Speling police

CHANGELOG.md

@@ -411,7 +411,7 @@ IMPROVEMENTS:
    provides a concatenated PEM bundle of returned values [GH-1008]
  * logical/pki: Add 30 seconds of slack to the validity start period to
    accommodate some clock skew in machines [GH-1036]
- * logical/postgres: Add `max_idle_connections` paramter [GH-950]
+ * logical/postgres: Add `max_idle_connections` parameter [GH-950]
  * logical/postgres: Add list support for roles path
  * logical/ssh: Add list support for roles path [GH-983]
  * logical/transit: Keys are archived and only keys between the latest version
@@ -644,7 +644,7 @@ ahead of time on the "vault-tool" mailing list.
    already switched to using "ttl" and others will follow in upcoming releases.
    In particular, the "token", "generic", and "pki" backends accept both "ttl"
    and "lease" but in 0.4 only "ttl" will be accepted. [GH-528]
- * **Downgrade Not Supported**: Due to enhancements in the storage subsytem,
+ * **Downgrade Not Supported**: Due to enhancements in the storage subsystem,
    values written by Vault 0.3+ will not be able to be read by prior versions
    of Vault. There are no expected upgrade issues, however, as with all
    critical infrastructure it is recommended to back up Vault's physical
@@ -887,7 +887,7 @@ IMPROVEMENTS:
   * core: Very verbose error if mlock fails [GH-59]
   * command/*: On error with TLS oversized record, show more human-friendly
     error message. [GH-123]
-  * command/read: `lease_renewable` is now outputed along with the secret to
+  * command/read: `lease_renewable` is now outputted along with the secret to
     show whether it is renewable or not
   * command/server: Add configuration option to disable mlock
   * command/server: Disable mlock for dev mode so it works on more systems

audit/audit.go

@@ -10,13 +10,13 @@ import (
 // sink information to different backends such as logs, file, databases,
 // or other external services.
 type Backend interface {
-	// LogRequest is used to syncronously log a request. This is done after the
+	// LogRequest is used to synchronously log a request. This is done after the
 	// request is authorized but before the request is executed. The arguments
 	// MUST not be modified in anyway. They should be deep copied if this is
 	// a possibility.
 	LogRequest(*logical.Auth, *logical.Request, error) error
 
-	// LogResponse is used to syncronously log a response. This is done after
+	// LogResponse is used to synchronously log a response. This is done after
 	// the request is processed but before the response is sent. The arguments
 	// MUST not be modified in anyway. They should be deep copied if this is
 	// a possibility.

builtin/credential/userpass/path_users.go

@@ -195,7 +195,7 @@ func (b *backend) pathUserWrite(
 
 type UserEntry struct {
 	// Password is deprecated in Vault 0.2 in favor of
-	// PasswordHash, but is retained for backwards compatibilty.
+	// PasswordHash, but is retained for backwards compatibility.
 	Password string
 
 	// PasswordHash is a bcrypt hash of the password. This is

builtin/logical/ssh/communicator.go

@@ -72,7 +72,7 @@ func (c *comm) Upload(path string, input io.Reader, fi *os.FileInfo) error {
 	target_dir := filepath.Dir(path)
 	target_file := filepath.Base(path)
 
-	// On windows, filepath.Dir uses backslash seperators (ie. "\tmp").
+	// On windows, filepath.Dir uses backslash separators (ie. "\tmp").
 	// This does not work when the target host is unix.  Switch to forward slash
 	// which works for unix and windows
 	target_dir = filepath.ToSlash(target_dir)

command/ssh.go

@@ -83,7 +83,7 @@ func (c *SSHCommand) Run(args []string) int {
 	}
 
 	// Resolving domain names to IP address on the client side.
-	// Vault only deals with IP addressess.
+	// Vault only deals with IP addresses.
 	ip, err := net.ResolveIPAddr("ip", ipAddr)
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf("Error resolving IP Address: %s", err))
@@ -187,7 +187,7 @@ func (c *SSHCommand) Run(args []string) int {
 	// If the session established was longer than the lease expiry, the secret
 	// might have been revoked already. If not, then revoke it. Since the key
 	// file is deleted and since user doesn't know the credential anymore, there
-	// is not point in Vault maintaining this secret anymore. Everytime the command
+	// is not point in Vault maintaining this secret anymore. Every time the command
 	// is run, a fresh credential is generated anyways.
 	err = client.Sys().Revoke(keySecret.LeaseID)
 	if err != nil {

helper/kdf/kdf.go

@@ -11,7 +11,7 @@ import (
 	"fmt"
 )
 
-// PRF is a psuedo-random function that takes a key or seed,
+// PRF is a pseudo-random function that takes a key or seed,
 // as well as additional binary data and generates output that is
 // indistinguishable from random. Examples are cryptographic hash
 // functions or block ciphers.
@@ -19,7 +19,7 @@ type PRF func([]byte, []byte) ([]byte, error)
 
 // CounterMode implements the counter mode KDF that uses a psuedo-random-function (PRF)
 // along with a counter to generate derived keys. The KDF takes a base key
-// a derivation context, and the requried number of output bits.
+// a derivation context, and the required number of output bits.
 func CounterMode(prf PRF, prfLen uint32, key []byte, context []byte, bits uint32) ([]byte, error) {
 	// Ensure the PRF is byte aligned
 	if prfLen%8 != 0 {

logical/framework/path.go

@@ -46,7 +46,7 @@ type Path struct {
 	// priority.
 	//
 	// Note that only named capture fields are available in every operation,
-	// whereas all fields are avaiable in the Write operation.
+	// whereas all fields are available in the Write operation.
 	Fields map[string]*FieldSchema
 
 	// Callbacks are the set of callbacks that are called for a given

logical/framework/wal.go

@@ -76,7 +76,7 @@ func GetWAL(s logical.Storage, id string) (*WALEntry, error) {
 	return &raw, nil
 }
 
-// DeleteWAL commits the WAL entry with the given ID. Once comitted,
+// DeleteWAL commits the WAL entry with the given ID. Once committed,
 // it is assumed that the operation was a success and doesn't need to
 // be rolled back.
 func DeleteWAL(s logical.Storage, id string) error {

logical/testing/testing.go

@@ -71,7 +71,7 @@ type TestStep struct {
 	Check TestCheckFunc
 
 	// PreFlight is called directly before execution of the request, allowing
-	// modification of the request paramters (e.g. Path) with dynamic values.
+	// modification of the request parameters (e.g. Path) with dynamic values.
 	PreFlight PreFlightFunc
 
 	// ErrorOk, if true, will let erroneous responses through to the check

meta/meta.go

@@ -165,7 +165,7 @@ func (m *Meta) FlagSet(n string, fs FlagSetFlags) *flag.FlagSet {
 	return f
 }
 
-// GeneralOptionsUsage returns the usage documenation for commonly
+// GeneralOptionsUsage returns the usage documentation for commonly
 // available options
 func GeneralOptionsUsage() string {
 	general := `

physical/dynamodb.go

@@ -25,17 +25,17 @@ import (
 
 const (
 	// DefaultDynamoDBRegion is used when no region is configured
-	// explicitely.
+	// explicitly.
 	DefaultDynamoDBRegion = "us-east-1"
 	// DefaultDynamoDBTableName is used when no table name
-	// is configured explicitely.
+	// is configured explicitly.
 	DefaultDynamoDBTableName = "vault-dynamodb-backend"
 
 	// DefaultDynamoDBReadCapacity is the default read capacity
-	// that is used when none is configured explicitely.
+	// that is used when none is configured explicitly.
 	DefaultDynamoDBReadCapacity = 5
 	// DefaultDynamoDBWriteCapacity is the default write capacity
-	// that is used when none is configured explicitely.
+	// that is used when none is configured explicitly.
 	DefaultDynamoDBWriteCapacity = 5
 
 	// DynamoDBEmptyPath is the string that is used instead of

physical/etcd.go

@@ -37,7 +37,7 @@ const (
 	// The amount of time to wait between the semaphore key renewals
 	EtcdLockRenewInterval = 5 * time.Second
 
-	// The ammount of time to wait if a watch fails before trying again.
+	// The amount of time to wait if a watch fails before trying again.
 	EtcdWatchRetryInterval = time.Second
 
 	// The number of times to re-try a failed watch before signaling that leadership is lost.
@@ -316,7 +316,7 @@ type EtcdLock struct {
 	lock                                 sync.Mutex
 }
 
-// addSemaphoreKey aquires a new ordered semaphore key.
+// addSemaphoreKey acquires a new ordered semaphore key.
 func (c *EtcdLock) addSemaphoreKey() (string, uint64, error) {
 	// CreateInOrder is an atomic operation that can be used to enqueue a
 	// request onto a semaphore. In the rest of the comments, we refer to the
@@ -345,7 +345,7 @@ func (c *EtcdLock) renewSemaphoreKey() (string, uint64, error) {
 	return response.Node.Key, response.Index, nil
 }
 
-// getSemaphoreKey determines which semaphore key holder has aquired the lock
+// getSemaphoreKey determines which semaphore key holder has acquired the lock
 // and its value.
 func (c *EtcdLock) getSemaphoreKey() (string, string, uint64, error) {
 	// Get the list of waiters in order to see if we are next.
@@ -465,9 +465,9 @@ func (c *EtcdLock) watchForKeyRemoval(key string, etcdIndex uint64, closeCh chan
 	close(closeCh)
 }
 
-// Lock attempts to aquire the lock by waiting for a new semaphore key in etcd
+// Lock attempts to acquire the lock by waiting for a new semaphore key in etcd
 // to become the first in the queue and will block until it is successful or
-// it recieves a signal on the provided channel. The returned channel will be
+// it receives a signal on the provided channel. The returned channel will be
 // closed when the lock is lost, either by an explicit call to Unlock or by
 // the associated semaphore key in etcd otherwise being deleted or expiring.
 //
@@ -526,7 +526,7 @@ func (c *EtcdLock) Lock(stopCh <-chan struct{}) (doneCh <-chan struct{}, retErr
 
 			// If the error is not an etcd error, we can assume it's a notification
 			// of the stop channel having closed. In this scenario, we also want to
-			// remove our semaphore key as we are no longer waiting to aquire the
+			// remove our semaphore key as we are no longer waiting to acquire the
 			// lock.
 			if _, ok := err.(*client.Error); !ok {
 				delOpts := &client.DeleteOptions{

physical/physical.go

@@ -31,7 +31,7 @@ type Backend interface {
 	List(prefix string) ([]string, error)
 }
 
-// HABackend is an extentions to the standard physical
+// HABackend is an extensions to the standard physical
 // backend to support high-availability. Vault only expects to
 // use mutual exclusion to allow multiple instances to act as a
 // hot standby for a leader that services all requests.

vault/acl.go

@@ -168,7 +168,7 @@ CHECK:
 	case logical.CreateOperation:
 		allowed = capabilities&CreateCapabilityInt > 0
 
-	// These three re-use UpdateCapabilityInt since that's the most appropraite capability/operation mapping
+	// These three re-use UpdateCapabilityInt since that's the most appropriate capability/operation mapping
 	case logical.RevokeOperation, logical.RenewOperation, logical.RollbackOperation:
 		allowed = capabilities&UpdateCapabilityInt > 0
 

vault/barrier_aes_gcm.go

@@ -281,7 +281,7 @@ func (b *AESGCMBarrier) ReloadMasterKey() error {
 		return fmt.Errorf("failed to read master key path: %v", err)
 	}
 
-	// The masterKeyPath could be missing (backwards incompatable),
+	// The masterKeyPath could be missing (backwards incompatible),
 	// we can ignore this and attempt to make progress with the current
 	// master key.
 	if out == nil {
@@ -377,7 +377,7 @@ func (b *AESGCMBarrier) Unseal(key []byte) error {
 		return fmt.Errorf("failed to unmarshal barrier init file")
 	}
 
-	// Setup a new keyring, this is for backwards compatability
+	// Setup a new keyring, this is for backwards compatibility
 	keyring := NewKeyring()
 	keyring = keyring.SetMasterKey(key)
 	keyring, err = keyring.AddKey(&Key{

vault/init.go

@@ -89,14 +89,14 @@ func (c *Core) Initialize(barrierConfig, recoveryConfig *SealConfig) (*InitResul
 			return nil, fmt.Errorf("recovery configuration must specify a positive number of shares")
 		}
 
-		// Check if the seal configuraiton is valid
+		// Check if the seal configuration is valid
 		if err := recoveryConfig.Validate(); err != nil {
 			c.logger.Printf("[ERR] core: invalid recovery configuration: %v", err)
 			return nil, fmt.Errorf("invalid recovery configuration: %v", err)
 		}
 	}
 
-	// Check if the seal configuraiton is valid
+	// Check if the seal configuration is valid
 	if err := barrierConfig.Validate(); err != nil {
 		c.logger.Printf("[ERR] core: invalid seal configuration: %v", err)
 		return nil, fmt.Errorf("invalid seal configuration: %v", err)

vault/rekey.go

@@ -136,7 +136,7 @@ func (c *Core) BarrierRekeyInit(config *SealConfig) error {
 		}
 	}
 
-	// Check if the seal configuraiton is valid
+	// Check if the seal configuration is valid
 	if err := config.Validate(); err != nil {
 		c.logger.Printf("[ERR] core: invalid rekey seal configuration: %v", err)
 		return fmt.Errorf("invalid rekey seal configuration: %v", err)
@@ -181,7 +181,7 @@ func (c *Core) RecoveryRekeyInit(config *SealConfig) error {
 		return fmt.Errorf("stored shares not supported by recovery key")
 	}
 
-	// Check if the seal configuraiton is valid
+	// Check if the seal configuration is valid
 	if err := config.Validate(); err != nil {
 		c.logger.Printf("[ERR] core: invalid recovery configuration: %v", err)
 		return fmt.Errorf("invalid recovery configuration: %v", err)

vault/router.go

@@ -37,7 +37,7 @@ type routeEntry struct {
 	loginPaths  *radix.Tree
 }
 
-// SaltID is used to apply a salt and hash to an ID to make sure its not reversable
+// SaltID is used to apply a salt and hash to an ID to make sure its not reversible
 func (re *routeEntry) SaltID(id string) string {
 	return salt.SaltID(re.mountEntry.UUID, id, salt.SHA1Hash)
 }

vault/token_store.go

@@ -446,7 +446,7 @@ func (ts *TokenStore) SetExpirationManager(exp *ExpirationManager) {
 	ts.expiration = exp
 }
 
-// SaltID is used to apply a salt and hash to an ID to make sure its not reversable
+// SaltID is used to apply a salt and hash to an ID to make sure its not reversible
 func (ts *TokenStore) SaltID(id string) string {
 	return ts.salt.SaltID(id)
 }

website/source/assets/javascripts/demo/views/demo.js

@@ -11,7 +11,7 @@ Demo.DemoView = Ember.View.extend({
 
     var element = this.$();
 
-    // Record scoll position
+    // Record scroll position
     var x = element.scrollX, y = element.scrollY;
     // Focus
     element.find('input.shell')[0].focus();

website/source/docs/internals/rotation.html.md

@@ -22,7 +22,7 @@ data written to the storage backend.
 ![Keys](/assets/images/keys.png)
 
 To support key rotation, we need to support changing the unseal keys, master key, and the
-backend encryption key. We split this into two seperate operations, `rekey` and `rotate`.
+backend encryption key. We split this into two separate operations, `rekey` and `rotate`.
 
 The `rekey` operation is used to generate a new master key. When this is being done,
 it is possible to change the parameters of the key splitting, so that the number of shares

website/source/docs/secrets/ssh/index.html.md

@@ -105,7 +105,7 @@ username@ip:~$
 ### Automate it!
 
 A single CLI command can be used to create a new OTP and invoke SSH with the
-correct paramters to connect to the host.
+correct parameters to connect to the host.
 
 ```text
 $ vault ssh -role otp_key_role username@x.x.x.x