,5 +79,5 @@ The response will contain a token at `auth.client_token`:
## API
The RADIUS auth method has a full HTTP API. Please see the
[RADIUS Auth API](/api/auth/radius/index.html) for more
[RADIUS Auth API](/api/auth/radius) for more
details.

View file

@ -18,7 +18,7 @@ The token store can also be used to bypass any other auth method:
you can create tokens directly, as well as perform a variety of other
operations on tokens such as renewal and revocation.
Please see the [token concepts](/docs/concepts/tokens.html) page dedicated
Please see the [token concepts](/docs/concepts/tokens) page dedicated
to tokens.
## Authentication
@ -37,5 +37,5 @@ either `X-Vault-Token: <token>` or `Authorization: Bearer <token>`.
## API
The Token auth method has a full HTTP API. Please see the
[Token auth method API](/api/auth/token/index.html) for more
[Token auth method API](/api/auth/token) for more
details.

View file

@ -85,4 +85,4 @@ management tool.
## API
The Userpass auth method has a full HTTP API. Please see the [Userpass auth
method API](/api/auth/userpass/index.html) for more details.
method API](/api/auth/userpass) for more details.

View file

@ -7,4 +7,4 @@ description: The "agent" command is used to start Vault Agent
# agent
Please see the [Vault Agent documentation page](/docs/agent/index.html).
Please see the [Vault Agent documentation page](/docs/agent).

View file

@ -30,5 +30,5 @@ Success! Disabled audit device (if it was enabled) at: file/
## Usage
There are no flags beyond the [standard set of flags](/docs/commands/index.html)
There are no flags beyond the [standard set of flags](/docs/commands)
included on all commands.

View file

@ -27,7 +27,7 @@ Success! Enabled the file audit device at: file/
## Usage
The following flags are available in addition to the [standard set of
flags](/docs/commands/index.html) included on all commands.
flags](/docs/commands) included on all commands.
- `-description` `(string: "")` - Human-friendly description for the purpose of
this audit device.

View file

@ -13,7 +13,7 @@ The `audit` command groups subcommands for interacting with Vault's audit
devices. Users can list, enable, and disable audit devices.
For more information, please see the [audit device
documentation](/docs/audit/index.html)
documentation](/docs/audit)
## Examples

View file

@ -35,7 +35,7 @@ file/ file n/a replicated file_path=/var/log/audit.log
## Usage
The following flags are available in addition to the [standard set of
flags](/docs/commands/index.html) included on all commands.
flags](/docs/commands) included on all commands.
### Output Options

View file

@ -29,5 +29,5 @@ Success! Disabled the auth method (if it existed) at: userpass/
## Usage
There are no flags beyond the [standard set of flags](/docs/commands/index.html)
There are no flags beyond the [standard set of flags](/docs/commands)
included on all commands.

View file

@ -18,7 +18,7 @@ auth method.
An auth method is responsible for authenticating users or machines and assigning
them policies and a token with which they can access Vault. Authentication is
usually mapped to policy. Please see the [policies
concepts](/docs/concepts/policies.html) page for more information.
concepts](/docs/concepts/policies) page for more information.
## Examples
@ -37,12 +37,12 @@ Success! Data written to: auth/userpass/users/sethvargo
```
For more information on the specific configuration options and paths, please see
the [auth method](/docs/auth/index.html) documentation.
the [auth method](/docs/auth) documentation.
## Usage
The following flags are available in addition to the [standard set of
flags](/docs/commands/index.html) included on all commands.
flags](/docs/commands) included on all commands.
- `-description` `(string: "")` - Human-friendly description for the purpose of
this auth method.

Some files were not shown because too many files have changed in this diff Show more