Anchor Link Fixes (#8572)

* update anchor link algorithm
* update deps
* update content component
* fix a lot of broken links

website/.npm-upgrade.json

@@ -1,8 +1,8 @@
 {
   "ignore": {
     "marked": {
-      "versions": "0.8.0",
+      "versions": "0.8.2",
-      "reason": "breaks IE"
+      "reason": "IE Broken"
     }
   }
 }

website/components/before-after-diagram/style.css

@@ -39,7 +39,7 @@
     }
 
     & li:before {
-      background: url('/img/icons/alert-triangle.svg');
+      background: url('./img/alert-triangle.svg');
       height: 20px;
       margin-top: 3px;
       width: 20px;
@@ -47,7 +47,7 @@
   }
 
   & .after li:before {
-    background: url('/img/icons/check-circle.svg');
+    background: url('./img/check-circle.svg');
     height: 18px;
     margin-top: 4px;
     width: 18px;
@@ -299,7 +299,7 @@
   &.vault {
     & .after {
       & li:before {
-        background: url('/img/icons/check-circle-blue.svg');
+        background: url('./img/check-circle-blue.svg');
         height: 19px;
       }
     }

website/components/subnav/index.jsx

@@ -24,6 +24,7 @@ export default function ProductSubnav() {
       currentPath={router.pathname}
       menuItems={menuItems}
       menuItemsAlign="right"
+      constrainWidth
     />
   )
 }

website/package.json

@@ -6,12 +6,12 @@
   "dependencies": {
     "@bugsnag/js": "^6.5.2",
     "@bugsnag/plugin-react": "^6.5.0",
-    "@hashicorp/nextjs-scripts": "^6.0.0-2",
+    "@hashicorp/nextjs-scripts": "^6.2.0-9",
     "@hashicorp/react-button": "^2.1.6",
-    "@hashicorp/react-case-study-slider": "^2.0.7",
+    "@hashicorp/react-case-study-slider": "^2.0.10",
     "@hashicorp/react-consent-manager": "^2.0.6",
-    "@hashicorp/react-content": "^2.2.0",
+    "@hashicorp/react-content": "^3.0.0-0",
-    "@hashicorp/react-docs-sidenav": "^3.0.3",
+    "@hashicorp/react-docs-sidenav": "^3.0.4",
     "@hashicorp/react-docs-sitemap": "^1.0.0",
     "@hashicorp/react-footer": "3.1.11",
     "@hashicorp/react-global-styles": "^4.0.10",
@@ -20,9 +20,9 @@
     "@hashicorp/react-image": "^2.0.1",
     "@hashicorp/react-inline-svg": "^1.0.0",
     "@hashicorp/react-mega-nav": "^4.0.1-2",
-    "@hashicorp/react-product-downloader": "^3.0.2",
+    "@hashicorp/react-product-downloader": "^3.0.3",
     "@hashicorp/react-section-header": "^2.0.0",
-    "@hashicorp/react-subnav": "^2.2.0",
+    "@hashicorp/react-subnav": "^3.0.0",
     "@hashicorp/react-text-and-content": "^4.0.6",
     "@hashicorp/react-use-cases": "^1.0.4",
     "@hashicorp/react-vertical-text-block-list": "^2.0.1",
@@ -33,19 +33,19 @@
     "imagemin-svgo": "^7.1.0",
     "isomorphic-unfetch": "^3.0.0",
     "marked": "^0.7.0",
-    "next": "^9.3.0",
+    "next": "^9.3.3",
     "nprogress": "^0.2.0",
-    "react": "^16.13.0",
+    "react": "^16.13.1",
-    "react-dom": "^16.13.0",
+    "react-dom": "^16.13.1",
     "slugify": "^1.4.0",
     "stringify-object": "^3.3.0"
   },
   "devDependencies": {
-    "dart-linkcheck": "^2.0.12",
+    "dart-linkcheck": "^2.0.15",
     "glob": "^7.1.6",
     "husky": "^4.2.3",
     "inquirer": "^7.1.0",
-    "prettier": "^1.19.1"
+    "prettier": "^2.0.2"
   },
   "husky": {
     "hooks": {

website/pages/api-docs/secret/azure/index.mdx

@@ -30,9 +30,9 @@ service principals. Environment variables will override any parameters set in th
 - `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory.
   This value can also be provided with the AZURE_TENANT_ID environment variable.
 - `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided
-  with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
+  with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
 - `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be
-  provided with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
+  provided with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
 - `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT
   environment variable. If not specified, Vault will use Azure Public Cloud.
 

website/pages/api-docs/secret/gcp/index.mdx

@@ -26,7 +26,7 @@ This endpoint configures shared information for the secrets engine.
 ### Parameters
 
 - `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
-  See docs for [alternative ways](/docs/secrets/gcp#passing-credentials-to-vault)
+  See docs for [alternative ways](/docs/secrets/gcp#setup)
   to pass in to this parameter, as well as the
   [required permissions](/docs/secrets/gcp#required-permissions).
 
@@ -73,7 +73,6 @@ account keys.
 | :----- | :------------------------ |
 | `POST` | `/gcp/config/rotate-root` |
 
-
 ### Sample Request
 
 ```
@@ -117,7 +116,7 @@ $ curl \
 | :----- | :------------------- |
 | `POST` | `/gcp/roleset/:name` |
 
-This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#rolesets) for the GCP secrets backend
+This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#roleset-bindings) for the GCP secrets backend
 to learn more about what happens when you create or update a roleset.
 
 **If you update a roleset's bindings, this will effectively revoke any secrets

website/pages/api-docs/secret/identity/index.mdx

@@ -13,9 +13,9 @@ see the [Vault Identity documentation](/docs/secrets/identity).
 
 ## API Sections
 
-- [Entity](entity)
+- [Entity](/api-docs/secret/identity/entity)
-- [Entity Alias](entity-alias)
+- [Entity Alias](/api-docs/secret/identity/entity-alias)
-- [Group](group)
+- [Group](/api-docs/secret/identity/group)
-- [Group Alias](group-alias)
+- [Group Alias](/api-docs/secret/identity/group-alias)
-- [Identity Tokens](tokens)
+- [Identity Tokens](/api-docs/secret/identity/tokens)
-- [Lookup](lookup)
+- [Lookup](/api-docs/secret/identity/lookup)

website/pages/api-docs/secret/pki/index.mdx

@@ -32,7 +32,7 @@ update your API calls accordingly.
 - [Set Signed Intermediate](#set-signed-intermediate)
 - [Generate Certificate](#generate-certificate)
 - [Revoke Certificate](#revoke-certificate)
-- [Create/Update Role](#createupdate-role)
+- [Create/Update Role](#create-update-role)
 - [Read Role](#read-role)
 - [List Roles](#list-roles)
 - [Delete Role](#delete-role)

website/pages/docs/auth/azure.mdx

@@ -36,7 +36,7 @@ If Vault is hosted on Azure, Vault can use MSI to access Azure instead of a shar
 The next sections review how the authN/Z workflows work. If you
 have already reviewed these sections, here are some quick links to:
 
-- [Usage](#usage)
+- [Usage](/docs/secrets/azure/#usage)
 - [API documentation](/api/auth/azure) docs.
 
 ## Authentication

website/pages/docs/auth/gcp.mdx

@@ -87,7 +87,7 @@ management tool.
 
    If you are using instance credentials or want to specify credentials via
    an environment variable, you can skip this step. To learn more, see the
-   [Google Cloud Authentication](#google-cloud-authentication) section below.
+   [Google Cloud Authentication](#authentication) section below.
 
 1. Create a named role:
 

website/pages/docs/auth/jwt.mdx

@@ -69,7 +69,7 @@ To limit authorization to a set of email addresses:
 }
 ```
 
-Bound claims can optionally be configured with globs. See the [API documentation](/auth/jwt/#bound_claims_type) for more details.
+Bound claims can optionally be configured with globs. See the [API documentation](/api-docs/auth/jwt/#bound_claims_type) for more details.
 
 ### Claims as Metadata
 

website/pages/docs/auth/kerberos.mdx

@@ -120,7 +120,7 @@ for further discussion of available parameters.
   who successfully authenticate based on their LDAP group membership.
   Since this is identical to the LDAP auth method, see
   [Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
-  and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-gt-policy-mapping)
+  and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-policy-mapping)
   for further discussion.
 
 ```text

website/pages/docs/auth/oci.mdx

@@ -113,7 +113,7 @@ You will see a response that includes a token with the previously added policy.
       `vault login -method=oci auth_type=apikey role=vaultadminrole`
 
 1.  Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
-1.  Repeat all steps in this [Configure the OCI Auth Method](#OnboardingtoOCIAuthMethod-ConfiguretheOCIAuthMethod) section while in the production environment.
+1.  Repeat all steps in this [Configure the OCI Auth Method](#configure-the-oci-auth-method) section while in the production environment.
 
 ### Manage Roles in the OCI Auth method
 

website/pages/docs/commands/index.mdx

@@ -13,7 +13,7 @@ description: |-
 
 ~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause
 confusion while using older versions of Vault with this documentation. Read our
-[upgrade guide](/guides/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
+[upgrade guide](/docs/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
 
 In addition to a verbose [HTTP API](/api), Vault features a
 command-line interface that wraps common functionality and formats output. The

website/pages/docs/commands/operator/migrate.mdx

@@ -72,7 +72,7 @@ storage_destination "consul" {
 The below configuration will migrate away from Consul storage to integrated
 raft storage. The raft data will be stored on the local filesystem in the
 defined `path`. `node_id` can optionally be set to identify this node.
-[cluster_addr](/docs/configuration/#inlinecode-cluster_addr) must be set to the
+[cluster_addr](/docs/configuration/#cluster_addr) must be set to the
 cluster hostname of this node. For more configuration options see the [raft
 storage configuration documentation](/docs/configuration/storage/raft).
 

website/pages/docs/configuration/entropy-augmentation/index.mdx

@@ -22,6 +22,7 @@ A valid Vault Enterprise license is required for Entropy Augmentation
 
 Additionally, the following software packages and enterprise modules are required for sourcing entropy
 via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
+
 - Governance and Policy module
 - PKCS#11 compatible HSM integration library. Vault targets version 2.2 or
   higher of PKCS#11. Depending on any given HSM, some functions (such as key
@@ -29,7 +30,6 @@ via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
 - The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl)
   — ensure that it is installed for the correct architecture of your servers
 
-
 ## `entropy` Example
 
 This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration
@@ -54,4 +54,4 @@ These parameters apply to the `entropy` stanza in the Vault configuration file:
 
 - `mode` `(string: <required>)`: The mode determines which Vault operations requiring
   entropy will sample entropy from the external source. Currently, the only mode supported
-  is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](</docs/enterprise/entropy-augmentation/index#Critical-Security-Parameters-(CSPs)>).
+  is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](/docs/enterprise/entropy-augmentation#critical-security-parameters-csps).

website/pages/docs/configuration/telemetry.mdx

@@ -228,5 +228,4 @@ telemetry {
 }
 ```
 
-[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry
+[telemetry-tcp]: /docs/configuration/listener/tcp/#telemetry-parameters
- 

website/pages/docs/enterprise/mfa/index.mdx

@@ -70,7 +70,7 @@ referenced from ACL and Sentinel policies in any namespace via the method name
 and can be tied to a mount accessor in any namespace.
 
 When using [Sentinel
-EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps-),
+EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps),
 any MFA configuration specified must be satisfied by all requests affected by
 the policy, which can be difficult if the configured paths spread across
 namespaces. One way to address this is to use a policy similar to the

website/pages/docs/internals/integrated-storage.mdx

@@ -19,7 +19,7 @@ supports Enterprise Replication features, and provides backup/restore workflows.
 ## Consensus Protocol
 
 Vault's integrated storage uses a [consensus
-protocol](https://en.wikipedia.org/wiki/Consensus_(computer_science)) to provide
+protocol](<https://en.wikipedia.org/wiki/Consensus_(computer_science)>) to provide
 [Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem).
 The consensus protocol is based on ["Raft: In search of an Understandable
 Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation
@@ -34,30 +34,30 @@ understandable algorithm.
 
 There are a few key terms to know when discussing Raft:
 
-* Log - The primary unit of work in a Raft system is a log entry. The problem
+- Log - The primary unit of work in a Raft system is a log entry. The problem
-of consistency can be decomposed into a *replicated log*. A log is an ordered
+  of consistency can be decomposed into a _replicated log_. A log is an ordered
   sequence of entries. Entries includes any cluster change: adding nodes, adding
   services, new key-value pairs, etc. We consider the log consistent if all
   members agree on the entries and their order.
 
-* FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
+- FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
   An FSM is a collection of finite states with transitions between them. As new logs
   are applied, the FSM is allowed to transition between states. Application of the
   same sequence of logs must result in the same state, meaning behavior must be deterministic.
 
-* Peer set - The peer set is the set of all members participating in log replication.
+- Peer set - The peer set is the set of all members participating in log replication.
   For Vault's purposes, all server nodes are in the peer set of the local cluster.
 
-* Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
+- Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
   quorum requires at least `(n+1)/2` members. For example, if there are 5 members
   in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
-unavailable for any reason, the cluster becomes *unavailable* and no new logs
+  unavailable for any reason, the cluster becomes _unavailable_ and no new logs
   can be committed.
 
-* Committed Entry - An entry is considered *committed* when it is durably stored
+- Committed Entry - An entry is considered _committed_ when it is durably stored
   on a quorum of nodes. Once an entry is committed it can be applied.
 
-* Leader - At any given time, the peer set elects a single node to be the leader.
+- Leader - At any given time, the peer set elects a single node to be the leader.
   The leader is responsible for ingesting new log entries, replicating to followers,
   and managing when an entry is considered committed. For Vault's purposes, the
   leader node is also the Active vault node and followers are standby nodes. See
@@ -80,7 +80,7 @@ Once a cluster has a leader, it is able to accept new log entries. A client can
 request that a leader append a new log entry (from Raft's perspective, a log entry
 is an opaque binary blob). The leader then writes the entry to durable storage and
 attempts to replicate to a quorum of followers. Once the log entry is considered
-*committed*, it can be *applied* to a finite state machine. The finite state machine
+_committed_, it can be _applied_ to a finite state machine. The finite state machine
 is application specific; in Vault's case, we use
 [BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes
 block until it is both _committed_ and _applied_.
@@ -102,13 +102,13 @@ about peer membership. For example, suppose there are only 2 peers: A and B. The
 size is also 2, meaning both nodes must agree to commit a log entry. If either A or B
 fails, it is now impossible to reach quorum. This means the cluster is unable to add
 or remove a node or to commit any additional log entries. This results in
-*unavailability*. At this point, manual intervention would be required to remove
+_unavailability_. At this point, manual intervention would be required to remove
 either A or B and to restart the remaining node in bootstrap mode.
 
 A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
 of 5 can tolerate 2 node failures. The recommended configuration is to either
 run 3 or 5 Vault servers per cluster. This maximizes availability without
-greatly sacrificing performance. The [deployment table](#deployment_table) below
+greatly sacrificing performance. The [deployment table](#deployment-table) below
 summarizes the potential cluster size options and the fault tolerance of each.
 
 In terms of performance, Raft is comparable to Paxos. Assuming stable leadership,
@@ -146,11 +146,14 @@ server deployment is _**highly**_ discouraged as data loss is inevitable in a
 failure scenario.
 
 <table class="table table-bordered table-striped">
+  <thead>
     <tr>
       <th>Servers</th>
       <th>Quorum Size</th>
       <th>Failure Tolerance</th>
     </tr>
+  </thead>
+  <tbody>
     <tr>
       <td>1</td>
       <td>1</td>
@@ -186,4 +189,5 @@ failure scenario.
       <td>4</td>
       <td>3</td>
     </tr>
+  </tbody>
 </table>

website/pages/docs/platform/aws-mp/index.mdx

@@ -22,4 +22,4 @@ The AWS Marketplace listings can be found below.
 
 The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies.
 
-The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run#Architecture) section of this documentation.
+The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run/#architecture) section of this documentation.

website/pages/docs/platform/k8s/helm/run.mdx

@@ -172,7 +172,7 @@ guide demonstrates using an external Vault within a Kubernetes cluster.
 
 The Vault UI is enabled but NOT exposed as service for security reasons. The
 Vault UI can also be exposed via port-forwarding or through a [`ui`
-configuration value](/docs/platform/k8s/helm#v-ui).
+configuration value](/docs/platform/k8s/helm/configuration/#ui).
 
 Expose the Vault UI with port-forwarding:
 
@@ -518,14 +518,14 @@ _End-to-End TLS._ Vault should always be used with TLS in production. If
 intermediate load balancers or reverse proxies are used to front Vault,
 they should not terminate TLS. This way traffic is always encrypted in transit
 to Vault and minimizes risks introduced by intermediate layers. See the
-[official documentation](/docs/platform/k8s/helm#standalone-server-with-tls)
+[official documentation](/docs/platform/k8s/helm/examples/standalone-tls/)
 for example on configuring Vault Helm to use TLS.
 
 _Single Tenancy._ Vault should be the only main process running on a machine.
 This reduces the risk that another process running on the same machine is
 compromised and can interact with Vault. This can be accomplished by using Vault
 Helm's `affinity` configurable. See the
-[official documentation](/docs/platform/k8s/helm#highly-available-vault-cluster-with-consul)
+[official documentation](/docs/platform/k8s/helm/examples/ha-with-consul/)
 for example on configuring Vault Helm to use affinity rules.
 
 _Enable Auditing._ Vault supports several auditing backends. Enabling auditing
@@ -534,7 +534,7 @@ trail in the case of misuse or compromise. Audit logs securely hash any sensitiv
 data, but access should still be restricted to prevent any unintended disclosures.
 Vault Helm includes a configurable `auditStorage` option that provisions a persistent
 volume to store audit logs. See the
-[official documentation](/docs/platform/k8s/helm#standalone-server-with-audit-storage)
+[official documentation](/docs/platform/k8s/helm/examples/standalone-audit/)
 for an example on configuring Vault Helm to use auditing.
 
 _Immutable Upgrades._ Vault relies on an external storage backend for persistence,

website/pages/docs/secrets/azure/index.mdx

@@ -257,5 +257,5 @@ The Azure secrets engine has a full HTTP API. Please see the [Azure secrets engi
 for more details.
 
 [api]: /api/secret/azure
-[config]: /api/secret/azure#configure
+[config]: /api/secret/azure#configure-access
 [repo]: https://github.com/hashicorp/vault-plugin-secrets-azure

website/pages/docs/secrets/kmip/index.mdx

@@ -13,7 +13,7 @@ description: |-
 with the Advanced Data Protection Module.
 
 The KMIP secrets engine allows Vault to act as a [Key Management
-Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle
+Interoperability Protocol](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html) (KMIP) server provider and handle
 the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
 services and applications to perform cryptographic operations without having to
 manage cryptographic material, otherwise known as managed objects, by delegating
@@ -135,7 +135,7 @@ which will be used when evaluating permissions during a KMIP request.
 
 ### Supported KMIP Operations
 
-The KMIP protocol supports a wide [variety of operations](#kmip-ops) that can be
+The KMIP protocol supports a wide variety of operations that can be
 issued by clients to perform certain actions, such as key management,
 encryption, signing, etc. The KMIP secrets engine currently supports a subset of
 KMIP operations.

website/pages/docs/upgrading/upgrade-to-0.6.0.mdx

@@ -51,5 +51,5 @@ If using the Consul HA storage backend, Vault will now automatically register
 itself as the `vault` service and perform its own health checks/lifecycle
 status management. This behavior can be adjusted or turned off in Vault's
 configuration; see the
-[documentation](/docs/configuration#check_timeout)
+[documentation](/docs/configuration/storage/consul/#check_timeout)
 for details.

website/pages/docs/upgrading/upgrade-to-0.6.1.mdx

@@ -16,7 +16,7 @@ carefully.
 
 Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be
 able to form an HA cluster. If following our [general upgrade
-instructions](/guides/upgrading) this will
+instructions](/docs/upgrading) this will
 not be an issue.
 
 ## Health Endpoint Status Code Changes
@@ -57,7 +57,7 @@ details.
 
 If using DynamoDB and want to use HA support, you will need to explicitly
 enable it in Vault's configuration; see the
-[documentation](/docs/configuration#ha_enabled)
+[documentation](/docs/configuration#ha_storage)
 for details.
 
 If you are already using DynamoDB in an HA fashion and wish to keep doing so,

website/pages/docs/upgrading/upgrade-to-0.9.3.mdx

@@ -13,4 +13,4 @@ Due to a rapid release following 0.9.2, there are no version-specific upgrade
 instructions although any upgrade notices for 0.9.2 apply if you are coming
 from a previous version.
 
-Please see the [0.9.2 upgrade guide](/guides/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.
+Please see the [0.9.2 upgrade guide](/docs/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.

website/pages/docs/what-is-vault/index.mdx

@@ -34,7 +34,7 @@ detailed audit logs is almost impossible without a custom solution. This is
 where Vault steps in.
 
 Examples work best to showcase Vault. Please see the
-[use cases](/intro/use-cases).
+[use cases](/docs/use-cases).
 
 The key features of Vault are:
 
@@ -68,9 +68,9 @@ The key features of Vault are:
 
 ## Next Steps
 
-See the page on [Vault use cases](/intro/use-cases) to see the
+See the page on [Vault use cases](/docs/use-cases) to see the
 multiple ways Vault can be used. Then see
-[how Vault compares to other software](/intro/vs)
+[how Vault compares to other software](/docs/vs)
 to see how it fits into your existing infrastructure. Finally, continue onwards with
-the [getting started guide](/intro/getting-started) to use
+the [getting started guide](https://learn.hashicorp.com/vault/getting-started/install) to use
 Vault to read, write, and create real secrets and see how it works in practice.

website/pages/guides/encryption/spring-demo.mdx

@@ -416,7 +416,7 @@ If everything looked fine in [Step 2](#step2), you are ready to write some data.
 
 ![Vault UI](/img/vault-java-demo-9.png)
 
-You have [verified in the `spring` log](#task-3-examine-the-sprig-container)
+You have [verified in the `spring` log](#task-3-examine-the-spring-container)
 that the demo app successfully retrieved a database credential from the Vault
 server during its initialization.
 

website/pages/guides/identity/authentication.mdx

@@ -226,7 +226,7 @@ $ vault write auth/approle/role/<ROLE_NAME> [parameters]
 ```
 
 > There are a number of
-> [parameters](/api/auth/approle#create-new-approle) that you can set
+> [parameters](/api/auth/approle#create-update-approle) that you can set
 > on a role. If you want to limit the use of the generated secret ID, set
 > `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
 > specify `token_num_uses` and `token_ttl`. You may never want the app token to
@@ -295,7 +295,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \
 ```
 
 > There are a number of
-> [parameters](/api/auth/approle#create-new-approle) that you can set
+> [parameters](/api/auth/approle#create-update-approle) that you can set
 > on a role. If you want to limit the use of the generated secret ID, set
 > `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
 > specify `token_num_uses` and `token_ttl`. You may never want the app token to

website/pages/guides/operations/deployment-guide.mdx

@@ -24,7 +24,7 @@ During the installation of Vault you should also review and apply the recommenda
 
 To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage.
 
-![Reference Diagram](/img/vault-ref-arch-2-02305ae7.png)
+![Reference Diagram](/img/vault-ref-arch-2.png)
 
 The below setup steps should be completed on all Vault hosts.
 

website/pages/guides/operations/disaster-recovery.mdx

@@ -35,7 +35,7 @@ replication setup.
 ## Reference Materials
 
 - [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
-- [DR Replication API](/api/system/replication-dr)
+- [DR Replication API](/api/system/replication/replication-dr)
 - [Replication Setup & Guidance](/guides/operations/replication)
 - [Vault HA guide](/guides/operations/vault-ha-consul)
 
@@ -586,8 +586,8 @@ these operations based on experience within their own environments. You can
 review the available replication APIs at the following links:
 
 - [Vault Replication API](/api/system/replication)
-- [DR Replication API](/api/system/replication-dr)
+- [DR Replication API](/api/system/replication/replication-dr)
-- [Performance Replication API](/api/system/replication-performance)
+- [Performance Replication API](/api/system/replication/replication-performance)
 
 ## Next steps
 

website/pages/guides/operations/index.mdx

@@ -49,7 +49,7 @@ cluster that meets your organization's needs.
 
 - [Replication Setup & Guidance](/guides/operations/replication)
   walks you through the commands to activate the Vault servers in replication mode.
-  Please note that [Vault Replication](/docs/vault-enterprise/replication)
+  Please note that [Vault Replication](/docs/enterprise/replication)
   is a Vault Enterprise feature.
 
 - [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery)

website/pages/guides/operations/mount-filter.mdx

@@ -27,7 +27,7 @@ control the movement of secrets across their infrastructure.
 
 - Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault)
 - Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault)
-- [Create Mounts Filter (API)](/api/system/replication-performance#create-mounts-filter)
+- [Create Mounts Filter (API)](/api/system/replication/replication-performance#create-mounts-filter-deprecated)
 - [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
 
 ## Estimated Time to Complete

website/pages/guides/operations/replication.mdx

@@ -10,7 +10,7 @@ description: Learn how to set up and manage Vault Enterprise Performance Replica
 ~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_.
 
 If you're unfamiliar with Vault Replication concepts, please first look at the
-[general information page](/docs/vault-enterprise/replication). More
+[general information page](/docs/enterprise/replication). More
 details can be found in the
 [replication internals](/docs/internals/replication) document.
 
@@ -91,7 +91,7 @@ working with both clusters.
 
 Vault’s performance replication model is intended to allow horizontally scaling Vault’s
 functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the
-[general information page](/docs/vault-enterprise/replication).
+[general information page](/docs/enterprise/replication).
 
 As a result, Vault performance replication acts on static items within Vault, meaning
 information that is not part of Vault’s lease-tracking system. In a practical
@@ -172,4 +172,4 @@ Local backend mounts are not replicated and their use will require existing DR
 mechanisms if DR is necessary in your implementation.
 
 If you need true DR, look at the
-[general information page](/docs/vault-enterprise/replication) for information on Vault's disaster recovery replication.
+[general information page](/docs/enterprise/replication) for information on Vault's disaster recovery replication.