luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Merge pull request #5044 from hashicorp/oss-download-config-path 

Add Configuration Builder and Better Download page
This commit is contained in:
Joshua Ogle 2018-08-23 14:01:59 -06:00 committed by GitHub
parent 362a92945e 6819af20b5
commit 6f3b18e9bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 2383 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/source/assets/images/icon-checkmark-circle.svg Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g transform="translate(-505.000000, -313.000000)">
<path d="M513,329 C508.581722,329 505,325.418278 505,321 C505,316.581722 508.581722,313 513,313 C517.418278,313 521,316.581722 521,321 C521,325.418278 517.418278,329 513,329 Z M516.949299,317 L511.612044,322.975703 L508.92419,320.627165 L508,321.737119 L511.7343,325 L518,317.984791 L516.949299,317 Z" fill="#2EB039"></path>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 581 B

4
website/source/assets/images/icon-warning.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="12px" height="12px" viewBox="0 0 12 12" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<path d="M11.6953829,8.65001982 C11.9006216,9.00070532 12.0088317,9.40536341 12.0088317,9.82419612 C12.0088317,11.0177262 11.1281188,11.9903231 10.0421672,11.9995911 C10.0363281,12 10.0306132,12 10.0250226,12 L1.99002424,12 C1.28361527,12 0.625534307,11.5828028 0.27232982,10.9116892 C-0.080626195,10.241257 -0.0807504316,9.40740782 0.27232982,8.73629417 L4.28914568,1.10394378 C4.64259864,0.432966422 5.30055537,0.0159055424 6.00671587,0.0159055424 C6.71312484,0.0159055424 7.3712058,0.433102717 7.72428606,1.10421637 L11.6953829,8.65001982 Z M6.5625,9.73349966 L6.5625,8.23499966 L5.4375,8.23499966 L5.4375,9.73349966 L6.5625,9.73349966 Z M6.5625,7.12125 L6.5625,3.375 L5.4375,3.375 L5.4375,7.12125 L6.5625,7.12125 Z" fill="#FAC402"></path>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 936 B

5
website/source/assets/javascripts/application.js
View File

@ -1,8 +1,13 @@
//= require turbolinks
//= require jquery
//= require lib/file-saver.min
//= require hashicorp/mega-nav
//= require hashicorp/sidebar
//= require hashicorp/analytics
//= require analytics
//= require tabs
//= require os-detect
//= require downloads
//= require configuration-builder

116
website/source/assets/javascripts/configuration-builder.js Normal file
View File

@ -0,0 +1,116 @@
document.addEventListener("turbolinks:load", function() {
var revealTriggers = document.querySelectorAll(".reveal-trigger");
var configTriggers = document.querySelectorAll(".config-reveal-trigger");
var configSelects = document.querySelectorAll(".config-reveal-select");
revealTriggers.forEach(function(revealTrigger) {
revealTrigger.addEventListener("click", function() {
revealTrigger.classList.toggle("active");
revealTrigger.nextElementSibling.classList.toggle("active");
});
});
configTriggers.forEach(function(configTrigger) {
configTrigger.addEventListener("change", function() {
var container = configTrigger.closest("fieldset");
var reveal = container.querySelector(".config-reveal-container");
reveal.classList.toggle("active");
if (reveal.querySelector(".config-reveal-select")) {
var selection = reveal.querySelector(".config-reveal-select").value;
document.querySelector('[data-if-option="' + selection + '"]').classList.toggle("active");
}
});
});
configSelects.forEach(function(configSelect) {
configSelect.addEventListener("change", function() {
var selection = configSelect.value;
var section = configSelect.closest("section");
var reveal = section.querySelector('[data-if-option="' + selection + '"]');
var nestedOptions = section.querySelectorAll("[data-if-option]");
nestedOptions.forEach(function(nestedOption) {
nestedOption.classList.remove("active");
});
if (reveal) {
reveal.classList.add("active");
}
});
});
});
function downloadConfiguration() {
var form = document.querySelector("#configuration-builder");
var config = "";
// Add Listener stanza
if (document.getElementById("include_tcp_listener").checked) {
config += 'listener "tcp" {\n' + addFieldsToStanza("listener") + '}\n';
}
// Add Storage stanza
if (document.getElementById("include_storage").checked) {
var backend = document.getElementById("storage").value;
config += '\nstorage "' + backend + '" {\n' + addFieldsToStanza("storage") + '}\n';
}
// Add Telemetry stanza
if (document.getElementById("include_telemetry").checked) {
var provider = document.getElementById("telemetry").value;
config += '\ntelemetry "' + provider + '" {\n' + addFieldsToStanza("telemetry") + '}\n';
}
// Add Seal stanza
if (document.getElementById("include_seal").checked) {
var type = document.getElementById("seal").value;
config += '\nseal "' + type + '" {\n' + addFieldsToStanza("seal") + '}\n';
}
// Add UI stanza
if (document.getElementById("include_ui").checked &&
document.getElementById("ui").value == "true") {
config += '\nui = true';
var startServerLink = document.querySelector(".start-server-link");
startServerLink.href = startServerLink.href + "?tab=ui";
}
config = config.replace(/([^\r])\n/g, "$1\r\n");
var blob = new Blob([config], {type: "text/plain;charset=utf-8"});
saveAs(blob, "vault-config.hcl");
document.querySelector(".form-actions").style.display = "none";
document.querySelector("#download-confirm").style.display = "block";
}
function addFieldsToStanza(stanza) {
var fieldsets = document.querySelectorAll('[data-config-stanza="' + stanza + '"] .nested-fields fieldset');
var lines = "";
fieldsets.forEach(function(fieldset) {
if (fieldset.offsetWidth > 0 && fieldset.offsetHeight > 0) {
var line = fieldsetToLine(fieldset);
if (line) {
lines += line;
}
}
});
return lines;
}
function fieldsetToLine(fieldset) {
var parameter = fieldset.getAttribute("name");
var isChecked = document.querySelector("#include_" + parameter).checked;
if (isChecked) {
var field = fieldset.querySelector("#" + parameter);
var value = field.value;
if (field.getAttribute("type") == "number") {
return ' ' + parameter + ' = ' + value + '\n';
} else {
return ' ' + parameter + ' = "' + value + '"\n';
}
}
return;
}

22
website/source/assets/javascripts/downloads.js Normal file
View File

@ -0,0 +1,22 @@
document.addEventListener("turbolinks:load", function() {
var downloadLinks = document.querySelectorAll(".download-arches .download-link");
downloadLinks.forEach(function(downloadLink) {
downloadLink.addEventListener("click", handleDownloadLinkClick);
});
});
function handleDownloadLinkClick(clickEvent) {
var clickedLink = clickEvent.currentTarget;
var bit = clickedLink.innerHTML;
var container = clickedLink.closest(".download");
var name = container.querySelector(".os-name").innerHTML;
var icon = container.querySelector(".icon svg").outerHTML;
var confirm = document.querySelector("#download-confirm");
document.querySelector(".download-arches").style.display = "none";
confirm.style.display = "flex";
confirm.querySelector(".chosen-os-name").innerHTML = name;
confirm.querySelector(".chosen-os-bit").innerHTML = bit;
confirm.querySelector(".icon").innerHTML = icon;
}

2
website/source/assets/javascripts/lib/file-saver.min.js vendored Normal file
View File

@ -0,0 +1,2 @@
/*! @source http://purl.eligrey.com/github/FileSaver.js/blob/master/FileSaver.js */
var saveAs=saveAs||function(e){"use strict";if(typeof e==="undefined"||typeof navigator!=="undefined"&&/MSIE [1-9]\./.test(navigator.userAgent)){return}var t=e.document,n=function(){return e.URL||e.webkitURL||e},r=t.createElementNS("http://www.w3.org/1999/xhtml","a"),o="download"in r,a=function(e){var t=new MouseEvent("click");e.dispatchEvent(t)},i=/constructor/i.test(e.HTMLElement)||e.safari,f=/CriOS\/[\d]+/.test(navigator.userAgent),u=function(t){(e.setImmediate||e.setTimeout)(function(){throw t},0)},s="application/octet-stream",d=1e3*40,c=function(e){var t=function(){if(typeof e==="string"){n().revokeObjectURL(e)}else{e.remove()}};setTimeout(t,d)},l=function(e,t,n){t=[].concat(t);var r=t.length;while(r--){var o=e["on"+t[r]];if(typeof o==="function"){try{o.call(e,n||e)}catch(a){u(a)}}}},p=function(e){if(/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(e.type)){return new Blob([String.fromCharCode(65279),e],{type:e.type})}return e},v=function(t,u,d){if(!d){t=p(t)}var v=this,w=t.type,m=w===s,y,h=function(){l(v,"writestart progress write writeend".split(" "))},S=function(){if((f||m&&i)&&e.FileReader){var r=new FileReader;r.onloadend=function(){var t=f?r.result:r.result.replace(/^data:[^;]*;/,"data:attachment/file;");var n=e.open(t,"_blank");if(!n)e.location.href=t;t=undefined;v.readyState=v.DONE;h()};r.readAsDataURL(t);v.readyState=v.INIT;return}if(!y){y=n().createObjectURL(t)}if(m){e.location.href=y}else{var o=e.open(y,"_blank");if(!o){e.location.href=y}}v.readyState=v.DONE;h();c(y)};v.readyState=v.INIT;if(o){y=n().createObjectURL(t);setTimeout(function(){r.href=y;r.download=u;a(r);h();c(y);v.readyState=v.DONE});return}S()},w=v.prototype,m=function(e,t,n){return new v(e,t||e.name||"download",n)};if(typeof navigator!=="undefined"&&navigator.msSaveOrOpenBlob){return function(e,t,n){t=t||e.name||"download";if(!n){e=p(e)}return navigator.msSaveOrOpenBlob(e,t)}}w.abort=function(){};w.readyState=w.INIT=0;w.WRITING=1;w.DONE=2;w.error=w.onwritestart=w.onprogress=w.onwrite=w.onabort=w.onerror=w.onwriteend=null;return m}(typeof self!=="undefined"&&self||typeof window!=="undefined"&&window||this.content);if(typeof module!=="undefined"&&module.exports){module.exports.saveAs=saveAs}else if(typeof define!=="undefined"&&define!==null&&define.amd!==null){define("FileSaver.js",function(){return saveAs})}

41
website/source/assets/javascripts/os-detect.js Normal file
View File

@ -0,0 +1,41 @@
function getCurrentOS() {
var userAgent = navigator.userAgent;
if (userAgent.indexOf("Win") != -1) return "windows";
if (userAgent.indexOf("Mac") != -1) return "darwin";
if (userAgent.indexOf("Linux") != -1) return "linux";
if (userAgent.indexOf("NetBSD") != -1) return "netbsd";
if (userAgent.indexOf("FreeBSD") != -1) return "freebsd";
if (userAgent.indexOf("OpenBSD") != -1) return "openbsd";
if (userAgent.indexOf("SunOS") != -1) return "solaris";
return "Unkown";
}
function getCurrentOSBit() {
var userAgent = navigator.userAgent;
if (userAgent.match( /(Win64|WOW64|Mac OS X 10|amd64|x86)/ )) {
return "64-bit";
}
if (userAgent.match( /arm/ )) {
return "arm";
}
return "32-bit";
}
document.addEventListener("turbolinks:load", function() {
if (document.querySelector(`[data-os]`)) {
var osSelector = '[data-os="' + getCurrentOS() + '"]';
var bitSelector = '[data-os-bit="' + getCurrentOSBit() + '"]';
var currentOSElement = document.querySelector(osSelector);
var currentBitLinkElement = document.querySelector(osSelector + ' ' + bitSelector);
var currentBitLinkHTML = currentBitLinkElement.cloneNode(true);
var bitList = currentBitLinkElement.parentNode;
// Move current Bit link to the start of the list
bitList.removeChild(currentBitLinkElement);
bitList.prepend(currentBitLinkHTML);
// Highlight current OS and Bit link
currentOSElement.classList.add("current");
document.querySelector(osSelector + ' ' + bitSelector).classList.add("current")
}
});

41
website/source/assets/javascripts/tabs.js Normal file
View File

@ -0,0 +1,41 @@
document.addEventListener("turbolinks:load", function() {
var tabs = document.querySelectorAll(".tabs li");
function handleTabClick(clickEvent) {
var clickedLink = clickEvent.currentTarget.querySelector("a");
var activeContentId = clickedLink.getAttribute("data-tab-for");
switchTab(activeContentId);
clickEvent.preventDefault(activeContentId);
return false;
}
function switchTab(id) {
var tabsContents = document.querySelectorAll(".tabs-content");
var activeTab = document.querySelector('[data-tab-for="' + id + '"]');
var activeContent = document.getElementById(id);
tabs.forEach(function(tab) {
var tabLink = tab.querySelector("a");
tabLink.classList.remove("is-active");
});
tabsContents.forEach(function(tabsContent) {
tabsContent.classList.remove("is-active");
});
activeTab.classList.add("is-active");
activeContent.classList.add("is-active");
}
tabs.forEach(function(tab) {
tab.addEventListener("click", handleTabClick);
});
var urlParams = new URLSearchParams(window.location.search);
if (urlParams && urlParams.has("tab")) {
switchTab(urlParams.get("tab"));
}
});

64
website/source/assets/stylesheets/_config.scss Normal file
View File

@ -0,0 +1,64 @@
.config-reveal-label {
.config-reveal-trigger:not(:checked) + & {
color: #aaa;
}
.docs-info-icon {
&::before {
content: '\0024D8';
color: #AAA;
display: inline-block;
height: 1em;
margin-left: 0.25em;
width: 1em;
}
&:hover::before {
color: inherit;
}
}
}
.reveal-container,
.config-reveal-container {
display: none;
margin-left: 20px;
&.active {
display: block;
}
}
.reveal-trigger {
align-items: center;
color: $sidebar-link-color-active;
cursor: pointer;
display: flex;
font-size: $sidebar-font-size;
margin: -5px 0 10px;
&::before {
content: '\203A';
display: inline-block;
height: 1em;
line-height: 1;
text-align: center;
transform: rotate(90deg);
width: 1em;
}
&::after {
content: attr(data-show-text);
margin-left: 0.5em;
}
&.active {
&::before {
transform: rotate(-90deg);
}
&::after {
content: attr(data-hide-text);
}
}
}

83
website/source/assets/stylesheets/_downloads.scss
View File

@ -1,16 +1,16 @@
body.layout-downloads {
#inner {
.downloads {
margin-top: 20px;
.description {
margin-bottom: 20px;
}
.download {
align-items: center;
border-bottom: 1px solid #b2b2b2;
border: 1px solid #ddd;
border-radius: 8px;
display: flex;
margin: 6px 0;
padding: 15px;
.details {
@ -22,6 +22,7 @@ body.layout-downloads {
}
ul {
align-items: center;
padding-left: 0px;
margin: -8px 0 0 0;
}
@ -51,10 +52,80 @@ body.layout-downloads {
}
}
.poweredby {
margin-top: 20px;
text-align: center;
.download-arches {
@media (min-width: 992px) {
display: flex;
flex-wrap: wrap;
}
.download {
@media (min-width: 992px) {
margin: 6px;
order: 1;
width: calc(50% - 12px);
}
&.current {
border: 1px solid #909FA8;
order: 0;
width: 100%;
.current {
&::after {
content: "Other versions:";
}
.download-link {
@extend .button;
@extend .primary;
line-height: 1;
margin: 0 15px 0 0;
order: 0;
padding: 10px 15px;
&::before {
content: "Download "
}
&:hover {
text-decoration: none;
}
}
}
}
}
}
}
}
.poweredby {
float: right;
margin-top: 10px;
text-align: center;
}
}
#download-confirm,
body.layout-downloads .downloads #download-confirm.download {
border: 1px solid #2EB039;
border-radius: 8px;
box-shadow: 0 4px 4px rgba($black, 0.09), 0 4px 12px rgba($black, 0.05);
display: none;
padding: 15px;
.details {
padding-left: 20px;
h2 {
margin: 4px 0 0;
border: none;
}
}
.download-confirm-message {
background: url("/assets/images/icon-checkmark-circle.svg") left center no-repeat;
color: #2EB039;
margin-bottom: 20px;
padding-left: 2rem;
}
}

156
website/source/assets/stylesheets/_forms.scss Normal file
View File

@ -0,0 +1,156 @@
label {
cursor: pointer;
}
.label {
color: $gray-darker;
display: block;
font-size: 13px;
margin-bottom: 2px;
text-align: left;
}
fieldset {
margin-bottom: 10px;
}
.checkbox-label {
padding-left: 0;
input[type="checkbox"] {
margin-right: 5px;
}
& + .input,
& + .textarea,
& + .select {
margin-left: 20px;
max-width: calc(100% - 20px);
}
}
.input,
.textarea,
.select select {
appearance: none;
-webkit-appearance: none;
align-items: center;
background-color: #fff;
border-radius: 2px;
border: 1px solid #BAC1CC;
color: #000;
display: block;
height: 36px;
justify-content: flex-start;
line-height: 1.5;
padding: calc(.375em - 1px) 12px;
vertical-align: top;
max-width: 100%;
width: 100%;
&::placeholder {
opacity: 0.5;
}
}
.input,
.textarea,
.select {
display: block;
height: 36px;
margin-bottom: 10px;
max-width: 100%;
position: relative;
width: 100%;
}
.input[disabled],
.textarea[disabled] {
border-color: #E1E5EB;
background-color: #FAFAFA;
box-shadow: none;
color: #8e96a3;
}
.input,
.textarea {
box-shadow: 0 4px 1px rgba($black, 0.06) inset;
&:focus,
&.is-focused,
&:active,
&.is-active {
border-color: #0068FF;
}
}
.select select {
background-color: #F7F8FA;
box-shadow: 0 3px 1px rgba($black, 0.12);
.has-background-grey-lighter & {
background-color: $white;
}
}
.select::after {
border: 1px solid $black;
border-right: 0;
border-top: 0;
border-width: 2px;
content: " ";
display: block;
height: 7px;
margin-top: 0;
pointer-events: none;
position: absolute;
right: 1.125em;
top: 50%;
transform: translateY(20%) rotate(-45deg);
width: 7px;
z-index: 4;
}
.select::before {
@extend .select::after;
transform: translateY(-75%) rotate(135deg);
z-index: 5;
}
.nested-fields {
border: 1px solid #E1E5EB;
border-radius: 4px;
margin: 0 0 20px 20px;
padding: 10px 20px 0;
}
.form-hint {
color: #aaa;
font-size: 1.2rem;
font-weight: bold;
margin: -5px 12px 10px;
}
.form-input-warning {
color: #614903;
&::before {
background: url("/assets/images/icon-warning.svg") left center no-repeat;
content: "";
display: inline-block;
height: 12px;
margin-right: 0.25rem;
width: 12px;
vertical-align: -0.1rem;
}
}
.form-actions {
margin-top: 30px;
.button {
line-height: 1;
padding: 11px 15px 8px 15px;
}
}

19
website/source/assets/stylesheets/_home.scss
View File

@ -61,6 +61,25 @@
text-align: center;
z-index: 1;
.get-started-links {
p {
margin-top: 0;
text-align: center;
}
a {
margin: 0 0.5em;
}
a:not(.button) {
border-bottom: 1px dashed #00ABE0;
color: #000;
font-size: 16px;
font-weight: 500;
text-decoration: none;
}
}
#tag-line {
display: block;
font-size: 24px;

60
website/source/assets/stylesheets/_tabs.scss Normal file
View File

@ -0,0 +1,60 @@
#inner .tabs {
user-select: none;
align-items: stretch;
display: flex;
font-size: 1rem;
justify-content: space-between;
margin-bottom: 1em;
overflow: hidden;
overflow-x: auto;
white-space: nowrap;
p {
display: none;
}
ul {
align-items: center;
border-bottom-color: #BAC1CC;
border-bottom-style: solid;
border-bottom-width: 1px;
display: flex;
flex-grow: 1;
flex-shrink: 0;
list-style: none;
justify-content: flex-start;
padding: 0;
}
li {
margin: 0;
padding: 0 1rem;
}
a {
align-items: center;
display: flex;
justify-content: center;
margin-bottom: -1px;
vertical-align: top;
color: #525761;
font-weight: 600;
text-decoration: none;
padding: 1rem 0.5rem 0.5rem;
border-bottom: 2px solid transparent;
transition: border-color 150ms;
&.is-active {
border-color: #00ABE0;
color: #00ABE0;
}
}
}
.tabs-content {
display: none;
&.is-active {
display: block;
}
}

3
website/source/assets/stylesheets/application.scss
View File

@ -25,6 +25,8 @@
@import '_buttons';
@import '_syntax';
@import '_logos';
@import '_forms';
@import '_tabs';
// Pages
@import '_community';
@ -32,6 +34,7 @@
@import '_downloads';
@import '_home';
@import '_latest';
@import '_config';
// Demo
@import '_demo';

70
website/source/docs/configuration/builder.html.erb Normal file
View File

@ -0,0 +1,70 @@
---
layout: "docs"
page_title: "Server Configuration"
sidebar_current: "docs-configuration"
description: |-
Vault server configuration reference.
---
<h1>Vault Configuration</h1>
<nav class="tabs">
<ul>
<li>
<a href="/docs/configuration/builder.html" class="is-active">
Configuration Builder
</a>
</li>
<li>
<a href="/docs/configuration/index.html">
Manual Configuration
</a>
</li>
</ul>
</nav>
<p>
Choose from the options below (some are required) and download your
configuration file. Some variables may be sensitive, so we will give you
placeholders that you can replace after downloading.
</p>
<form id="configuration-builder">
<%= partial "builder/section_listener" %>
<%= partial "builder/section_storage" %>
<%= partial "builder/section_telemetry" %>
<%= partial "builder/section_seal" %>
<%= partial "builder/reveal_select_field", locals: {
label: "Vault Web UI",
name: "ui",
options: {
true: "Activate UI",
false: "Do not activate UI"
},
docs_url: "ui"
} %>
<div class="form-actions">
<button type="button" class="button primary" onclick="downloadConfiguration()">
Download Configuration
</button>
</div>
<div id="download-confirm">
<div class="details">
<h2>
Downloading configuration
</h2>
<div class="download-confirm-message">
You can find your configuration file in your downloads folder named "vault-config.hcl"
</div>
<a href="/intro/getting-started/dev-server.html" class="start-server-link">
<button class="button primary">
Next: Starting the server
</button>
</a>
</div>
</div>
</form>

16
website/source/docs/configuration/builder/_reveal_label.html.erb Normal file
View File

@ -0,0 +1,16 @@
<label class="label checkbox-label">
<input
type="checkbox"
class="config-reveal-trigger"
id="<%= name %>"
name="<%= name %>"
<%= "checked" if (defined?(required) && required) || (defined?(checked) && checked) %>
<%= "disabled" if (defined?(required) && required) %>
/>
<span class="config-reveal-label">
<%= label %>
<% if defined?(docs_url) && docs_url %>
<a href="/docs/configuration/<%= docs_url %>" class="docs-info-icon" target="_blank"></a>
<% end %>
</span>
</label>

21
website/source/docs/configuration/builder/_reveal_number_field.html.erb Normal file
View File

@ -0,0 +1,21 @@
<fieldset name="<%= name %>">
<%= partial "builder/reveal_label", locals: {
label: label,
name: "include_#{name}",
required: (required if defined?(required)),
docs_url: (docs_url if defined?(docs_url))
} %>
<div class="config-reveal-container <%= "active" if (defined?(required) && required) %>">
<input
type="number"
id="<%= name %>"
name="<%= name %>"
class="input"
value="<%= value if defined?(value) %>"
min="<%= min if defined?(min) %>"
max="<%= max if defined?(max) %>"
placeholder="<%= placeholder if defined?(placeholder) %>"
required="<%= required if defined?(required) %>"
/>
</div>
</fieldset>

22
website/source/docs/configuration/builder/_reveal_select_field.html.erb Normal file
View File

@ -0,0 +1,22 @@
<fieldset name="<%= name %>">
<%= partial "builder/reveal_label", locals: {
label: label,
name: "include_#{name}",
required: (required if defined?(required)),
docs_url: (docs_url if defined?(docs_url))
} %>
<div class="config-reveal-container <%= "active" if (defined?(required) && required) %>">
<div class="select">
<select
id="<%= name %>"
name="<%= name %>"
required="<%= required if defined?(required) %>"
class="<%= "config-reveal-select" if defined?(reveal) %>"
/>
<% options.each do |value, label| %>
<option value="<%= value %>"><%= label %></option>
<% end %>
</select>
</div>
</div>
</fieldset>

26
website/source/docs/configuration/builder/_reveal_text_field.html.erb Normal file
View File

@ -0,0 +1,26 @@
<fieldset name="<%= name %>">
<%= partial "builder/reveal_label", locals: {
label: label,
name: "include_#{name}",
required: (required if defined?(required)),
docs_url: (docs_url if defined?(docs_url))
} %>
<div class="config-reveal-container <%= "active" if (defined?(required) && required) %>">
<input
type="text"
id="<%= name %>"
name="<%= name %>"
class="input"
value="<%= value if defined?(value) %>"
placeholder="<%= placeholder if defined?(placeholder) %>"
required="<%= defined?(required) %>"
<%= "disabled" if (defined?(sensitive_disabled) && sensitive_disabled) %>
/>
<% if (defined?(sensitive_disabled) && sensitive_disabled) %>
<div class="form-hint form-input-warning">
This is sensitive information, so we will put this placeholder in your
config for you to replace.
</div>
<% end %>
</div>
</fieldset>

156
website/source/docs/configuration/builder/_section_listener.html.erb Normal file
View File

@ -0,0 +1,156 @@
<section data-config-stanza="listener">
<%= partial "builder/reveal_label", locals: {
label: "TCP Listener",
name: "include_tcp_listener",
required: true,
docs_url: "listener"
} %>
<div class="config-reveal-container nested-fields active">
<%= partial "builder/reveal_text_field", locals: {
label: "Listener Address",
name: "address",
value: "127.0.0.1:8200",
required: true,
docs_url: "listener/tcp.html#address"
} %>
<div class="reveal">
<div class="reveal-trigger"
data-show-text="Show Advanced Options"
data-hide-text="Hide Advanced Options"
></div>
<div class="reveal-container">
<%= partial "builder/reveal_text_field", locals: {
label: "Cluster Address",
name: "cluster_address",
value: "127.0.0.1:8201",
docs_url: "listener/tcp.html#cluster_address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum Request Size",
name: "max_request_size",
placeholder: "33554432",
value: "33554432",
docs_url: "listener/tcp.html#max_request_size"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Proxy Protocol Behavior",
name: "proxy_protocol_behavior",
options: {
use_always: "Always use the client's IP address",
allow_authorized: "Use client address if IP is in Proxy Protocol Authorized Addresses",
deny_unauthorized: "Deny if not in Proxy Protocol Authorized Addresses"
},
docs_url: "listener/tcp.html#proxy_protocol_behavior"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Proxy Protocol Authorized Addresses",
name: "proxy_protocol_authorized_addrs",
docs_url: "listener/tcp.html#proxy_protocol_authorized_addrs"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Disable TLS",
name: "tls_disable",
options: {
false: "Use TLS for secure communication",
true: "Disable TLS and use insecure communication"
},
docs_url: "listener/tcp.html#tls_disable"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path for TLS Certificate File",
name: "tls_cert_file",
value: "<TLS_CERT_FILE>",
sensitive_disabled: true,
docs_url: "listener/tcp.html#tls_cert_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path for TLS Key File",
name: "tls_key_file",
value: "<TLS_KEY_FILE>",
sensitive_disabled: true,
docs_url: "listener/tcp.html#tls_key_file"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "TLS Minimum Version",
name: "tls_min_version",
options: {
tls12: "TLS 1.2",
tls11: "TLS 1.1",
tls10: "TLS 1.0"
},
docs_url: "listener/tcp.html#tls_min_version"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "List of TLS Cipher Suites",
name: "tls_cipher_suites",
docs_url: "listener/tcp.html#tls_cipher_suites"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "TLS Cipher Suite Preference",
name: "tls_prefer_server_cipher_suites",
options: {
false: "Prefer the client ciphersuites over the server's ciphersuite",
true: "Prefer the server's ciphersuite over the client ciphersuites"
},
docs_url: "listener/tcp.html#tls_prefer_server_cipher_suites"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Require and verify client certificate",
name: "tls_require_and_verify_client_cert",
options: {
false: "Leave off client authentication",
true: "Turn on client authentication"
},
docs_url: "listener/tcp.html#tls_require_and_verify_client_cert"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Certificate Authority file (PEM-encoded)",
name: "tls_client_ca_file",
value: "<TLS_CLIENT_CA_FILE>",
sensitive_disabled: true,
docs_url: "listener/tcp.html#tls_client_ca_file"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Client authentication for this listener",
name: "tls_disable_client_certs",
options: {
false: "Request client certificates when available",
true: "Disable client authentication for this listener"
},
docs_url: "listener/tcp.html#tls_disable_client_certs"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "IP addresses trusted by an X-Forwarded-For header",
name: "x_forwarded_for_authorized_addrs",
docs_url: "listener/tcp.html#x_forwarded_for_authorized_addrs"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Number of addresses to skip from rear of the set of hops",
name: "x_forwarded_for_hop_skips",
value: 0,
docs_url: "listener/tcp.html#x_forwarded_for_hop_skips"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Connections from unauthorized addresses",
name: "x_forwarded_for_reject_not_authorized",
options: {
true: "Reject connection from unauthorized addresses",
false: "Ignore header if there is an X-Forwarded-For header in a connection from an unauthorized address"
},
docs_url: "listener/tcp.html#x_forwarded_for_reject_not_authorized"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Connections with no X-Forwarded-For header",
name: "x_forwarded_for_reject_not_present",
options: {
true: "Reject the client address if there is no X-Forwarded-For header or it is emptys",
false: "Use the client address if there is no X-Forwarded-For header or it is empty"
},
docs_url: "listener/tcp.html#x_forwarded_for_reject_not_present"
} %>
</div>
</div>
</div>
</section>

219
website/source/docs/configuration/builder/_section_seal.html.erb Normal file
View File

@ -0,0 +1,219 @@
<section data-config-stanza="seal">
<%= partial "builder/reveal_select_field", locals: {
label: "Seal (Requires Vault Enterprise)",
name: "seal",
reveal: true,
options: {
pkcs11: "HSM PKCS11",
awskms: "AWS KMS",
gcpckms: "GCP Cloud KMS",
azurekeyvault: "Azure Key Vault"
}
} %>
<div class="config-reveal-container nested-fields" data-if-option="pkcs11">
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the PKCS#11 library shared object file",
name: "lib",
required: true,
docs_url: "seal/pkcs11.html#lib"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "PIN for login",
name: "pin",
required: true,
docs_url: "seal/pkcs11.html#pin"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Key Label",
name: "key_label",
required: true,
docs_url: "seal/pkcs11.html#key_label"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Label of the key to use for HMACing",
name: "hmac_key_label",
required: true,
docs_url: "seal/pkcs11.html#hmac_key_label"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Slot number to use (must specify number or token)",
name: "slot",
docs_url: "seal/pkcs11.html#slot"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Slot token label to use (must specify number or token)",
name: "token_label",
docs_url: "seal/pkcs11.html#token_label"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Default key label for decryption operations",
name: "default_key_label",
value: "<DEFAULT_KEY_LABEL>",
sensitive_disabled: true,
docs_url: "seal/pkcs11.html#default_key_label"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Encryption/decryption mechanism",
name: "mechanism",
options: {
"0x1085": "CKM_AES_CBC_PAD (HMAC mechanism required)",
"0x1082": "CKM_AES_CBC (HMAC mechanism required)",
"0x1087": "CKM_AES_GCM",
"0x0009": "CKM_RSA_PKCS_OAEP",
"0x0001": "CKM_RSA_PKCS"
},
docs_url: "seal/pkcs11.html#mechanism"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Default key label for decryption operations",
name: "hmac_mechanism",
value: "0x0251",
docs_url: "seal/pkcs11.html#hmac_mechanism"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Generate a key if 'key_label' can not be found",
name: "generate_key",
options: {
false: "No",
true: "Yes"
},
docs_url: "storage/consul.html#generate_key"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Force generation of a new key (even if given key_label and hmac_key_label already exist)",
name: "regenerate_key",
options: {
false: "No",
true: "Yes (This will render previous data unrecoverable)"
},
docs_url: "storage/consul.html#regenerate_key"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Perform encyption locally",
name: "rsa_encrypt_local",
options: {
false: "No",
true: "Yes"
},
docs_url: "storage/consul.html#rsa_encrypt_local"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Hash algorithm to use for RSA with OAEP padding",
name: "rsa_oaep_hash",
options: {
"sha256": "SHA-256",
"sha1": "SHA-1",
"sha224": "SHA-224",
"sha384": "SHA-384",
"sha512": "SHA-512"
},
docs_url: "storage/consul.html#rsa_oaep_hash"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="awskms">
<%= partial "builder/reveal_text_field", locals: {
label: "AWS access key ID",
name: "access_key",
value: "<AWS_ACCESS_KEY>",
sensitive_disabled: true,
required: true,
docs_url: "seal/awskms.html#access_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS secret access key",
name: "secret_key",
value: "<AWS_SECRET_KEY>",
sensitive_disabled: true,
required: true,
docs_url: "seal/awskms.html#secret_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS KMS key ID to use for encryption and decryption",
name: "kms_key_id",
required: true,
docs_url: "seal/awskms.html#kms_key_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS region where the encryption key lives",
name: "region",
docs_url: "seal/awskms.html#region"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="gcpckms">
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the credentials JSON file",
name: "credentials",
required: true,
docs_url: "seal/gcpckms.html#credentials"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "GCP project ID",
name: "project",
required: true,
docs_url: "seal/gcpckms.html#project"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "GCP CKMS key ring",
name: "key_ring",
required: true,
docs_url: "seal/gcpckms.html#key_ring"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "GCP CKMS crypto key to use for encryption and decryption",
name: "crypto_key",
value: "<GCP_CKMS_CRYPTO_KEY>",
sensitive_disabled: true,
required: true,
docs_url: "seal/gcpckms.html#crypto_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "GCP region/location where the key ring lives",
name: "region",
docs_url: "seal/gcpckms.html#region"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="azurekeyvault">
<%= partial "builder/reveal_text_field", locals: {
label: "Tenant id for the Azure Active Directory organization",
name: "tenant_id",
required: true,
docs_url: "seal/azurekeyvault.html#tenant_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Key Vault vault to use the encryption keys for encryption and decryption",
name: "vault_name",
required: true,
docs_url: "seal/azurekeyvault.html#vault_name"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Key Vault key to use for encryption and decryption",
name: "key_name",
value: "<AZURE_KEY_NAME>",
sensitive_disabled: true,
required: true,
docs_url: "seal/azurekeyvault.html#key_name"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Client id for credentials to query the Azure APIs",
name: "client_id",
docs_url: "seal/azurekeyvault.html#client_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Client id for credentials to query the Azure APIs",
name: "client_secret",
value: "<AZURE_CLIENT_SECRET>",
sensitive_disabled: true,
docs_url: "seal/azurekeyvault.html#client_secret"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Azure Cloud environment API endpoints",
name: "environment",
value: "AZUREPUBLICCLOUD",
docs_url: "seal/azurekeyvault.html#environment"
} %>
</div>
</section>

877
website/source/docs/configuration/builder/_section_storage.html.erb Normal file
View File

@ -0,0 +1,877 @@
<section data-config-stanza="storage">
<fieldset>
<%= partial "builder/reveal_label", locals: {
label: "Storage",
name: "include_storage",
required: true,
docs_url: "storage"
} %>
<span class="select">
<select name="storage" id="storage" class="config-reveal-select">
<optgroup label="Local">
<option value="file">Filesystem</option>
<option value="inmem">In-Memory</option>
</optgroup>
<optgroup label="Remote">
<option value="azure">Azure</option>
<option value="cockroachdb">CockroachDB</option>
<option value="consul">Consul</option>
<option value="couchdb">CouchDB</option>
<option value="dynamodb">DynamoDB</option>
<option value="etcd">Etcd</option>
<option value="foundationdb">FoundationDB</option>
<option value="gcs">Google Cloud Storage</option>
<option value="spanner">Google Cloud Spanner</option>
<option value="manta">Manta</option>
<option value="mysql">MySQL</option>
<option value="postgresql">PostgreSQL</option>
<option value="cassandra">Cassandra</option>
<option value="s3">S3</option>
<option value="swift">Swift</option>
<option value="zookeeper">Zookeeper</option>
</optgroup>
</select>
</span>
</fieldset>
<div class="config-reveal-container nested-fields active" data-if-option="file">
<%= partial "builder/reveal_text_field", locals: {
label: "Path",
name: "path",
required: true,
docs_url: "storage/filesystem.html#path"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="azure">
<%= partial "builder/reveal_text_field", locals: {
label: "Account Name",
name: "accountName",
required: true,
docs_url: "storage/azure.html#path"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Account Key",
name: "accountKey",
value: "<AZURE_ACCOUNT_KEY>",
sensitive_disabled: true,
required: true,
docs_url: "storage/azure.html#accountKey"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Storage Blob container name",
name: "container",
required: true,
docs_url: "storage/azure.html#container"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/azure.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="cockroachdb">
<%= partial "builder/reveal_text_field", locals: {
label: "Connection URL",
name: "connection_url",
required: true,
docs_url: "storage/cockroachdb.html#connection_url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the table in which to write Vault data",
name: "table",
value: "vault_kv_store",
docs_url: "storage/cockroachdb.html#vault_kv_store"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/cockroachdb.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="consul">
<%= partial "builder/reveal_text_field", locals: {
label: "Address of Consul agent",
name: "address",
value: "127.0.0.1:8500",
docs_url: "storage/consul.html#address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Check interval to send health checks back to Consul",
name: "check_timeout",
value: "5s",
docs_url: "storage/consul.html#check_timeout"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Consul consistency mode",
name: "consistency_mode",
options: {
default: "Default",
strong: "Strong"
},
docs_url: "storage/consul.html#consistency_mode"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Should Vault should register itself with Consul",
name: "disable_registration",
options: {
false: "No",
true: "Yes"
},
docs_url: "storage/consul.html#disable_registration"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/consul.html#max_parallel"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path in Consul's key-value store where Vault data will be stored",
name: "path",
value: "vault/",
docs_url: "storage/consul.html#path"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Scheme to use when communicating with Consul",
name: "scheme",
options: {
http: "http",
https: "https"
},
docs_url: "storage/consul.html#scheme"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the service to register in Consul",
name: "service",
value: "vault",
docs_url: "storage/consul.html#service"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "List of Service tags",
name: "service_tags",
docs_url: "storage/consul.html#service_tags"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Service-specific address to set on the service registration",
name: "service_address",
docs_url: "storage/consul.html#service_address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Consul ACL token",
name: "token",
docs_url: "storage/consul.html#token"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Minimum allows session TTL",
name: "session_ttl",
value: "15s",
docs_url: "storage/consul.html#session_ttl"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Minimum time to cancel a lock acquisition",
name: "lock_wait_time",
value: "15s",
docs_url: "storage/consul.html#lock_wait_time"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to CA certificate used for Consul communication",
name: "tls_ca_file",
value: "<CONSUL_TLS_CA_FILE>",
sensitive_disabled: true,
docs_url: "storage/consul.html#tls_ca_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to certificate for Consul communication",
name: "tls_cert_file",
value: "<CONSUL_TLS_CERT_FILE>",
sensitive_disabled: true,
docs_url: "storage/consul.html#tls_cert_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the private key for Consul communication",
name: "tls_key_file",
value: "<TLS_KEY_FILE>",
sensitive_disabled: true,
docs_url: "storage/consul.html#tls_key_file"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Minimum TLS version",
name: "tls_min_version",
options: {
tls12: "TLS 1.2",
tls11: "TLS 1.1",
tls10: "TLS 1.0"
},
docs_url: "storage/consul.html#tls_min_version"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Disable TLS Host verification",
name: "tls_skip_verify",
options: {
false: "Use TLS Host verification",
true: "Disable TLS Host verification (highly discouraged)"
},
docs_url: "storage/consul.html#tls_skip_verify"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="couchdb">
<%= partial "builder/reveal_text_field", locals: {
label: "CouchDB endpoint",
name: "endpoint",
docs_url: "storage/couchdb.html#endpoint"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "User to use for authentication",
name: "username",
value: "<COUCHDB_USERNAME>",
sensitive_disabled: true,
docs_url: "storage/couchdb.html#username"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Password",
name: "password",
value: "<COUCHDB_PASSWORD>",
sensitive_disabled: true,
docs_url: "storage/couchdb.html#password"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/couchdb.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="dynamodb">
<%= partial "builder/reveal_text_field", locals: {
label: "Access Key",
name: "access_key",
required: true,
value: "<DYNAMODB_ACCESS_KEY>",
sensitive_disabled: true,
docs_url: "storage/dynamodb.html#access_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Secret Key",
name: "secret_key",
required: true,
value: "<DYNAMODB_SECRET_KEY>",
sensitive_disabled: true,
docs_url: "storage/dynamodb.html#secret_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "DynamoDB endpoint",
name: "endpoint",
docs_url: "storage/dynamodb.html#endpoint"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "High Availability mode (HA)",
name: "ha_enabled",
options: {
false: "Use High Availablity mode",
true: "Disable High Availablity mode"
},
docs_url: "storage/dynamodb.html#ha_enabled"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/dynamodb.html#max_parallel"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS Region",
name: "region",
value: "us-east-1",
docs_url: "storage/dynamodb.html#region"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Maximum number of reads per second",
name: "read_capacity",
value: 5,
docs_url: "storage/dynamodb.html#read_capacity"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Maximum number of writes per second",
name: "write_capacity",
value: 5,
docs_url: "storage/dynamodb.html#write_capacity"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the DynamoDB table in which to store Vault data",
name: "table",
value: "vault-dynamodb-backend",
docs_url: "storage/dynamodb.html#table"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Session Token",
name: "session_token",
value: "<DYNAMODB_SESSION_TOKEN>",
sensitive_disabled: true,
docs_url: "storage/dynamodb.html#session_token"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="etcd">
<%= partial "builder/reveal_text_field", locals: {
label: "List of addresses of the Etcd instances",
name: "address",
value: "http://localhost:2379",
docs_url: "storage/etcd.html#address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Domain name to query for SRV records describing cluster endpoints",
name: "discovery_srv",
value: "example.com",
docs_url: "storage/etcd.html#discovery_srv"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Etcd API Version",
name: "etcd_api",
docs_url: "storage/etcd.html#etcd_api"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "High Availability mode (HA)",
name: "ha_enabled",
options: {
false: "Use High Availablity mode",
true: "Disable High Availablity mode"
},
docs_url: "storage/etcd.html#ha_enabled"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path in Etcd where Vault data will be stored",
name: "path",
value: "vault/",
docs_url: "storage/etcd.html#path"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Sync the list of available Etcd services on startup",
name: "sync",
options: {
true: "Enable Sync",
false: "Disable Sync"
},
docs_url: "storage/etcd.html#sync"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Username to use when authenticating with the Etcd server",
name: "username",
value: "<ETCD_USERNAME>",
sensitive_disabled: true,
docs_url: "storage/etcd.html#username"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Password",
name: "password",
value: "<ETCD_PASSWORD>",
sensitive_disabled: true,
docs_url: "storage/etcd.html#password"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the CA certificate used for Etcd communication",
name: "tls_ca_file",
value: "<ETCD_TLS_CA_FILE>",
sensitive_disabled: true,
docs_url: "storage/etcd.html#tls_ca_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the certificate used for Etcd communication",
name: "tls_cert_file",
value: "<ETCD_TLS_CERT_FILE>",
sensitive_disabled: true,
docs_url: "storage/etcd.html#tls_cert_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the private key for Etcd communication",
name: "tls_key_file",
value: "<ETCD_TLS_KEY_FILE>",
sensitive_disabled: true,
docs_url: "storage/etcd.html#tls_key_file"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="foundationdb">
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the cluster file containing the connection data for the target cluster",
name: "cluster_file",
required: true,
docs_url: "storage/foundationdb.html#cluster_file"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "FoundationDB API version",
name: "api_version",
docs_url: "storage/foundationdb.html#api_version"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "High Availability mode (HA)",
name: "ha_enabled",
options: {
false: "Use High Availablity mode",
true: "Disable High Availablity mode"
},
docs_url: "storage/foundationdb.html#ha_enabled"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path in Etcd where Vault data will be stored",
name: "path",
value: "vault",
docs_url: "storage/foundationdb.html#path"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="gcs">
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the bucket to use for storage",
name: "bucket",
required: true,
docs_url: "storage/gcs.html#bucket"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Maximum size (in kilobytes) to send in a single request",
name: "chunk_size",
value: "8192",
docs_url: "storage/gcs.html#chunk_size"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: 128,
docs_url: "storage/gcs.html#max_parallel"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "High Availability mode (HA)",
name: "ha_enabled",
options: {
false: "Use High Availablity mode",
true: "Disable High Availablity mode"
},
docs_url: "storage/gcs.html#ha_enabled"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="spanner">
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the database",
name: "database",
required: true,
docs_url: "storage/spanner.html#database"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the table where data will be stored and retrieved",
name: "table",
value: "Vault",
docs_url: "storage/spanner.html#table"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: 128,
docs_url: "storage/spanner.html#max_parallel"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "High Availability mode (HA)",
name: "ha_enabled",
options: {
false: "Use High Availablity mode",
true: "Disable High Availablity mode"
},
docs_url: "storage/spanner.html#ha_enabled"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the table to use for storing high availability information",
name: "ha_table",
value: "VaultHA",
docs_url: "storage/spanner.html#ha_table"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="manta">
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the manta directory to use",
name: "directory",
required: true,
docs_url: "storage/manta.html#directory"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Manta user account name",
name: "user",
required: true,
value: "<MANTA_USERNAME>",
sensitive_disabled: true,
docs_url: "storage/manta.html#user"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Fingerprint of the public key of the SSH key pair to use for authentication",
name: "key_id",
required: true,
value: "<MANTA_KEY_ID>",
sensitive_disabled: true,
docs_url: "storage/manta.html#key_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of a subuser that has been granted access to the Manta account",
name: "subuser",
docs_url: "storage/manta.html#subuser"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Manta URL",
name: "url",
value: "https://us-east.manta.joyent.com",
docs_url: "storage/manta.html#url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/manta.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="mysql">
<%= partial "builder/reveal_text_field", locals: {
label: "MySQL username to connect to the database",
name: "username",
value: "<MYSQL_USERNAME>",
sensitive_disabled: true,
required: true,
docs_url: "storage/mysql.html#username"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "MySQL password to connect to the database",
name: "password",
value: "<MYSQL_PASSWORD>",
sensitive_disabled: true,
required: true,
docs_url: "storage/mysql.html#password"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Address of the MySQL host",
name: "address",
value: "127.0.0.1:3306",
docs_url: "storage/mysql.html#address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the database",
name: "database",
value: "vault",
docs_url: "storage/mysql.html#database"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the table",
name: "table",
value: "vault",
docs_url: "storage/mysql.html#table"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path to the CA certificate to connect using TLS",
name: "tls_ca_file",
value: "<MYSQL_TLS_CA_FILE>",
sensitive_disabled: true,
docs_url: "storage/mysql.html#tls_ca_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/mysql.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="postgresql">
<%= partial "builder/reveal_text_field", locals: {
label: "Connection string to use to authenticate and connect to PostgreSQL",
name: "connection_url",
required: true,
docs_url: "storage/postgresql.html#connection_url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the table in which to write Vault data",
name: "table",
value: "vault_kv_store",
docs_url: "storage/postgresql.html#table"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
value: "128",
docs_url: "storage/postgresql.html#max_parallel"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="cassandra">
<%= partial "builder/reveal_text_field", locals: {
label: "Comma-separated list of Cassandra hosts to connect to",
name: "hosts",
value: "127.0.0.1",
docs_url: "storage/cassandra.html#hosts"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Cassandra keyspace to use",
name: "keyspace",
value: "vault",
docs_url: "storage/cassandra.html#keyspace"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Table within the keyspace in which to store data",
name: "keyspace",
value: "entries",
docs_url: "storage/cassandra.html#table"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Consistency level to use when reading/writing data",
name: "consistency",
options: {
ANY: "Any",
ONE: "One",
TWO: "Two",
THREE: "Three",
QUORUM: "Quorum",
ALL: "All",
LOCAL_QUORUM: "Local Quorum",
EACH_QUORUM: "Each Quorum",
LOCAL_ONE: "Local One"
},
docs_url: "storage/cassandra.html#consistency"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Cassandra protocol version to use",
name: "protocol_version",
value: "2",
min: "0",
docs_url: "storage/cassandra.html#protocol_version"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Username to use when authenticating with the Cassandra hosts",
name: "username",
value: "<CASSANDRA_USERNAME>",
sensitive_disabled: true,
docs_url: "storage/cassandra.html#username"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Password to use when authenticating with the Cassandra hosts",
name: "password",
value: "<CASSANDRA_PASSWORD>",
sensitive_disabled: true,
docs_url: "storage/cassandra.html#password"
} %>
<%= partial "builder/reveal_number_field", locals: {
label: "Timeout in seconds to wait until a connection is established",
name: "connection_timeout",
value: "0",
min: "0",
docs_url: "storage/cassandra.html#connection_timeout"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Connection with the Cassandra hosts should use TLS",
name: "tls",
options: {
"0": "Do not use TLS",
"1": "Use TLS"
},
docs_url: "storage/cassandra.html#tls"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "PEM Bundle File",
name: "pem_bundle_file",
value: "<CASSANDRA_PEM_BUNDLE_FILE>",
sensitive_disabled: true,
docs_url: "storage/cassandra.html#pem_bundle_file"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "PEM JSON File",
name: "pem_json_file",
value: "<CASSANDRA_PEM_JSON_FILE>",
sensitive_disabled: true,
docs_url: "storage/cassandra.html#pem_json_file"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Disable TLS host verification",
name: "tls_skip_verify",
options: {
"0": "Use TLS host verification",
"1": "Disable TLS host verification"
},
docs_url: "storage/cassandra.html#tls_skip_verify"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Minimum TLS version",
name: "tls_min_version",
options: {
tls12: "TLS 1.2",
tls11: "TLS 1.1",
tls10: "TLS 1.0"
},
docs_url: "storage/cassandra.html#tls_min_version"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="s3">
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the S3 bucket",
name: "bucket",
required: true,
docs_url: "storage/s3.html#bucket"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Alternative, AWS compatible, S3 endpoint",
name: "endpoint",
docs_url: "storage/s3.html#endpoint"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS region",
name: "region",
docs_url: "storage/s3.html#region"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS Access Key",
name: "access_key",
value: "<AWS_ACCESS_KEY>",
sensitive_disabled: true,
docs_url: "storage/s3.html#access_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "AWS Secret Key",
name: "secret_key",
value: "<AWS_SECRET_KEY>",
sensitive_disabled: true,
docs_url: "storage/s3.html#secret_key"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Session Token",
name: "session_token",
value: "<AWS_SESSION_TOKEN>",
sensitive_disabled: true,
docs_url: "storage/s3.html#session_token"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
docs_url: "storage/s3.html#max_parallel"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Use host bucket style domains",
name: "s3_force_path_style",
options: {
false: "No",
true: "Yes"
},
docs_url: "storage/s3.html#s3_force_path_style"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Use SSL for the endpoint connection",
name: "disable_ssl",
options: {
false: "No",
true: "Yes"
},
docs_url: "storage/s3.html#disable_ssl"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="swift">
<%= partial "builder/reveal_text_field", locals: {
label: "OpenStack authentication endpoint",
name: "auth_url",
required: true,
docs_url: "swift/swift.html#auth_url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the Swift container",
name: "container",
required: true,
docs_url: "swift/swift.html#container"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "OpenStack username",
name: "username",
value: "<SWIFT_USERNAME>",
sensitive_disabled: true,
required: true,
docs_url: "storage/swift.html#username"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "OpenStack password",
name: "password",
value: "<SWIFT_PASSWORD>",
sensitive_disabled: true,
required: true,
docs_url: "storage/swift.html#password"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Maximum number of concurrent requests",
name: "max_parallel",
docs_url: "storage/swift.html#max_parallel"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the region",
name: "region",
docs_url: "storage/swift.html#region"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "ID of the tenant",
name: "tenant_id",
docs_url: "storage/swift.html#tenant_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the user domain",
name: "domain",
docs_url: "storage/swift.html#domain"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name of the project's domain",
name: "project-domain",
docs_url: "storage/swift.html#project-domain"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "ID of the trust",
name: "trust_id",
docs_url: "storage/swift.html#trust_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Storage URL from alternate authentication",
name: "storage_url",
docs_url: "storage/swift.html#storage_url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Auth token from alternate authentication",
name: "auth_token",
value: "<SWIFT_AUTH_TOKEN>",
sensitive_disabled: true,
docs_url: "storage/swift.html#auth_token"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="zookeeper">
<%= partial "builder/reveal_text_field", locals: {
label: "List of addresses of the Zookeeper instances",
name: "address",
value: "localhost:2181",
docs_url: "swift/swift.html#address"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Path in Zookeeper where data will be stored",
name: "path",
value: "vault/",
docs_url: "swift/swift.html#path"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Authentication string in Zookeeper AddAuth format",
name: "auth_info",
value: "<ZOOKEEPER_AUTH_INFO>",
sensitive_disabled: true,
docs_url: "swift/swift.html#auth_info"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Set permissions (CRWDA) to the ACL",
name: "znode_owner",
docs_url: "swift/swift.html#znode_owner"
} %>
</div>
</section>

136
website/source/docs/configuration/builder/_section_telemetry.html.erb Normal file
View File

@ -0,0 +1,136 @@
<section data-config-stanza="telemetry">
<%= partial "builder/reveal_select_field", locals: {
label: "Telemetry",
name: "telemetry",
reveal: true,
options: {
statsite: "Statsite",
statsd: "StatsD",
circonus: "Circonus",
dogstatsd: "DogStatsD"
}
} %>
<div class="config-reveal-container nested-fields" data-if-option="statsite">
<%= partial "builder/reveal_text_field", locals: {
label: "Address of a statsite server to forward metrics data to",
name: "statsite_address",
docs_url: "telemetry/#statsite_address"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Prefix gauge values with local hostname",
name: "disable_hostname",
options: {
false: "No",
true: "Yes"
},
docs_url: "telemetry/#disable_hostname"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="statsd">
<%= partial "builder/reveal_text_field", locals: {
label: "Address of a statsd server to forward metrics data to",
name: "statsd_address",
docs_url: "telemetry/#statsd_address"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Prefix gauge values with local hostname",
name: "disable_hostname",
options: {
false: "No",
true: "Yes"
},
docs_url: "telemetry/#disable_hostname"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="circonus">
<%= partial "builder/reveal_text_field", locals: {
label: "Circonus API Token used to create/manage check",
name: "circonus_api_token",
value: "<CIRCONOUS_API_TOKEN>",
sensitive_disabled: true,
docs_url: "telemetry/#circonus_api_token"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "App name associated with the API token",
name: "circonus_api_app",
value: "nomad",
docs_url: "telemetry/#circonus_api_app"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Base URL to use for contacting the Circonus API",
name: "circonus_api_url",
value: "https://api.circonus.com/v2",
docs_url: "telemetry/#circonus_api_url"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Interval at which metrics are submitted to Circonus",
name: "circonus_submission_interval",
value: "10s",
docs_url: "telemetry/#circonus_submission_interval"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Circonus check.config.submission_url field",
name: "circonus_submission_url",
docs_url: "telemetry/#circonus_submission_url"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Force activation of metrics which already exist and are not currently active",
name: "circonus_check_force_metric_activation",
options: {
false: "No",
true: "Yes"
},
docs_url: "telemetry/#circonus_check_force_metric_activation"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Tag to narrow down the search results",
name: "circonus_check_search_tag",
docs_url: "telemetry/#circonus_check_search_tag"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Name to give a check when it is created",
name: "circonus_check_display_name",
docs_url: "telemetry/#circonus_check_display_name"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "List of additional tags to add to a check when it is created",
name: "circonus_check_tags",
docs_url: "telemetry/#circonus_check_tags"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "ID of Circonus Broker to use when creating a new check",
name: "circonus_broker_id",
docs_url: "telemetry/#circonus_broker_id"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "Tag which will be used to select a Circonus Broker (when a Broker ID is not provided)",
name: "circonus_broker_select_tag",
docs_url: "telemetry/#circonus_broker_select_tag"
} %>
<%= partial "builder/reveal_select_field", locals: {
label: "Prefix gauge values with local hostname",
name: "disable_hostname",
options: {
false: "No",
true: "Yes"
},
docs_url: "telemetry/#disable_hostname"
} %>
</div>
<div class="config-reveal-container nested-fields" data-if-option="dogstatsd">
<%= partial "builder/reveal_text_field", locals: {
label: "Address of a DogStatsD instance",
name: "dogstatsd_addr",
docs_url: "telemetry/#dogstatsd_addr"
} %>
<%= partial "builder/reveal_text_field", locals: {
label: "List of global tags that will be added to all telemetry packets sent to DogStatsD",
name: "dogstatsd_tags",
docs_url: "telemetry/#dogstatsd_tags"
} %>
</div>
</section>

16
website/source/docs/configuration/index.html.md
View File

@ -8,6 +8,21 @@ description: |-
# Vault Configuration
<nav class="tabs">
<ul>
<li>
<a href="/docs/configuration/builder.html">
Configuration Builder
</a>
</li>
<li>
<a href="/docs/configuration/index.html" class="is-active">
Manual Configuration
</a>
</li>
</ul>
</nav>
Outside of development mode, Vault servers are configured using a file.
The format of this file is [HCL](https://github.com/hashicorp/hcl) or JSON.
An example configuration is shown below:
@ -150,6 +165,7 @@ The following parameters are used on backends that support [high availability][h
such as request forwarding are enabled. Setting this to true on one Vault node
will disable these features _only when that node is the active node_.
[config-builder]: /docs/configuration/builder.html
[storage-backend]: /docs/configuration/storage/index.html
[listener]: /docs/configuration/listener/index.html
[seal]: /docs/configuration/seal/index.html

89
website/source/downloads.html.erb
View File

@ -6,16 +6,68 @@ description: |-
Download Vault
---
<h1>Download Vault</h1>
<section class="downloads">
<div class="description row">
<div class="col-md-12">
<h1>Download Vault</h1>
<p>
Below are the available downloads for the latest version of Vault
(<%= latest_version %>). Please download the proper package for your
operating system and architecture.
operating system and architecture. Check out the
<a href="https://github.com/hashicorp/vault/blob/v<%= latest_version %>/CHANGELOG.md">
v<%= latest_version %> CHANGELOG
</a>
for information on the latest release.
</p>
</div>
</div>
<div class="download-arches">
<% product_versions.each do |os, arches| %>
<% next if os == "web" %>
<div class="download" data-os="<%= os %>">
<div class="icon pull-left"><%= system_icon(os) %></div>
<div class="details">
<h2 class="os-name"><%= pretty_os(os) %></h2>
<ul>
<% arches.each do |arch, url| %>
<li data-os-bit="<%= pretty_arch(arch) %>">
<a href="<%= url %>" class="download-link">
<%= pretty_arch(arch) %>
</a>
</li>
<% end %>
</ul>
<div class="clearfix"></div>
</div>
</div>
<% end %>
</div>
<div id="download-confirm" class="download">
<div class="icon pull-left"></div>
<div class="details">
<h2>
Vault for
<span class="chosen-os-name"></span>
</h2>
<div class="download-confirm-message">
Downloading Vault for <span class="chosen-os-name"></span> <span class="chosen-os-bit"></span>
</div>
<a href="/docs/configuration/builder.html">
<button class="button primary">
Next: Configure the server
</button>
</a>
<div class="clearfix"></div>
</div>
</div>
<a href="https://www.fastly.com?utm_source=hashicorp" target="_blank" rel="nofollow noopener noreferrer" class="poweredby">
<%= inline_svg "fastly.svg", height: 25 %>
</a>
<div class="row">
<div class="col-md-12">
<h2>Verify your download</h2>
<p>
You can find the
<a href="https://releases.hashicorp.com/vault/<%= latest_version %>/vault_<%= latest_version %>_SHA256SUMS">
@ -26,36 +78,21 @@ description: |-
verify the checksums signature file
</a>
which has been signed using <a href="https://hashicorp.com/security.html" target="_blank" rel="nofollow noopener noreferrer">HashiCorp's GPG key</a>.
You can also <a href="https://releases.hashicorp.com/vault/" target="_blank" rel="nofollow noopener noreferrer">download older versions of Vault</a> from the releases service.
</p>
<p>Check out the <a href="https://github.com/hashicorp/vault/blob/v<%= latest_version %>/CHANGELOG.md">v<%= latest_version %> CHANGELOG</a> for information on the latest release.</p>
<p><a href="/community.html">Community resources</a> are available to learn more about Vault and interact with the community.
</div>
</div>
<% product_versions.each do |os, arches| %>
<% next if os == "web" %>
<div class="row">
<div class="col-md-12 download">
<div class="icon pull-left"><%= system_icon(os) %></div>
<div class="details">
<h2 class="os-name"><%= pretty_os(os) %></h2>
<ul>
<% arches.each do |arch, url| %>
<li><a href="<%= url %>"><%= pretty_arch(arch) %></a></li>
<% end %>
</ul>
<div class="clearfix"></div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h2>Older versions</h2>
<p>You can <a href="https://releases.hashicorp.com/vault/" target="_blank" rel="nofollow noopener noreferrer">download older versions of Vault</a> from the releases service.</p>
</div>
<% end %>
</div>
<div class="row">
<div class="col-md-12 poweredby">
<a href="https://www.fastly.com?utm_source=hashicorp" target="_blank" rel="nofollow noopener noreferrer">
<%= inline_svg "fastly.svg", height: 50 %>
</a>
<div class="col-md-12">
<h2>Welcome to the Vault community</h2>
<p><a href="/community.html">Community resources</a> are available to learn more about Vault and interact with the community.</p>
</div>
</div>
</section>

11
website/source/index.html.erb
View File

@ -15,9 +15,14 @@ description: |-
<%= inline_svg "logo-hashicorp.svg", height: 120, class: "logo" %>
<span id="tag-line">A Tool for Managing Secrets</span>
<div>
<a class="button primary started" href="/intro">Get Started</a>
<a class="button terminal" href="/#/demo/0" data-turbolinks="false">Launch Interactive Tutorial</a>
<div class="get-started-links">
<a class="button primary" href="/downloads.html">Download</a>
<a class="button started" href="/intro">Get Started</a>
<p>
<a class="uidemo" href="https://demo.vaultproject.io" target="_new">Vault Web UI demo</a>
<a class="terminal" href="/#/demo/0" target="_new" data-turbolinks="false">Command-line demo</a>
</p>
</div>
<div id="diagram"></div>

208
website/source/intro/getting-started/dev-server.html.md
View File

@ -15,104 +15,170 @@ piece of the Vault architecture that interacts with the data storage and
backends. All operations done via the Vault CLI interact with the server over a
TLS connection.
In this page, we'll start and interact with the Vault server to understand how
the server is started.
<nav class="tabs">
<ul>
<li>
<a href="#" class="is-active" data-tab-for="cli">
Command Line (CLI)
</a>
</li>
<li>
<a href="#" data-tab-for="ui">
Vault Web UI
</a>
</li>
</ul>
</nav>
## Starting the Dev Server
<div id="cli" class="tabs-content is-active">
First, we're going to start a Vault _dev server_. The dev server is a built-in,
pre-configured server that is not very secure but useful for playing with Vault
locally. Later in this guide we'll configure and start a real server.
First, we're going to start a Vault _dev server_. The dev server is a built-in,
pre-configured server that is not very secure but useful for playing with Vault
locally. Later in this guide we'll configure and start a real server.
To start the Vault dev server, run:
To start the Vault dev server, run:
```text
$ vault server -dev
==> Vault server configuration:
```text
$ vault server -dev
==> Vault server configuration:
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
Log Level: info
Mlock: supported: false, enabled: false
Redirect Address: http://127.0.0.1:8200
Storage: inmem
Version: Vault v1.2.3
Version Sha: ...
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
Log Level: info
Mlock: supported: false, enabled: false
Redirect Address: http://127.0.0.1:8200
Storage: inmem
Version: Vault v1.2.3
Version Sha: ...
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and initial root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
The unseal key and initial root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: 1aKM7rNnyW+7Jx1XDAXFswgkRVe+78JB28k/bel90jY=
Root Token: root
Unseal Key: 1aKM7rNnyW+7Jx1XDAXFswgkRVe+78JB28k/bel90jY=
Root Token: root
Development mode should NOT be used in production installations!
Development mode should NOT be used in production installations!
==> Vault server started! Log data will stream in below:
==> Vault server started! Log data will stream in below:
# ...
```
# ...
```
You should see output similar to that above. Vault does not fork, so it will
continue to run in the foreground. Open another shell or terminal tab to run the
remaining commands.
You should see output similar to that above. Vault does not fork, so it will
continue to run in the foreground. Open another shell or terminal tab to run the
remaining commands.
The dev server stores all its data in-memory (but still encrypted), listens on
`localhost` without TLS, and automatically unseals and shows you the unseal key
and root access key. **Do not run a dev server in production!**
The dev server stores all its data in-memory (but still encrypted), listens on
`localhost` without TLS, and automatically unseals and shows you the unseal key
and root access key. **Do not run a dev server in production!**
With the dev server running, do the following three things before anything else:
With the dev server running, do the following three things before anything else:
1. Launch a new terminal session.
1. Launch a new terminal session.
2. Copy and run the `export VAULT_ADDR ...` command from the terminal
output. This will configure the Vault client to talk to our dev server.
2. Copy and run the `export VAULT_ADDR ...` command from the terminal
output. This will configure the Vault client to talk to our dev server.
3. Save the unseal key somewhere. Don't worry about _how_ to save this
securely. For now, just save it anywhere.
3. Save the unseal key somewhere. Don't worry about _how_ to save this
securely. For now, just save it anywhere.
4. Do the same as step 3, but with the root token. We'll use this later.
4. Do the same as step 3, but with the root token. We'll use this later.
## Verify the Server is Running
As instructed, copy and execute `export VAULT_ADDR='http://127.0.0.1:8200'`.
## Verify the Server is Running
Verify the server is running by running the `vault status` command. This should
succeed and exit with exit code 0.
As instructed, copy and execute `export VAULT_ADDR='http://127.0.0.1:8200'`.
If it ran successfully, the output should look like the below:
Verify the server is running by running the `vault status` command. This should
succeed and exit with exit code 0.
```text
$ vault status
Key Value
--- -----
Sealed false
Total Shares 1
Version (version unknown)
Cluster Name vault-cluster-81109a1a
Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1
HA Enabled false
```
If it ran successfully, the output should look like the below:
If the output looks different, especially if the numbers are different or the
Vault is sealed, then restart the dev server and try again. The only reason
these would ever be different is if you're running a dev server from going
through this guide previously.
```text
$ vault status
Key Value
--- -----
Sealed false
Total Shares 1
Version (version unknown)
Cluster Name vault-cluster-81109a1a
Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1
HA Enabled false
```
We'll cover what this output means later in the guide.
If the output looks different, especially if the numbers are different or the
Vault is sealed, then restart the dev server and try again. The only reason
these would ever be different is if you're running a dev server from going
through this guide previously.
## Next
We'll cover what this output means later in the guide.
Congratulations! You've started your first Vault server. We haven't stored
any secrets yet, but we'll do that in the next section.
## Next
Next, we're going to
[read and write our first secrets](/intro/getting-started/first-secret.html).
</div>
Congratulations! You've started your first Vault server. We haven't stored
any secrets yet, but we'll do that in the next section.
<div id="ui" class="tabs-content">
We're going to start a Vault _server_ with the
<a href="/docs/configuration/builder.html">configuration file</a> that you
created.
Next, we're going to
[read and write our first secrets](/intro/getting-started/first-secret.html).
To start the Vault server, run:
```text
$ vault server -config=vault-config.hcl
==> Vault server configuration:
Cgo: disabled
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
Log Level: info
Mlock: supported: false, enabled: false
Storage: file
Version: Vault v0.1.2
Version Sha: ...
==> Vault server started! Log data will stream in below:
# ...
```
You should see output similar to that above. Vault does not fork, so it will
continue to run in the foreground.
## Verify the Server is Running
Verify the server is running by running the `vault status` command. This should
succeed and exit with exit code 0.
If it ran successfully, the output should look like the below:
```text
$ vault status
Key Value
--- -----
Sealed false
Total Shares 1
Version (version unknown)
Cluster Name vault-cluster-81109a1a
Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1
HA Enabled false
```
## Next
Congratulations! You've started your first Vault server. You can now view the
Vault Web UI (at <a href="http://localhost:4200/ui">http://localhost:4200/ui</a>
if you are running Vault locally) to guide you through the rest of getting set up.
</div>