Anchor Link Fixes (#8572)
* update anchor link algorithm * update deps * update content component * fix a lot of broken links
This commit is contained in:
parent
236eb7e19f
commit
8af56bd620
|
@ -1,8 +1,8 @@
|
||||||
{
|
{
|
||||||
"ignore": {
|
"ignore": {
|
||||||
"marked": {
|
"marked": {
|
||||||
"versions": "0.8.0",
|
"versions": "0.8.2",
|
||||||
"reason": "breaks IE"
|
"reason": "IE Broken"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -39,7 +39,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
& li:before {
|
& li:before {
|
||||||
background: url('/img/icons/alert-triangle.svg');
|
background: url('./img/alert-triangle.svg');
|
||||||
height: 20px;
|
height: 20px;
|
||||||
margin-top: 3px;
|
margin-top: 3px;
|
||||||
width: 20px;
|
width: 20px;
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
& .after li:before {
|
& .after li:before {
|
||||||
background: url('/img/icons/check-circle.svg');
|
background: url('./img/check-circle.svg');
|
||||||
height: 18px;
|
height: 18px;
|
||||||
margin-top: 4px;
|
margin-top: 4px;
|
||||||
width: 18px;
|
width: 18px;
|
||||||
|
@ -299,7 +299,7 @@
|
||||||
&.vault {
|
&.vault {
|
||||||
& .after {
|
& .after {
|
||||||
& li:before {
|
& li:before {
|
||||||
background: url('/img/icons/check-circle-blue.svg');
|
background: url('./img/check-circle-blue.svg');
|
||||||
height: 19px;
|
height: 19px;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,6 +24,7 @@ export default function ProductSubnav() {
|
||||||
currentPath={router.pathname}
|
currentPath={router.pathname}
|
||||||
menuItems={menuItems}
|
menuItems={menuItems}
|
||||||
menuItemsAlign="right"
|
menuItemsAlign="right"
|
||||||
|
constrainWidth
|
||||||
/>
|
/>
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
2851
website/package-lock.json
generated
2851
website/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -6,12 +6,12 @@
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@bugsnag/js": "^6.5.2",
|
"@bugsnag/js": "^6.5.2",
|
||||||
"@bugsnag/plugin-react": "^6.5.0",
|
"@bugsnag/plugin-react": "^6.5.0",
|
||||||
"@hashicorp/nextjs-scripts": "^6.0.0-2",
|
"@hashicorp/nextjs-scripts": "^6.2.0-9",
|
||||||
"@hashicorp/react-button": "^2.1.6",
|
"@hashicorp/react-button": "^2.1.6",
|
||||||
"@hashicorp/react-case-study-slider": "^2.0.7",
|
"@hashicorp/react-case-study-slider": "^2.0.10",
|
||||||
"@hashicorp/react-consent-manager": "^2.0.6",
|
"@hashicorp/react-consent-manager": "^2.0.6",
|
||||||
"@hashicorp/react-content": "^2.2.0",
|
"@hashicorp/react-content": "^3.0.0-0",
|
||||||
"@hashicorp/react-docs-sidenav": "^3.0.3",
|
"@hashicorp/react-docs-sidenav": "^3.0.4",
|
||||||
"@hashicorp/react-docs-sitemap": "^1.0.0",
|
"@hashicorp/react-docs-sitemap": "^1.0.0",
|
||||||
"@hashicorp/react-footer": "3.1.11",
|
"@hashicorp/react-footer": "3.1.11",
|
||||||
"@hashicorp/react-global-styles": "^4.0.10",
|
"@hashicorp/react-global-styles": "^4.0.10",
|
||||||
|
@ -20,9 +20,9 @@
|
||||||
"@hashicorp/react-image": "^2.0.1",
|
"@hashicorp/react-image": "^2.0.1",
|
||||||
"@hashicorp/react-inline-svg": "^1.0.0",
|
"@hashicorp/react-inline-svg": "^1.0.0",
|
||||||
"@hashicorp/react-mega-nav": "^4.0.1-2",
|
"@hashicorp/react-mega-nav": "^4.0.1-2",
|
||||||
"@hashicorp/react-product-downloader": "^3.0.2",
|
"@hashicorp/react-product-downloader": "^3.0.3",
|
||||||
"@hashicorp/react-section-header": "^2.0.0",
|
"@hashicorp/react-section-header": "^2.0.0",
|
||||||
"@hashicorp/react-subnav": "^2.2.0",
|
"@hashicorp/react-subnav": "^3.0.0",
|
||||||
"@hashicorp/react-text-and-content": "^4.0.6",
|
"@hashicorp/react-text-and-content": "^4.0.6",
|
||||||
"@hashicorp/react-use-cases": "^1.0.4",
|
"@hashicorp/react-use-cases": "^1.0.4",
|
||||||
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
|
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
|
||||||
|
@ -33,19 +33,19 @@
|
||||||
"imagemin-svgo": "^7.1.0",
|
"imagemin-svgo": "^7.1.0",
|
||||||
"isomorphic-unfetch": "^3.0.0",
|
"isomorphic-unfetch": "^3.0.0",
|
||||||
"marked": "^0.7.0",
|
"marked": "^0.7.0",
|
||||||
"next": "^9.3.0",
|
"next": "^9.3.3",
|
||||||
"nprogress": "^0.2.0",
|
"nprogress": "^0.2.0",
|
||||||
"react": "^16.13.0",
|
"react": "^16.13.1",
|
||||||
"react-dom": "^16.13.0",
|
"react-dom": "^16.13.1",
|
||||||
"slugify": "^1.4.0",
|
"slugify": "^1.4.0",
|
||||||
"stringify-object": "^3.3.0"
|
"stringify-object": "^3.3.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"dart-linkcheck": "^2.0.12",
|
"dart-linkcheck": "^2.0.15",
|
||||||
"glob": "^7.1.6",
|
"glob": "^7.1.6",
|
||||||
"husky": "^4.2.3",
|
"husky": "^4.2.3",
|
||||||
"inquirer": "^7.1.0",
|
"inquirer": "^7.1.0",
|
||||||
"prettier": "^1.19.1"
|
"prettier": "^2.0.2"
|
||||||
},
|
},
|
||||||
"husky": {
|
"husky": {
|
||||||
"hooks": {
|
"hooks": {
|
||||||
|
|
|
@ -30,9 +30,9 @@ service principals. Environment variables will override any parameters set in th
|
||||||
- `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory.
|
- `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory.
|
||||||
This value can also be provided with the AZURE_TENANT_ID environment variable.
|
This value can also be provided with the AZURE_TENANT_ID environment variable.
|
||||||
- `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided
|
- `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided
|
||||||
with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
|
with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
|
||||||
- `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be
|
- `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be
|
||||||
provided with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details.
|
provided with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
|
||||||
- `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT
|
- `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT
|
||||||
environment variable. If not specified, Vault will use Azure Public Cloud.
|
environment variable. If not specified, Vault will use Azure Public Cloud.
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ This endpoint configures shared information for the secrets engine.
|
||||||
### Parameters
|
### Parameters
|
||||||
|
|
||||||
- `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
|
- `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
|
||||||
See docs for [alternative ways](/docs/secrets/gcp#passing-credentials-to-vault)
|
See docs for [alternative ways](/docs/secrets/gcp#setup)
|
||||||
to pass in to this parameter, as well as the
|
to pass in to this parameter, as well as the
|
||||||
[required permissions](/docs/secrets/gcp#required-permissions).
|
[required permissions](/docs/secrets/gcp#required-permissions).
|
||||||
|
|
||||||
|
@ -73,7 +73,6 @@ account keys.
|
||||||
| :----- | :------------------------ |
|
| :----- | :------------------------ |
|
||||||
| `POST` | `/gcp/config/rotate-root` |
|
| `POST` | `/gcp/config/rotate-root` |
|
||||||
|
|
||||||
|
|
||||||
### Sample Request
|
### Sample Request
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -117,7 +116,7 @@ $ curl \
|
||||||
| :----- | :------------------- |
|
| :----- | :------------------- |
|
||||||
| `POST` | `/gcp/roleset/:name` |
|
| `POST` | `/gcp/roleset/:name` |
|
||||||
|
|
||||||
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#rolesets) for the GCP secrets backend
|
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#roleset-bindings) for the GCP secrets backend
|
||||||
to learn more about what happens when you create or update a roleset.
|
to learn more about what happens when you create or update a roleset.
|
||||||
|
|
||||||
**If you update a roleset's bindings, this will effectively revoke any secrets
|
**If you update a roleset's bindings, this will effectively revoke any secrets
|
||||||
|
|
|
@ -13,9 +13,9 @@ see the [Vault Identity documentation](/docs/secrets/identity).
|
||||||
|
|
||||||
## API Sections
|
## API Sections
|
||||||
|
|
||||||
- [Entity](entity)
|
- [Entity](/api-docs/secret/identity/entity)
|
||||||
- [Entity Alias](entity-alias)
|
- [Entity Alias](/api-docs/secret/identity/entity-alias)
|
||||||
- [Group](group)
|
- [Group](/api-docs/secret/identity/group)
|
||||||
- [Group Alias](group-alias)
|
- [Group Alias](/api-docs/secret/identity/group-alias)
|
||||||
- [Identity Tokens](tokens)
|
- [Identity Tokens](/api-docs/secret/identity/tokens)
|
||||||
- [Lookup](lookup)
|
- [Lookup](/api-docs/secret/identity/lookup)
|
||||||
|
|
|
@ -32,7 +32,7 @@ update your API calls accordingly.
|
||||||
- [Set Signed Intermediate](#set-signed-intermediate)
|
- [Set Signed Intermediate](#set-signed-intermediate)
|
||||||
- [Generate Certificate](#generate-certificate)
|
- [Generate Certificate](#generate-certificate)
|
||||||
- [Revoke Certificate](#revoke-certificate)
|
- [Revoke Certificate](#revoke-certificate)
|
||||||
- [Create/Update Role](#createupdate-role)
|
- [Create/Update Role](#create-update-role)
|
||||||
- [Read Role](#read-role)
|
- [Read Role](#read-role)
|
||||||
- [List Roles](#list-roles)
|
- [List Roles](#list-roles)
|
||||||
- [Delete Role](#delete-role)
|
- [Delete Role](#delete-role)
|
||||||
|
|
|
@ -36,7 +36,7 @@ If Vault is hosted on Azure, Vault can use MSI to access Azure instead of a shar
|
||||||
The next sections review how the authN/Z workflows work. If you
|
The next sections review how the authN/Z workflows work. If you
|
||||||
have already reviewed these sections, here are some quick links to:
|
have already reviewed these sections, here are some quick links to:
|
||||||
|
|
||||||
- [Usage](#usage)
|
- [Usage](/docs/secrets/azure/#usage)
|
||||||
- [API documentation](/api/auth/azure) docs.
|
- [API documentation](/api/auth/azure) docs.
|
||||||
|
|
||||||
## Authentication
|
## Authentication
|
||||||
|
|
|
@ -87,7 +87,7 @@ management tool.
|
||||||
|
|
||||||
If you are using instance credentials or want to specify credentials via
|
If you are using instance credentials or want to specify credentials via
|
||||||
an environment variable, you can skip this step. To learn more, see the
|
an environment variable, you can skip this step. To learn more, see the
|
||||||
[Google Cloud Authentication](#google-cloud-authentication) section below.
|
[Google Cloud Authentication](#authentication) section below.
|
||||||
|
|
||||||
1. Create a named role:
|
1. Create a named role:
|
||||||
|
|
||||||
|
|
|
@ -69,7 +69,7 @@ To limit authorization to a set of email addresses:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Bound claims can optionally be configured with globs. See the [API documentation](/auth/jwt/#bound_claims_type) for more details.
|
Bound claims can optionally be configured with globs. See the [API documentation](/api-docs/auth/jwt/#bound_claims_type) for more details.
|
||||||
|
|
||||||
### Claims as Metadata
|
### Claims as Metadata
|
||||||
|
|
||||||
|
|
|
@ -120,7 +120,7 @@ for further discussion of available parameters.
|
||||||
who successfully authenticate based on their LDAP group membership.
|
who successfully authenticate based on their LDAP group membership.
|
||||||
Since this is identical to the LDAP auth method, see
|
Since this is identical to the LDAP auth method, see
|
||||||
[Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
|
[Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
|
||||||
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-gt-policy-mapping)
|
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-policy-mapping)
|
||||||
for further discussion.
|
for further discussion.
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
|
|
@ -113,7 +113,7 @@ You will see a response that includes a token with the previously added policy.
|
||||||
`vault login -method=oci auth_type=apikey role=vaultadminrole`
|
`vault login -method=oci auth_type=apikey role=vaultadminrole`
|
||||||
|
|
||||||
1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
|
1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
|
||||||
1. Repeat all steps in this [Configure the OCI Auth Method](#OnboardingtoOCIAuthMethod-ConfiguretheOCIAuthMethod) section while in the production environment.
|
1. Repeat all steps in this [Configure the OCI Auth Method](#configure-the-oci-auth-method) section while in the production environment.
|
||||||
|
|
||||||
### Manage Roles in the OCI Auth method
|
### Manage Roles in the OCI Auth method
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ description: |-
|
||||||
|
|
||||||
~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause
|
~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause
|
||||||
confusion while using older versions of Vault with this documentation. Read our
|
confusion while using older versions of Vault with this documentation. Read our
|
||||||
[upgrade guide](/guides/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
|
[upgrade guide](/docs/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
|
||||||
|
|
||||||
In addition to a verbose [HTTP API](/api), Vault features a
|
In addition to a verbose [HTTP API](/api), Vault features a
|
||||||
command-line interface that wraps common functionality and formats output. The
|
command-line interface that wraps common functionality and formats output. The
|
||||||
|
|
|
@ -72,7 +72,7 @@ storage_destination "consul" {
|
||||||
The below configuration will migrate away from Consul storage to integrated
|
The below configuration will migrate away from Consul storage to integrated
|
||||||
raft storage. The raft data will be stored on the local filesystem in the
|
raft storage. The raft data will be stored on the local filesystem in the
|
||||||
defined `path`. `node_id` can optionally be set to identify this node.
|
defined `path`. `node_id` can optionally be set to identify this node.
|
||||||
[cluster_addr](/docs/configuration/#inlinecode-cluster_addr) must be set to the
|
[cluster_addr](/docs/configuration/#cluster_addr) must be set to the
|
||||||
cluster hostname of this node. For more configuration options see the [raft
|
cluster hostname of this node. For more configuration options see the [raft
|
||||||
storage configuration documentation](/docs/configuration/storage/raft).
|
storage configuration documentation](/docs/configuration/storage/raft).
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ A valid Vault Enterprise license is required for Entropy Augmentation
|
||||||
|
|
||||||
Additionally, the following software packages and enterprise modules are required for sourcing entropy
|
Additionally, the following software packages and enterprise modules are required for sourcing entropy
|
||||||
via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
|
via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
|
||||||
|
|
||||||
- Governance and Policy module
|
- Governance and Policy module
|
||||||
- PKCS#11 compatible HSM integration library. Vault targets version 2.2 or
|
- PKCS#11 compatible HSM integration library. Vault targets version 2.2 or
|
||||||
higher of PKCS#11. Depending on any given HSM, some functions (such as key
|
higher of PKCS#11. Depending on any given HSM, some functions (such as key
|
||||||
|
@ -29,7 +30,6 @@ via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
|
||||||
- The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl)
|
- The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl)
|
||||||
— ensure that it is installed for the correct architecture of your servers
|
— ensure that it is installed for the correct architecture of your servers
|
||||||
|
|
||||||
|
|
||||||
## `entropy` Example
|
## `entropy` Example
|
||||||
|
|
||||||
This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration
|
This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration
|
||||||
|
@ -54,4 +54,4 @@ These parameters apply to the `entropy` stanza in the Vault configuration file:
|
||||||
|
|
||||||
- `mode` `(string: <required>)`: The mode determines which Vault operations requiring
|
- `mode` `(string: <required>)`: The mode determines which Vault operations requiring
|
||||||
entropy will sample entropy from the external source. Currently, the only mode supported
|
entropy will sample entropy from the external source. Currently, the only mode supported
|
||||||
is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](</docs/enterprise/entropy-augmentation/index#Critical-Security-Parameters-(CSPs)>).
|
is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](/docs/enterprise/entropy-augmentation#critical-security-parameters-csps).
|
||||||
|
|
|
@ -179,7 +179,7 @@ scrape_configs:
|
||||||
- targets: ['your_vault_server_here:8200']
|
- targets: ['your_vault_server_here:8200']
|
||||||
```
|
```
|
||||||
|
|
||||||
An example telemetry configuration to be added to Vault's configuration file is shown below:
|
An example telemetry configuration to be added to Vault's configuration file is shown below:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
telemetry {
|
telemetry {
|
||||||
|
@ -228,5 +228,4 @@ telemetry {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry
|
[telemetry-tcp]: /docs/configuration/listener/tcp/#telemetry-parameters
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@ referenced from ACL and Sentinel policies in any namespace via the method name
|
||||||
and can be tied to a mount accessor in any namespace.
|
and can be tied to a mount accessor in any namespace.
|
||||||
|
|
||||||
When using [Sentinel
|
When using [Sentinel
|
||||||
EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps-),
|
EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps),
|
||||||
any MFA configuration specified must be satisfied by all requests affected by
|
any MFA configuration specified must be satisfied by all requests affected by
|
||||||
the policy, which can be difficult if the configured paths spread across
|
the policy, which can be difficult if the configured paths spread across
|
||||||
namespaces. One way to address this is to use a policy similar to the
|
namespaces. One way to address this is to use a policy similar to the
|
||||||
|
|
|
@ -19,7 +19,7 @@ supports Enterprise Replication features, and provides backup/restore workflows.
|
||||||
## Consensus Protocol
|
## Consensus Protocol
|
||||||
|
|
||||||
Vault's integrated storage uses a [consensus
|
Vault's integrated storage uses a [consensus
|
||||||
protocol](https://en.wikipedia.org/wiki/Consensus_(computer_science)) to provide
|
protocol](<https://en.wikipedia.org/wiki/Consensus_(computer_science)>) to provide
|
||||||
[Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem).
|
[Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem).
|
||||||
The consensus protocol is based on ["Raft: In search of an Understandable
|
The consensus protocol is based on ["Raft: In search of an Understandable
|
||||||
Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation
|
Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation
|
||||||
|
@ -34,35 +34,35 @@ understandable algorithm.
|
||||||
|
|
||||||
There are a few key terms to know when discussing Raft:
|
There are a few key terms to know when discussing Raft:
|
||||||
|
|
||||||
* Log - The primary unit of work in a Raft system is a log entry. The problem
|
- Log - The primary unit of work in a Raft system is a log entry. The problem
|
||||||
of consistency can be decomposed into a *replicated log*. A log is an ordered
|
of consistency can be decomposed into a _replicated log_. A log is an ordered
|
||||||
sequence of entries. Entries includes any cluster change: adding nodes, adding
|
sequence of entries. Entries includes any cluster change: adding nodes, adding
|
||||||
services, new key-value pairs, etc. We consider the log consistent if all
|
services, new key-value pairs, etc. We consider the log consistent if all
|
||||||
members agree on the entries and their order.
|
members agree on the entries and their order.
|
||||||
|
|
||||||
* FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
|
- FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
|
||||||
An FSM is a collection of finite states with transitions between them. As new logs
|
An FSM is a collection of finite states with transitions between them. As new logs
|
||||||
are applied, the FSM is allowed to transition between states. Application of the
|
are applied, the FSM is allowed to transition between states. Application of the
|
||||||
same sequence of logs must result in the same state, meaning behavior must be deterministic.
|
same sequence of logs must result in the same state, meaning behavior must be deterministic.
|
||||||
|
|
||||||
* Peer set - The peer set is the set of all members participating in log replication.
|
- Peer set - The peer set is the set of all members participating in log replication.
|
||||||
For Vault's purposes, all server nodes are in the peer set of the local cluster.
|
For Vault's purposes, all server nodes are in the peer set of the local cluster.
|
||||||
|
|
||||||
* Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
|
- Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
|
||||||
quorum requires at least `(n+1)/2` members. For example, if there are 5 members
|
quorum requires at least `(n+1)/2` members. For example, if there are 5 members
|
||||||
in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
|
in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
|
||||||
unavailable for any reason, the cluster becomes *unavailable* and no new logs
|
unavailable for any reason, the cluster becomes _unavailable_ and no new logs
|
||||||
can be committed.
|
can be committed.
|
||||||
|
|
||||||
* Committed Entry - An entry is considered *committed* when it is durably stored
|
- Committed Entry - An entry is considered _committed_ when it is durably stored
|
||||||
on a quorum of nodes. Once an entry is committed it can be applied.
|
on a quorum of nodes. Once an entry is committed it can be applied.
|
||||||
|
|
||||||
* Leader - At any given time, the peer set elects a single node to be the leader.
|
- Leader - At any given time, the peer set elects a single node to be the leader.
|
||||||
The leader is responsible for ingesting new log entries, replicating to followers,
|
The leader is responsible for ingesting new log entries, replicating to followers,
|
||||||
and managing when an entry is considered committed. For Vault's purposes, the
|
and managing when an entry is considered committed. For Vault's purposes, the
|
||||||
leader node is also the Active vault node and followers are standby nodes. See
|
leader node is also the Active vault node and followers are standby nodes. See
|
||||||
the [High Avaibility docs](/docs/internals/high-availability/#design-overview)
|
the [High Avaibility docs](/docs/internals/high-availability/#design-overview)
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
Raft is a complex protocol and will not be covered here in detail (for those who
|
Raft is a complex protocol and will not be covered here in detail (for those who
|
||||||
desire a more comprehensive treatment, the full specification is available in this
|
desire a more comprehensive treatment, the full specification is available in this
|
||||||
|
@ -80,7 +80,7 @@ Once a cluster has a leader, it is able to accept new log entries. A client can
|
||||||
request that a leader append a new log entry (from Raft's perspective, a log entry
|
request that a leader append a new log entry (from Raft's perspective, a log entry
|
||||||
is an opaque binary blob). The leader then writes the entry to durable storage and
|
is an opaque binary blob). The leader then writes the entry to durable storage and
|
||||||
attempts to replicate to a quorum of followers. Once the log entry is considered
|
attempts to replicate to a quorum of followers. Once the log entry is considered
|
||||||
*committed*, it can be *applied* to a finite state machine. The finite state machine
|
_committed_, it can be _applied_ to a finite state machine. The finite state machine
|
||||||
is application specific; in Vault's case, we use
|
is application specific; in Vault's case, we use
|
||||||
[BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes
|
[BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes
|
||||||
block until it is both _committed_ and _applied_.
|
block until it is both _committed_ and _applied_.
|
||||||
|
@ -102,13 +102,13 @@ about peer membership. For example, suppose there are only 2 peers: A and B. The
|
||||||
size is also 2, meaning both nodes must agree to commit a log entry. If either A or B
|
size is also 2, meaning both nodes must agree to commit a log entry. If either A or B
|
||||||
fails, it is now impossible to reach quorum. This means the cluster is unable to add
|
fails, it is now impossible to reach quorum. This means the cluster is unable to add
|
||||||
or remove a node or to commit any additional log entries. This results in
|
or remove a node or to commit any additional log entries. This results in
|
||||||
*unavailability*. At this point, manual intervention would be required to remove
|
_unavailability_. At this point, manual intervention would be required to remove
|
||||||
either A or B and to restart the remaining node in bootstrap mode.
|
either A or B and to restart the remaining node in bootstrap mode.
|
||||||
|
|
||||||
A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
|
A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
|
||||||
of 5 can tolerate 2 node failures. The recommended configuration is to either
|
of 5 can tolerate 2 node failures. The recommended configuration is to either
|
||||||
run 3 or 5 Vault servers per cluster. This maximizes availability without
|
run 3 or 5 Vault servers per cluster. This maximizes availability without
|
||||||
greatly sacrificing performance. The [deployment table](#deployment_table) below
|
greatly sacrificing performance. The [deployment table](#deployment-table) below
|
||||||
summarizes the potential cluster size options and the fault tolerance of each.
|
summarizes the potential cluster size options and the fault tolerance of each.
|
||||||
|
|
||||||
In terms of performance, Raft is comparable to Paxos. Assuming stable leadership,
|
In terms of performance, Raft is comparable to Paxos. Assuming stable leadership,
|
||||||
|
@ -146,11 +146,14 @@ server deployment is _**highly**_ discouraged as data loss is inevitable in a
|
||||||
failure scenario.
|
failure scenario.
|
||||||
|
|
||||||
<table class="table table-bordered table-striped">
|
<table class="table table-bordered table-striped">
|
||||||
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>Servers</th>
|
<th>Servers</th>
|
||||||
<th>Quorum Size</th>
|
<th>Quorum Size</th>
|
||||||
<th>Failure Tolerance</th>
|
<th>Failure Tolerance</th>
|
||||||
</tr>
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
<tr>
|
<tr>
|
||||||
<td>1</td>
|
<td>1</td>
|
||||||
<td>1</td>
|
<td>1</td>
|
||||||
|
@ -186,4 +189,5 @@ failure scenario.
|
||||||
<td>4</td>
|
<td>4</td>
|
||||||
<td>3</td>
|
<td>3</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
|
@ -22,4 +22,4 @@ The AWS Marketplace listings can be found below.
|
||||||
|
|
||||||
The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies.
|
The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies.
|
||||||
|
|
||||||
The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run#Architecture) section of this documentation.
|
The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run/#architecture) section of this documentation.
|
||||||
|
|
|
@ -172,7 +172,7 @@ guide demonstrates using an external Vault within a Kubernetes cluster.
|
||||||
|
|
||||||
The Vault UI is enabled but NOT exposed as service for security reasons. The
|
The Vault UI is enabled but NOT exposed as service for security reasons. The
|
||||||
Vault UI can also be exposed via port-forwarding or through a [`ui`
|
Vault UI can also be exposed via port-forwarding or through a [`ui`
|
||||||
configuration value](/docs/platform/k8s/helm#v-ui).
|
configuration value](/docs/platform/k8s/helm/configuration/#ui).
|
||||||
|
|
||||||
Expose the Vault UI with port-forwarding:
|
Expose the Vault UI with port-forwarding:
|
||||||
|
|
||||||
|
@ -518,14 +518,14 @@ _End-to-End TLS._ Vault should always be used with TLS in production. If
|
||||||
intermediate load balancers or reverse proxies are used to front Vault,
|
intermediate load balancers or reverse proxies are used to front Vault,
|
||||||
they should not terminate TLS. This way traffic is always encrypted in transit
|
they should not terminate TLS. This way traffic is always encrypted in transit
|
||||||
to Vault and minimizes risks introduced by intermediate layers. See the
|
to Vault and minimizes risks introduced by intermediate layers. See the
|
||||||
[official documentation](/docs/platform/k8s/helm#standalone-server-with-tls)
|
[official documentation](/docs/platform/k8s/helm/examples/standalone-tls/)
|
||||||
for example on configuring Vault Helm to use TLS.
|
for example on configuring Vault Helm to use TLS.
|
||||||
|
|
||||||
_Single Tenancy._ Vault should be the only main process running on a machine.
|
_Single Tenancy._ Vault should be the only main process running on a machine.
|
||||||
This reduces the risk that another process running on the same machine is
|
This reduces the risk that another process running on the same machine is
|
||||||
compromised and can interact with Vault. This can be accomplished by using Vault
|
compromised and can interact with Vault. This can be accomplished by using Vault
|
||||||
Helm's `affinity` configurable. See the
|
Helm's `affinity` configurable. See the
|
||||||
[official documentation](/docs/platform/k8s/helm#highly-available-vault-cluster-with-consul)
|
[official documentation](/docs/platform/k8s/helm/examples/ha-with-consul/)
|
||||||
for example on configuring Vault Helm to use affinity rules.
|
for example on configuring Vault Helm to use affinity rules.
|
||||||
|
|
||||||
_Enable Auditing._ Vault supports several auditing backends. Enabling auditing
|
_Enable Auditing._ Vault supports several auditing backends. Enabling auditing
|
||||||
|
@ -534,7 +534,7 @@ trail in the case of misuse or compromise. Audit logs securely hash any sensitiv
|
||||||
data, but access should still be restricted to prevent any unintended disclosures.
|
data, but access should still be restricted to prevent any unintended disclosures.
|
||||||
Vault Helm includes a configurable `auditStorage` option that provisions a persistent
|
Vault Helm includes a configurable `auditStorage` option that provisions a persistent
|
||||||
volume to store audit logs. See the
|
volume to store audit logs. See the
|
||||||
[official documentation](/docs/platform/k8s/helm#standalone-server-with-audit-storage)
|
[official documentation](/docs/platform/k8s/helm/examples/standalone-audit/)
|
||||||
for an example on configuring Vault Helm to use auditing.
|
for an example on configuring Vault Helm to use auditing.
|
||||||
|
|
||||||
_Immutable Upgrades._ Vault relies on an external storage backend for persistence,
|
_Immutable Upgrades._ Vault relies on an external storage backend for persistence,
|
||||||
|
|
|
@ -257,5 +257,5 @@ The Azure secrets engine has a full HTTP API. Please see the [Azure secrets engi
|
||||||
for more details.
|
for more details.
|
||||||
|
|
||||||
[api]: /api/secret/azure
|
[api]: /api/secret/azure
|
||||||
[config]: /api/secret/azure#configure
|
[config]: /api/secret/azure#configure-access
|
||||||
[repo]: https://github.com/hashicorp/vault-plugin-secrets-azure
|
[repo]: https://github.com/hashicorp/vault-plugin-secrets-azure
|
||||||
|
|
|
@ -13,7 +13,7 @@ description: |-
|
||||||
with the Advanced Data Protection Module.
|
with the Advanced Data Protection Module.
|
||||||
|
|
||||||
The KMIP secrets engine allows Vault to act as a [Key Management
|
The KMIP secrets engine allows Vault to act as a [Key Management
|
||||||
Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle
|
Interoperability Protocol](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html) (KMIP) server provider and handle
|
||||||
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
|
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
|
||||||
services and applications to perform cryptographic operations without having to
|
services and applications to perform cryptographic operations without having to
|
||||||
manage cryptographic material, otherwise known as managed objects, by delegating
|
manage cryptographic material, otherwise known as managed objects, by delegating
|
||||||
|
@ -135,7 +135,7 @@ which will be used when evaluating permissions during a KMIP request.
|
||||||
|
|
||||||
### Supported KMIP Operations
|
### Supported KMIP Operations
|
||||||
|
|
||||||
The KMIP protocol supports a wide [variety of operations](#kmip-ops) that can be
|
The KMIP protocol supports a wide variety of operations that can be
|
||||||
issued by clients to perform certain actions, such as key management,
|
issued by clients to perform certain actions, such as key management,
|
||||||
encryption, signing, etc. The KMIP secrets engine currently supports a subset of
|
encryption, signing, etc. The KMIP secrets engine currently supports a subset of
|
||||||
KMIP operations.
|
KMIP operations.
|
||||||
|
|
|
@ -51,5 +51,5 @@ If using the Consul HA storage backend, Vault will now automatically register
|
||||||
itself as the `vault` service and perform its own health checks/lifecycle
|
itself as the `vault` service and perform its own health checks/lifecycle
|
||||||
status management. This behavior can be adjusted or turned off in Vault's
|
status management. This behavior can be adjusted or turned off in Vault's
|
||||||
configuration; see the
|
configuration; see the
|
||||||
[documentation](/docs/configuration#check_timeout)
|
[documentation](/docs/configuration/storage/consul/#check_timeout)
|
||||||
for details.
|
for details.
|
||||||
|
|
|
@ -16,7 +16,7 @@ carefully.
|
||||||
|
|
||||||
Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be
|
Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be
|
||||||
able to form an HA cluster. If following our [general upgrade
|
able to form an HA cluster. If following our [general upgrade
|
||||||
instructions](/guides/upgrading) this will
|
instructions](/docs/upgrading) this will
|
||||||
not be an issue.
|
not be an issue.
|
||||||
|
|
||||||
## Health Endpoint Status Code Changes
|
## Health Endpoint Status Code Changes
|
||||||
|
@ -57,7 +57,7 @@ details.
|
||||||
|
|
||||||
If using DynamoDB and want to use HA support, you will need to explicitly
|
If using DynamoDB and want to use HA support, you will need to explicitly
|
||||||
enable it in Vault's configuration; see the
|
enable it in Vault's configuration; see the
|
||||||
[documentation](/docs/configuration#ha_enabled)
|
[documentation](/docs/configuration#ha_storage)
|
||||||
for details.
|
for details.
|
||||||
|
|
||||||
If you are already using DynamoDB in an HA fashion and wish to keep doing so,
|
If you are already using DynamoDB in an HA fashion and wish to keep doing so,
|
||||||
|
|
|
@ -13,4 +13,4 @@ Due to a rapid release following 0.9.2, there are no version-specific upgrade
|
||||||
instructions although any upgrade notices for 0.9.2 apply if you are coming
|
instructions although any upgrade notices for 0.9.2 apply if you are coming
|
||||||
from a previous version.
|
from a previous version.
|
||||||
|
|
||||||
Please see the [0.9.2 upgrade guide](/guides/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.
|
Please see the [0.9.2 upgrade guide](/docs/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.
|
||||||
|
|
|
@ -34,7 +34,7 @@ detailed audit logs is almost impossible without a custom solution. This is
|
||||||
where Vault steps in.
|
where Vault steps in.
|
||||||
|
|
||||||
Examples work best to showcase Vault. Please see the
|
Examples work best to showcase Vault. Please see the
|
||||||
[use cases](/intro/use-cases).
|
[use cases](/docs/use-cases).
|
||||||
|
|
||||||
The key features of Vault are:
|
The key features of Vault are:
|
||||||
|
|
||||||
|
@ -68,9 +68,9 @@ The key features of Vault are:
|
||||||
|
|
||||||
## Next Steps
|
## Next Steps
|
||||||
|
|
||||||
See the page on [Vault use cases](/intro/use-cases) to see the
|
See the page on [Vault use cases](/docs/use-cases) to see the
|
||||||
multiple ways Vault can be used. Then see
|
multiple ways Vault can be used. Then see
|
||||||
[how Vault compares to other software](/intro/vs)
|
[how Vault compares to other software](/docs/vs)
|
||||||
to see how it fits into your existing infrastructure. Finally, continue onwards with
|
to see how it fits into your existing infrastructure. Finally, continue onwards with
|
||||||
the [getting started guide](/intro/getting-started) to use
|
the [getting started guide](https://learn.hashicorp.com/vault/getting-started/install) to use
|
||||||
Vault to read, write, and create real secrets and see how it works in practice.
|
Vault to read, write, and create real secrets and see how it works in practice.
|
||||||
|
|
|
@ -416,7 +416,7 @@ If everything looked fine in [Step 2](#step2), you are ready to write some data.
|
||||||
|
|
||||||
![Vault UI](/img/vault-java-demo-9.png)
|
![Vault UI](/img/vault-java-demo-9.png)
|
||||||
|
|
||||||
You have [verified in the `spring` log](#task-3-examine-the-sprig-container)
|
You have [verified in the `spring` log](#task-3-examine-the-spring-container)
|
||||||
that the demo app successfully retrieved a database credential from the Vault
|
that the demo app successfully retrieved a database credential from the Vault
|
||||||
server during its initialization.
|
server during its initialization.
|
||||||
|
|
||||||
|
|
|
@ -226,7 +226,7 @@ $ vault write auth/approle/role/<ROLE_NAME> [parameters]
|
||||||
```
|
```
|
||||||
|
|
||||||
> There are a number of
|
> There are a number of
|
||||||
> [parameters](/api/auth/approle#create-new-approle) that you can set
|
> [parameters](/api/auth/approle#create-update-approle) that you can set
|
||||||
> on a role. If you want to limit the use of the generated secret ID, set
|
> on a role. If you want to limit the use of the generated secret ID, set
|
||||||
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
|
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
|
||||||
> specify `token_num_uses` and `token_ttl`. You may never want the app token to
|
> specify `token_num_uses` and `token_ttl`. You may never want the app token to
|
||||||
|
@ -295,7 +295,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \
|
||||||
```
|
```
|
||||||
|
|
||||||
> There are a number of
|
> There are a number of
|
||||||
> [parameters](/api/auth/approle#create-new-approle) that you can set
|
> [parameters](/api/auth/approle#create-update-approle) that you can set
|
||||||
> on a role. If you want to limit the use of the generated secret ID, set
|
> on a role. If you want to limit the use of the generated secret ID, set
|
||||||
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
|
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
|
||||||
> specify `token_num_uses` and `token_ttl`. You may never want the app token to
|
> specify `token_num_uses` and `token_ttl`. You may never want the app token to
|
||||||
|
|
|
@ -24,7 +24,7 @@ During the installation of Vault you should also review and apply the recommenda
|
||||||
|
|
||||||
To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage.
|
To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage.
|
||||||
|
|
||||||
![Reference Diagram](/img/vault-ref-arch-2-02305ae7.png)
|
![Reference Diagram](/img/vault-ref-arch-2.png)
|
||||||
|
|
||||||
The below setup steps should be completed on all Vault hosts.
|
The below setup steps should be completed on all Vault hosts.
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ replication setup.
|
||||||
## Reference Materials
|
## Reference Materials
|
||||||
|
|
||||||
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
|
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
|
||||||
- [DR Replication API](/api/system/replication-dr)
|
- [DR Replication API](/api/system/replication/replication-dr)
|
||||||
- [Replication Setup & Guidance](/guides/operations/replication)
|
- [Replication Setup & Guidance](/guides/operations/replication)
|
||||||
- [Vault HA guide](/guides/operations/vault-ha-consul)
|
- [Vault HA guide](/guides/operations/vault-ha-consul)
|
||||||
|
|
||||||
|
@ -586,8 +586,8 @@ these operations based on experience within their own environments. You can
|
||||||
review the available replication APIs at the following links:
|
review the available replication APIs at the following links:
|
||||||
|
|
||||||
- [Vault Replication API](/api/system/replication)
|
- [Vault Replication API](/api/system/replication)
|
||||||
- [DR Replication API](/api/system/replication-dr)
|
- [DR Replication API](/api/system/replication/replication-dr)
|
||||||
- [Performance Replication API](/api/system/replication-performance)
|
- [Performance Replication API](/api/system/replication/replication-performance)
|
||||||
|
|
||||||
## Next steps
|
## Next steps
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ cluster that meets your organization's needs.
|
||||||
|
|
||||||
- [Replication Setup & Guidance](/guides/operations/replication)
|
- [Replication Setup & Guidance](/guides/operations/replication)
|
||||||
walks you through the commands to activate the Vault servers in replication mode.
|
walks you through the commands to activate the Vault servers in replication mode.
|
||||||
Please note that [Vault Replication](/docs/vault-enterprise/replication)
|
Please note that [Vault Replication](/docs/enterprise/replication)
|
||||||
is a Vault Enterprise feature.
|
is a Vault Enterprise feature.
|
||||||
|
|
||||||
- [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery)
|
- [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery)
|
||||||
|
|
|
@ -27,7 +27,7 @@ control the movement of secrets across their infrastructure.
|
||||||
|
|
||||||
- Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault)
|
- Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault)
|
||||||
- Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault)
|
- Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault)
|
||||||
- [Create Mounts Filter (API)](/api/system/replication-performance#create-mounts-filter)
|
- [Create Mounts Filter (API)](/api/system/replication/replication-performance#create-mounts-filter-deprecated)
|
||||||
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
|
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
|
||||||
|
|
||||||
## Estimated Time to Complete
|
## Estimated Time to Complete
|
||||||
|
|
|
@ -10,7 +10,7 @@ description: Learn how to set up and manage Vault Enterprise Performance Replica
|
||||||
~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_.
|
~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_.
|
||||||
|
|
||||||
If you're unfamiliar with Vault Replication concepts, please first look at the
|
If you're unfamiliar with Vault Replication concepts, please first look at the
|
||||||
[general information page](/docs/vault-enterprise/replication). More
|
[general information page](/docs/enterprise/replication). More
|
||||||
details can be found in the
|
details can be found in the
|
||||||
[replication internals](/docs/internals/replication) document.
|
[replication internals](/docs/internals/replication) document.
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ working with both clusters.
|
||||||
|
|
||||||
Vault’s performance replication model is intended to allow horizontally scaling Vault’s
|
Vault’s performance replication model is intended to allow horizontally scaling Vault’s
|
||||||
functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the
|
functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the
|
||||||
[general information page](/docs/vault-enterprise/replication).
|
[general information page](/docs/enterprise/replication).
|
||||||
|
|
||||||
As a result, Vault performance replication acts on static items within Vault, meaning
|
As a result, Vault performance replication acts on static items within Vault, meaning
|
||||||
information that is not part of Vault’s lease-tracking system. In a practical
|
information that is not part of Vault’s lease-tracking system. In a practical
|
||||||
|
@ -172,4 +172,4 @@ Local backend mounts are not replicated and their use will require existing DR
|
||||||
mechanisms if DR is necessary in your implementation.
|
mechanisms if DR is necessary in your implementation.
|
||||||
|
|
||||||
If you need true DR, look at the
|
If you need true DR, look at the
|
||||||
[general information page](/docs/vault-enterprise/replication) for information on Vault's disaster recovery replication.
|
[general information page](/docs/enterprise/replication) for information on Vault's disaster recovery replication.
|
||||||
|
|
Loading…
Reference in a new issue