luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Anchor Link Fixes (#8572) 

* update anchor link algorithm
* update deps
* update content component
* fix a lot of broken links
This commit is contained in:
Jeff Escalante 2020-03-31 15:21:16 -04:00 committed by GitHub
parent 236eb7e19f
commit 8af56bd620
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 1909 additions and 1267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/.npm-upgrade.json
View File

@ -1,8 +1,8 @@
{
"ignore": {
"marked": {
"versions": "0.8.0",
"reason": "breaks IE"
"versions": "0.8.2",
"reason": "IE Broken"
}
}
}

6
website/components/before-after-diagram/style.css
View File

@ -39,7 +39,7 @@
}
& li:before {
background: url('/img/icons/alert-triangle.svg');
background: url('./img/alert-triangle.svg');
height: 20px;
margin-top: 3px;
width: 20px;
@ -47,7 +47,7 @@
}
& .after li:before {
background: url('/img/icons/check-circle.svg');
background: url('./img/check-circle.svg');
height: 18px;
margin-top: 4px;
width: 18px;
@ -299,7 +299,7 @@
&.vault {
& .after {
& li:before {
background: url('/img/icons/check-circle-blue.svg');
background: url('./img/check-circle-blue.svg');
height: 19px;
}
}

1
website/components/subnav/index.jsx
View File

@ -24,6 +24,7 @@ export default function ProductSubnav() {
currentPath={router.pathname}
menuItems={menuItems}
menuItemsAlign="right"
constrainWidth
/>
)
}

2861
website/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

22
website/package.json
View File

@ -6,12 +6,12 @@
"dependencies": {
"@bugsnag/js": "^6.5.2",
"@bugsnag/plugin-react": "^6.5.0",
"@hashicorp/nextjs-scripts": "^6.0.0-2",
"@hashicorp/nextjs-scripts": "^6.2.0-9",
"@hashicorp/react-button": "^2.1.6",
"@hashicorp/react-case-study-slider": "^2.0.7",
"@hashicorp/react-case-study-slider": "^2.0.10",
"@hashicorp/react-consent-manager": "^2.0.6",
"@hashicorp/react-content": "^2.2.0",
"@hashicorp/react-docs-sidenav": "^3.0.3",
"@hashicorp/react-content": "^3.0.0-0",
"@hashicorp/react-docs-sidenav": "^3.0.4",
"@hashicorp/react-docs-sitemap": "^1.0.0",
"@hashicorp/react-footer": "3.1.11",
"@hashicorp/react-global-styles": "^4.0.10",
@ -20,9 +20,9 @@
"@hashicorp/react-image": "^2.0.1",
"@hashicorp/react-inline-svg": "^1.0.0",
"@hashicorp/react-mega-nav": "^4.0.1-2",
"@hashicorp/react-product-downloader": "^3.0.2",
"@hashicorp/react-product-downloader": "^3.0.3",
"@hashicorp/react-section-header": "^2.0.0",
"@hashicorp/react-subnav": "^2.2.0",
"@hashicorp/react-subnav": "^3.0.0",
"@hashicorp/react-text-and-content": "^4.0.6",
"@hashicorp/react-use-cases": "^1.0.4",
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
@ -33,19 +33,19 @@
"imagemin-svgo": "^7.1.0",
"isomorphic-unfetch": "^3.0.0",
"marked": "^0.7.0",
"next": "^9.3.0",
"next": "^9.3.3",
"nprogress": "^0.2.0",
"react": "^16.13.0",
"react-dom": "^16.13.0",
"react": "^16.13.1",
"react-dom": "^16.13.1",
"slugify": "^1.4.0",
"stringify-object": "^3.3.0"
},
"devDependencies": {
"dart-linkcheck": "^2.0.12",
"dart-linkcheck": "^2.0.15",
"glob": "^7.1.6",
"husky": "^4.2.3",
"inquirer": "^7.1.0",
"prettier": "^1.19.1"
"prettier": "^2.0.2"
},
"husky": {
"hooks": {

4
website/pages/api-docs/secret/azure/index.mdx
View File

@ -30,9 +30,9 @@ service principals. Environment variables will override any parameters set in th
- `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory.
This value can also be provided with the AZURE_TENANT_ID environment variable.
- `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided
with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
- `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be
provided with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
provided with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
- `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT
environment variable. If not specified, Vault will use Azure Public Cloud.

5
website/pages/api-docs/secret/gcp/index.mdx
View File

@ -26,7 +26,7 @@ This endpoint configures shared information for the secrets engine.
### Parameters
- `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
See docs for [alternative ways](/docs/secrets/gcp#passing-credentials-to-vault)
See docs for [alternative ways](/docs/secrets/gcp#setup)
to pass in to this parameter, as well as the
[required permissions](/docs/secrets/gcp#required-permissions).
@ -73,7 +73,6 @@ account keys.
| :----- | :------------------------ |
| `POST` | `/gcp/config/rotate-root` |
### Sample Request
```
@ -117,7 +116,7 @@ $ curl \
| :----- | :------------------- |
| `POST` | `/gcp/roleset/:name` |
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#rolesets) for the GCP secrets backend
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#roleset-bindings) for the GCP secrets backend
to learn more about what happens when you create or update a roleset.
**If you update a roleset's bindings, this will effectively revoke any secrets

12
website/pages/api-docs/secret/identity/index.mdx
View File

@ -13,9 +13,9 @@ see the [Vault Identity documentation](/docs/secrets/identity).
## API Sections
- [Entity](entity)
- [Entity Alias](entity-alias)
- [Group](group)
- [Group Alias](group-alias)
- [Identity Tokens](tokens)
- [Lookup](lookup)
- [Entity](/api-docs/secret/identity/entity)
- [Entity Alias](/api-docs/secret/identity/entity-alias)
- [Group](/api-docs/secret/identity/group)
- [Group Alias](/api-docs/secret/identity/group-alias)
- [Identity Tokens](/api-docs/secret/identity/tokens)
- [Lookup](/api-docs/secret/identity/lookup)

2
website/pages/api-docs/secret/pki/index.mdx
View File

@ -32,7 +32,7 @@ update your API calls accordingly.
- [Set Signed Intermediate](#set-signed-intermediate)
- [Generate Certificate](#generate-certificate)
- [Revoke Certificate](#revoke-certificate)
- [Create/Update Role](#createupdate-role)
- [Create/Update Role](#create-update-role)
- [Read Role](#read-role)
- [List Roles](#list-roles)
- [Delete Role](#delete-role)

2
website/pages/docs/auth/azure.mdx
View File

@ -36,7 +36,7 @@ If Vault is hosted on Azure, Vault can use MSI to access Azure instead of a shar
The next sections review how the authN/Z workflows work. If you
have already reviewed these sections, here are some quick links to:
- [Usage](#usage)
- [Usage](/docs/secrets/azure/#usage)
- [API documentation](/api/auth/azure) docs.
## Authentication

2
website/pages/docs/auth/gcp.mdx
View File

@ -87,7 +87,7 @@ management tool.
If you are using instance credentials or want to specify credentials via
an environment variable, you can skip this step. To learn more, see the
[Google Cloud Authentication](#google-cloud-authentication) section below.
[Google Cloud Authentication](#authentication) section below.
1. Create a named role:

2
website/pages/docs/auth/jwt.mdx
View File

@ -69,7 +69,7 @@ To limit authorization to a set of email addresses:
}
```
Bound claims can optionally be configured with globs. See the [API documentation](/auth/jwt/#bound_claims_type) for more details.
Bound claims can optionally be configured with globs. See the [API documentation](/api-docs/auth/jwt/#bound_claims_type) for more details.
### Claims as Metadata

2
website/pages/docs/auth/kerberos.mdx
View File

@ -120,7 +120,7 @@ for further discussion of available parameters.
who successfully authenticate based on their LDAP group membership.
Since this is identical to the LDAP auth method, see
[Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-gt-policy-mapping)
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-policy-mapping)
for further discussion.
```text

4
website/pages/docs/auth/oci.mdx
View File

@ -107,13 +107,13 @@ You will see a response that includes a token with the previously added policy.
- [Add an API Key](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm) for a user in the console. This user should be part of a group that has previously been added to the Vault admin role.
- Create the config file `~/.oci/config` using the user's credentials as detailed in [https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm](https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm).
Ensure that the region in the config matches the region of the compute instance that is running Vault.
Ensure that the region in the config matches the region of the compute instance that is running Vault.
- Log into Vault using the user API key.
`vault login -method=oci auth_type=apikey role=vaultadminrole`
1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
1. Repeat all steps in this [Configure the OCI Auth Method](#OnboardingtoOCIAuthMethod-ConfiguretheOCIAuthMethod) section while in the production environment.
1. Repeat all steps in this [Configure the OCI Auth Method](#configure-the-oci-auth-method) section while in the production environment.
### Manage Roles in the OCI Auth method

2
website/pages/docs/commands/index.mdx
View File

@ -13,7 +13,7 @@ description: |-
~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause
confusion while using older versions of Vault with this documentation. Read our
[upgrade guide](/guides/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
[upgrade guide](/docs/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
In addition to a verbose [HTTP API](/api), Vault features a
command-line interface that wraps common functionality and formats output. The

4
website/pages/docs/commands/operator/migrate.mdx
View File

@ -72,7 +72,7 @@ storage_destination "consul" {
The below configuration will migrate away from Consul storage to integrated
raft storage. The raft data will be stored on the local filesystem in the
defined `path`. `node_id` can optionally be set to identify this node.
[cluster_addr](/docs/configuration/#inlinecode-cluster_addr) must be set to the
[cluster_addr](/docs/configuration/#cluster_addr) must be set to the
cluster hostname of this node. For more configuration options see the [raft
storage configuration documentation](/docs/configuration/storage/raft).
@ -108,7 +108,7 @@ After migration has completed, the data is stored on the local file system. To
use the new storage backend with Vault, update Vault's configuration file as
described in the [raft storage configuration
documentation](/docs/configuration/storage/raft). Then start and unseal the
vault server.
vault server.
### Join additional nodes

6
website/pages/docs/configuration/entropy-augmentation/index.mdx
View File

@ -9,7 +9,7 @@ description: >-
# `Entropy Augmentation` Seal
Entropy augmentation enables Vault to sample entropy from external cryptographic modules.
Entropy augmentation enables Vault to sample entropy from external cryptographic modules.
Sourcing external entropy is done by configuring a supported [Seal](/docs/configuration/seal) type which
include: [PKCS11 seal](/docs/configuration/seal/pkcs11), [AWS KMS](/docs/configuration/seal/awskms), and
[Vault Transit](/docs/configuration/seal/transit).
@ -22,6 +22,7 @@ A valid Vault Enterprise license is required for Entropy Augmentation
Additionally, the following software packages and enterprise modules are required for sourcing entropy
via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
- Governance and Policy module
- PKCS#11 compatible HSM integration library. Vault targets version 2.2 or
higher of PKCS#11. Depending on any given HSM, some functions (such as key
@ -29,7 +30,6 @@ via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
- The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl)
— ensure that it is installed for the correct architecture of your servers
## `entropy` Example
This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration
@ -54,4 +54,4 @@ These parameters apply to the `entropy` stanza in the Vault configuration file:
- `mode` `(string: <required>)`: The mode determines which Vault operations requiring
entropy will sample entropy from the external source. Currently, the only mode supported
is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](</docs/enterprise/entropy-augmentation/index#Critical-Security-Parameters-(CSPs)>).
is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](/docs/enterprise/entropy-augmentation#critical-security-parameters-csps).

29
website/pages/docs/configuration/telemetry.mdx
View File

@ -145,27 +145,27 @@ These `telemetry` parameters apply to
[prometheus](https://prometheus.io).
- `prometheus_retention_time` `(string: "24h")` - Specifies the amount of time that
Prometheus metrics are retained in memory.
- `disable_hostname` `(bool: false)` - It is recommended to also enable the option
`disable_hostname` to avoid having prefixed metrics with hostname.
Prometheus metrics are retained in memory.
- `disable_hostname` `(bool: false)` - It is recommended to also enable the option
`disable_hostname` to avoid having prefixed metrics with hostname.
The `/v1/sys/metrics` endpoint is only accessible on active nodes
and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics`
endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp].
Vault does not use the default Prometheus path, so Prometheus must be configured
with the path below.
Note that using `?format=prometheus` in the path won't work as "?" will be
escaped, so it must be specified as a parameter.
Vault does not use the default Prometheus path, so Prometheus must be configured
with the path below.
Note that using `?format=prometheus` in the path won't work as "?" will be
escaped, so it must be specified as a parameter.
A Vault token is required with `capabilities = ["read", "list"]` to
/v1/sys/metrics. The Prometheus `bearer_token` or `bearer_token_file` options
must be added to the scrape job.
A Vault token is required with `capabilities = ["read", "list"]` to
/v1/sys/metrics. The Prometheus `bearer_token` or `bearer_token_file` options
must be added to the scrape job.
An example job_name stanza required in the [Prometheus config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) is provided below.
An example job_name stanza required in the [Prometheus config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) is provided below.
```
# prometheus.yml
# prometheus.yml
scrape_configs:
- job_name: 'vault'
metrics_path: "/v1/sys/metrics"
@ -179,7 +179,7 @@ scrape_configs:
- targets: ['your_vault_server_here:8200']
```
An example telemetry configuration to be added to Vault's configuration file is shown below:
An example telemetry configuration to be added to Vault's configuration file is shown below:
```hcl
telemetry {
@ -228,5 +228,4 @@ telemetry {
}
```
[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry
[telemetry-tcp]: /docs/configuration/listener/tcp/#telemetry-parameters

2
website/pages/docs/enterprise/mfa/index.mdx
View File

@ -70,7 +70,7 @@ referenced from ACL and Sentinel policies in any namespace via the method name
and can be tied to a mount accessor in any namespace.
When using [Sentinel
EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps-),
EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps),
any MFA configuration specified must be satisfied by all requests affected by
the policy, which can be difficult if the configured paths spread across
namespaces. One way to address this is to use a policy similar to the

148
website/pages/docs/internals/integrated-storage.mdx
View File

@ -14,12 +14,12 @@ robust backup and restoration process.
As of Vault 1.4 an integrated storage option is offered. This storage backend
does not rely on any third party systems, it implements high availability,
supports Enterprise Replication features, and provides backup/restore workflows.
supports Enterprise Replication features, and provides backup/restore workflows.
## Consensus Protocol
Vault's integrated storage uses a [consensus
protocol](https://en.wikipedia.org/wiki/Consensus_(computer_science)) to provide
protocol](<https://en.wikipedia.org/wiki/Consensus_(computer_science)>) to provide
[Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem).
The consensus protocol is based on ["Raft: In search of an Understandable
Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation
@ -34,35 +34,35 @@ understandable algorithm.
There are a few key terms to know when discussing Raft:
* Log - The primary unit of work in a Raft system is a log entry. The problem
of consistency can be decomposed into a *replicated log*. A log is an ordered
sequence of entries. Entries includes any cluster change: adding nodes, adding
services, new key-value pairs, etc. We consider the log consistent if all
members agree on the entries and their order.
- Log - The primary unit of work in a Raft system is a log entry. The problem
of consistency can be decomposed into a _replicated log_. A log is an ordered
sequence of entries. Entries includes any cluster change: adding nodes, adding
services, new key-value pairs, etc. We consider the log consistent if all
members agree on the entries and their order.
* FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
An FSM is a collection of finite states with transitions between them. As new logs
are applied, the FSM is allowed to transition between states. Application of the
same sequence of logs must result in the same state, meaning behavior must be deterministic.
- FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
An FSM is a collection of finite states with transitions between them. As new logs
are applied, the FSM is allowed to transition between states. Application of the
same sequence of logs must result in the same state, meaning behavior must be deterministic.
* Peer set - The peer set is the set of all members participating in log replication.
For Vault's purposes, all server nodes are in the peer set of the local cluster.
- Peer set - The peer set is the set of all members participating in log replication.
For Vault's purposes, all server nodes are in the peer set of the local cluster.
* Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
quorum requires at least `(n+1)/2` members. For example, if there are 5 members
in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
unavailable for any reason, the cluster becomes *unavailable* and no new logs
can be committed.
- Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
quorum requires at least `(n+1)/2` members. For example, if there are 5 members
in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
unavailable for any reason, the cluster becomes _unavailable_ and no new logs
can be committed.
* Committed Entry - An entry is considered *committed* when it is durably stored
on a quorum of nodes. Once an entry is committed it can be applied.
- Committed Entry - An entry is considered _committed_ when it is durably stored
on a quorum of nodes. Once an entry is committed it can be applied.
* Leader - At any given time, the peer set elects a single node to be the leader.
The leader is responsible for ingesting new log entries, replicating to followers,
and managing when an entry is considered committed. For Vault's purposes, the
leader node is also the Active vault node and followers are standby nodes. See
the [High Avaibility docs](/docs/internals/high-availability/#design-overview)
for more information.
- Leader - At any given time, the peer set elects a single node to be the leader.
The leader is responsible for ingesting new log entries, replicating to followers,
and managing when an entry is considered committed. For Vault's purposes, the
leader node is also the Active vault node and followers are standby nodes. See
the [High Avaibility docs](/docs/internals/high-availability/#design-overview)
for more information.
Raft is a complex protocol and will not be covered here in detail (for those who
desire a more comprehensive treatment, the full specification is available in this
@ -80,7 +80,7 @@ Once a cluster has a leader, it is able to accept new log entries. A client can
request that a leader append a new log entry (from Raft's perspective, a log entry
is an opaque binary blob). The leader then writes the entry to durable storage and
attempts to replicate to a quorum of followers. Once the log entry is considered
*committed*, it can be *applied* to a finite state machine. The finite state machine
_committed_, it can be _applied_ to a finite state machine. The finite state machine
is application specific; in Vault's case, we use
[BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes
block until it is both _committed_ and _applied_.
@ -102,18 +102,18 @@ about peer membership. For example, suppose there are only 2 peers: A and B. The
size is also 2, meaning both nodes must agree to commit a log entry. If either A or B
fails, it is now impossible to reach quorum. This means the cluster is unable to add
or remove a node or to commit any additional log entries. This results in
*unavailability*. At this point, manual intervention would be required to remove
_unavailability_. At this point, manual intervention would be required to remove
either A or B and to restart the remaining node in bootstrap mode.
A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
of 5 can tolerate 2 node failures. The recommended configuration is to either
run 3 or 5 Vault servers per cluster. This maximizes availability without
greatly sacrificing performance. The [deployment table](#deployment_table) below
greatly sacrificing performance. The [deployment table](#deployment-table) below
summarizes the potential cluster size options and the fault tolerance of each.
In terms of performance, Raft is comparable to Paxos. Assuming stable leadership,
committing a log entry requires a single round trip to half of the cluster.
Thus, performance is bound by disk I/O and network latency.
Thus, performance is bound by disk I/O and network latency.
### Raft in Vault
@ -121,7 +121,7 @@ When getting started, a single Vault server is
[initialized](/docs/commands/operator/init/#operator-init). At this point the
cluster is of size 1 which allows the node to self-elect as a leader. Once a
leader is elected, other servers can be added to the peer set in a way that
preserves consistency and safety.
preserves consistency and safety.
The join process is how new nodes are added to the vault cluster, it uses an
encrypted challenge/answer workflow. To accomplish this, all nodes in a single
@ -129,7 +129,7 @@ raft cluster must share the same seal configuration. If using an Auto Unseal the
join process can use the configured seal to automatically decrypt the challenge
and respond with the answer. If using a Shamir seal the unseal keys must be
provided to the node attempting to join the cluster before it can decrypt the
challenge and respond with the decrypted answer.
challenge and respond with the decrypted answer.
Since all servers participate as part of the peer set, they all know the current
leader. When an API request arrives at a non-leader server, the request is
@ -146,44 +146,48 @@ server deployment is _**highly**_ discouraged as data loss is inevitable in a
failure scenario.
<table class="table table-bordered table-striped">
<tr>
<th>Servers</th>
<th>Quorum Size</th>
<th>Failure Tolerance</th>
</tr>
<tr>
<td>1</td>
<td>1</td>
<td>0</td>
</tr>
<tr>
<td>2</td>
<td>2</td>
<td>0</td>
</tr>
<tr class="warning">
<td>3</td>
<td>2</td>
<td>1</td>
</tr>
<tr>
<td>4</td>
<td>3</td>
<td>1</td>
</tr>
<tr class="warning">
<td>5</td>
<td>3</td>
<td>2</td>
</tr>
<tr>
<td>6</td>
<td>4</td>
<td>2</td>
</tr>
<tr>
<td>7</td>
<td>4</td>
<td>3</td>
</tr>
<thead>
<tr>
<th>Servers</th>
<th>Quorum Size</th>
<th>Failure Tolerance</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>1</td>
<td>0</td>
</tr>
<tr>
<td>2</td>
<td>2</td>
<td>0</td>
</tr>
<tr class="warning">
<td>3</td>
<td>2</td>
<td>1</td>
</tr>
<tr>
<td>4</td>
<td>3</td>
<td>1</td>
</tr>
<tr class="warning">
<td>5</td>
<td>3</td>
<td>2</td>
</tr>
<tr>
<td>6</td>
<td>4</td>
<td>2</td>
</tr>
<tr>
<td>7</td>
<td>4</td>
<td>3</td>
</tr>
</tbody>
</table>

2
website/pages/docs/platform/aws-mp/index.mdx
View File

@ -22,4 +22,4 @@ The AWS Marketplace listings can be found below.
The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies.
The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run#Architecture) section of this documentation.
The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run/#architecture) section of this documentation.

8
website/pages/docs/platform/k8s/helm/run.mdx
View File

@ -172,7 +172,7 @@ guide demonstrates using an external Vault within a Kubernetes cluster.
The Vault UI is enabled but NOT exposed as service for security reasons. The
Vault UI can also be exposed via port-forwarding or through a [`ui`
configuration value](/docs/platform/k8s/helm#v-ui).
configuration value](/docs/platform/k8s/helm/configuration/#ui).
Expose the Vault UI with port-forwarding:
@ -518,14 +518,14 @@ _End-to-End TLS._ Vault should always be used with TLS in production. If
intermediate load balancers or reverse proxies are used to front Vault,
they should not terminate TLS. This way traffic is always encrypted in transit
to Vault and minimizes risks introduced by intermediate layers. See the
[official documentation](/docs/platform/k8s/helm#standalone-server-with-tls)
[official documentation](/docs/platform/k8s/helm/examples/standalone-tls/)
for example on configuring Vault Helm to use TLS.
_Single Tenancy._ Vault should be the only main process running on a machine.
This reduces the risk that another process running on the same machine is
compromised and can interact with Vault. This can be accomplished by using Vault
Helm's `affinity` configurable. See the
[official documentation](/docs/platform/k8s/helm#highly-available-vault-cluster-with-consul)
[official documentation](/docs/platform/k8s/helm/examples/ha-with-consul/)
for example on configuring Vault Helm to use affinity rules.
_Enable Auditing._ Vault supports several auditing backends. Enabling auditing
@ -534,7 +534,7 @@ trail in the case of misuse or compromise. Audit logs securely hash any sensitiv
data, but access should still be restricted to prevent any unintended disclosures.
Vault Helm includes a configurable `auditStorage` option that provisions a persistent
volume to store audit logs. See the
[official documentation](/docs/platform/k8s/helm#standalone-server-with-audit-storage)
[official documentation](/docs/platform/k8s/helm/examples/standalone-audit/)
for an example on configuring Vault Helm to use auditing.
_Immutable Upgrades._ Vault relies on an external storage backend for persistence,

2
website/pages/docs/secrets/azure/index.mdx
View File

@ -257,5 +257,5 @@ The Azure secrets engine has a full HTTP API. Please see the [Azure secrets engi
for more details.
[api]: /api/secret/azure
[config]: /api/secret/azure#configure
[config]: /api/secret/azure#configure-access
[repo]: https://github.com/hashicorp/vault-plugin-secrets-azure

4
website/pages/docs/secrets/kmip/index.mdx
View File

@ -13,7 +13,7 @@ description: |-
with the Advanced Data Protection Module.
The KMIP secrets engine allows Vault to act as a [Key Management
Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle
Interoperability Protocol](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html) (KMIP) server provider and handle
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
services and applications to perform cryptographic operations without having to
manage cryptographic material, otherwise known as managed objects, by delegating
@ -135,7 +135,7 @@ which will be used when evaluating permissions during a KMIP request.
### Supported KMIP Operations
The KMIP protocol supports a wide [variety of operations](#kmip-ops) that can be
The KMIP protocol supports a wide variety of operations that can be
issued by clients to perform certain actions, such as key management,
encryption, signing, etc. The KMIP secrets engine currently supports a subset of
KMIP operations.

2
website/pages/docs/upgrading/upgrade-to-0.6.0.mdx
View File

@ -51,5 +51,5 @@ If using the Consul HA storage backend, Vault will now automatically register
itself as the `vault` service and perform its own health checks/lifecycle
status management. This behavior can be adjusted or turned off in Vault's
configuration; see the
[documentation](/docs/configuration#check_timeout)
[documentation](/docs/configuration/storage/consul/#check_timeout)
for details.

4
website/pages/docs/upgrading/upgrade-to-0.6.1.mdx
View File

@ -16,7 +16,7 @@ carefully.
Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be
able to form an HA cluster. If following our [general upgrade
instructions](/guides/upgrading) this will
instructions](/docs/upgrading) this will
not be an issue.
## Health Endpoint Status Code Changes
@ -57,7 +57,7 @@ details.
If using DynamoDB and want to use HA support, you will need to explicitly
enable it in Vault's configuration; see the
[documentation](/docs/configuration#ha_enabled)
[documentation](/docs/configuration#ha_storage)
for details.
If you are already using DynamoDB in an HA fashion and wish to keep doing so,

2
website/pages/docs/upgrading/upgrade-to-0.9.3.mdx
View File

@ -13,4 +13,4 @@ Due to a rapid release following 0.9.2, there are no version-specific upgrade
instructions although any upgrade notices for 0.9.2 apply if you are coming
from a previous version.
Please see the [0.9.2 upgrade guide](/guides/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.
Please see the [0.9.2 upgrade guide](/docs/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.

8
website/pages/docs/what-is-vault/index.mdx
View File

@ -34,7 +34,7 @@ detailed audit logs is almost impossible without a custom solution. This is
where Vault steps in.
Examples work best to showcase Vault. Please see the
[use cases](/intro/use-cases).
[use cases](/docs/use-cases).
The key features of Vault are:
@ -68,9 +68,9 @@ The key features of Vault are:
## Next Steps
See the page on [Vault use cases](/intro/use-cases) to see the
See the page on [Vault use cases](/docs/use-cases) to see the
multiple ways Vault can be used. Then see
[how Vault compares to other software](/intro/vs)
[how Vault compares to other software](/docs/vs)
to see how it fits into your existing infrastructure. Finally, continue onwards with
the [getting started guide](/intro/getting-started) to use
the [getting started guide](https://learn.hashicorp.com/vault/getting-started/install) to use
Vault to read, write, and create real secrets and see how it works in practice.

2
website/pages/guides/encryption/spring-demo.mdx
View File

@ -416,7 +416,7 @@ If everything looked fine in [Step 2](#step2), you are ready to write some data.
![Vault UI](/img/vault-java-demo-9.png)
You have [verified in the `spring` log](#task-3-examine-the-sprig-container)
You have [verified in the `spring` log](#task-3-examine-the-spring-container)
that the demo app successfully retrieved a database credential from the Vault
server during its initialization.

4
website/pages/guides/identity/authentication.mdx
View File

@ -226,7 +226,7 @@ $ vault write auth/approle/role/<ROLE_NAME> [parameters]
```
> There are a number of
> [parameters](/api/auth/approle#create-new-approle) that you can set
> [parameters](/api/auth/approle#create-update-approle) that you can set
> on a role. If you want to limit the use of the generated secret ID, set
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
> specify `token_num_uses` and `token_ttl`. You may never want the app token to
@ -295,7 +295,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \
```
> There are a number of
> [parameters](/api/auth/approle#create-new-approle) that you can set
> [parameters](/api/auth/approle#create-update-approle) that you can set
> on a role. If you want to limit the use of the generated secret ID, set
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
> specify `token_num_uses` and `token_ttl`. You may never want the app token to

2
website/pages/guides/operations/deployment-guide.mdx
View File

@ -24,7 +24,7 @@ During the installation of Vault you should also review and apply the recommenda
To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage.
![Reference Diagram](/img/vault-ref-arch-2-02305ae7.png)
![Reference Diagram](/img/vault-ref-arch-2.png)
The below setup steps should be completed on all Vault hosts.

6
website/pages/guides/operations/disaster-recovery.mdx
View File

@ -35,7 +35,7 @@ replication setup.
## Reference Materials
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
- [DR Replication API](/api/system/replication-dr)
- [DR Replication API](/api/system/replication/replication-dr)
- [Replication Setup & Guidance](/guides/operations/replication)
- [Vault HA guide](/guides/operations/vault-ha-consul)
@ -586,8 +586,8 @@ these operations based on experience within their own environments. You can
review the available replication APIs at the following links:
- [Vault Replication API](/api/system/replication)
- [DR Replication API](/api/system/replication-dr)
- [Performance Replication API](/api/system/replication-performance)
- [DR Replication API](/api/system/replication/replication-dr)
- [Performance Replication API](/api/system/replication/replication-performance)
## Next steps

2
website/pages/guides/operations/index.mdx
View File

@ -49,7 +49,7 @@ cluster that meets your organization's needs.
- [Replication Setup & Guidance](/guides/operations/replication)
walks you through the commands to activate the Vault servers in replication mode.
Please note that [Vault Replication](/docs/vault-enterprise/replication)
Please note that [Vault Replication](/docs/enterprise/replication)
is a Vault Enterprise feature.
- [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery)

2
website/pages/guides/operations/mount-filter.mdx
View File

@ -27,7 +27,7 @@ control the movement of secrets across their infrastructure.
- Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault)
- Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault)
- [Create Mounts Filter (API)](/api/system/replication-performance#create-mounts-filter)
- [Create Mounts Filter (API)](/api/system/replication/replication-performance#create-mounts-filter-deprecated)
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
## Estimated Time to Complete

6
website/pages/guides/operations/replication.mdx
View File

@ -10,7 +10,7 @@ description: Learn how to set up and manage Vault Enterprise Performance Replica
~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_.
If you're unfamiliar with Vault Replication concepts, please first look at the
[general information page](/docs/vault-enterprise/replication). More
[general information page](/docs/enterprise/replication). More
details can be found in the
[replication internals](/docs/internals/replication) document.
@ -91,7 +91,7 @@ working with both clusters.
Vaults performance replication model is intended to allow horizontally scaling Vaults
functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the
[general information page](/docs/vault-enterprise/replication).
[general information page](/docs/enterprise/replication).
As a result, Vault performance replication acts on static items within Vault, meaning
information that is not part of Vaults lease-tracking system. In a practical
@ -172,4 +172,4 @@ Local backend mounts are not replicated and their use will require existing DR
mechanisms if DR is necessary in your implementation.
If you need true DR, look at the
[general information page](/docs/vault-enterprise/replication) for information on Vault's disaster recovery replication.
[general information page](/docs/enterprise/replication) for information on Vault's disaster recovery replication.