Anchor Link Fixes (#8572)

* update anchor link algorithm
* update deps
* update content component
* fix a lot of broken links
This commit is contained in:
Jeff Escalante 2020-03-31 15:21:16 -04:00 committed by GitHub
parent 236eb7e19f
commit 8af56bd620
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 1909 additions and 1267 deletions

View file

@ -1,8 +1,8 @@
{ {
"ignore": { "ignore": {
"marked": { "marked": {
"versions": "0.8.0", "versions": "0.8.2",
"reason": "breaks IE" "reason": "IE Broken"
} }
} }
} }

View file

@ -39,7 +39,7 @@
} }
& li:before { & li:before {
background: url('/img/icons/alert-triangle.svg'); background: url('./img/alert-triangle.svg');
height: 20px; height: 20px;
margin-top: 3px; margin-top: 3px;
width: 20px; width: 20px;
@ -47,7 +47,7 @@
} }
& .after li:before { & .after li:before {
background: url('/img/icons/check-circle.svg'); background: url('./img/check-circle.svg');
height: 18px; height: 18px;
margin-top: 4px; margin-top: 4px;
width: 18px; width: 18px;
@ -299,7 +299,7 @@
&.vault { &.vault {
& .after { & .after {
& li:before { & li:before {
background: url('/img/icons/check-circle-blue.svg'); background: url('./img/check-circle-blue.svg');
height: 19px; height: 19px;
} }
} }

View file

@ -24,6 +24,7 @@ export default function ProductSubnav() {
currentPath={router.pathname} currentPath={router.pathname}
menuItems={menuItems} menuItems={menuItems}
menuItemsAlign="right" menuItemsAlign="right"
constrainWidth
/> />
) )
} }

2851
website/package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -6,12 +6,12 @@
"dependencies": { "dependencies": {
"@bugsnag/js": "^6.5.2", "@bugsnag/js": "^6.5.2",
"@bugsnag/plugin-react": "^6.5.0", "@bugsnag/plugin-react": "^6.5.0",
"@hashicorp/nextjs-scripts": "^6.0.0-2", "@hashicorp/nextjs-scripts": "^6.2.0-9",
"@hashicorp/react-button": "^2.1.6", "@hashicorp/react-button": "^2.1.6",
"@hashicorp/react-case-study-slider": "^2.0.7", "@hashicorp/react-case-study-slider": "^2.0.10",
"@hashicorp/react-consent-manager": "^2.0.6", "@hashicorp/react-consent-manager": "^2.0.6",
"@hashicorp/react-content": "^2.2.0", "@hashicorp/react-content": "^3.0.0-0",
"@hashicorp/react-docs-sidenav": "^3.0.3", "@hashicorp/react-docs-sidenav": "^3.0.4",
"@hashicorp/react-docs-sitemap": "^1.0.0", "@hashicorp/react-docs-sitemap": "^1.0.0",
"@hashicorp/react-footer": "3.1.11", "@hashicorp/react-footer": "3.1.11",
"@hashicorp/react-global-styles": "^4.0.10", "@hashicorp/react-global-styles": "^4.0.10",
@ -20,9 +20,9 @@
"@hashicorp/react-image": "^2.0.1", "@hashicorp/react-image": "^2.0.1",
"@hashicorp/react-inline-svg": "^1.0.0", "@hashicorp/react-inline-svg": "^1.0.0",
"@hashicorp/react-mega-nav": "^4.0.1-2", "@hashicorp/react-mega-nav": "^4.0.1-2",
"@hashicorp/react-product-downloader": "^3.0.2", "@hashicorp/react-product-downloader": "^3.0.3",
"@hashicorp/react-section-header": "^2.0.0", "@hashicorp/react-section-header": "^2.0.0",
"@hashicorp/react-subnav": "^2.2.0", "@hashicorp/react-subnav": "^3.0.0",
"@hashicorp/react-text-and-content": "^4.0.6", "@hashicorp/react-text-and-content": "^4.0.6",
"@hashicorp/react-use-cases": "^1.0.4", "@hashicorp/react-use-cases": "^1.0.4",
"@hashicorp/react-vertical-text-block-list": "^2.0.1", "@hashicorp/react-vertical-text-block-list": "^2.0.1",
@ -33,19 +33,19 @@
"imagemin-svgo": "^7.1.0", "imagemin-svgo": "^7.1.0",
"isomorphic-unfetch": "^3.0.0", "isomorphic-unfetch": "^3.0.0",
"marked": "^0.7.0", "marked": "^0.7.0",
"next": "^9.3.0", "next": "^9.3.3",
"nprogress": "^0.2.0", "nprogress": "^0.2.0",
"react": "^16.13.0", "react": "^16.13.1",
"react-dom": "^16.13.0", "react-dom": "^16.13.1",
"slugify": "^1.4.0", "slugify": "^1.4.0",
"stringify-object": "^3.3.0" "stringify-object": "^3.3.0"
}, },
"devDependencies": { "devDependencies": {
"dart-linkcheck": "^2.0.12", "dart-linkcheck": "^2.0.15",
"glob": "^7.1.6", "glob": "^7.1.6",
"husky": "^4.2.3", "husky": "^4.2.3",
"inquirer": "^7.1.0", "inquirer": "^7.1.0",
"prettier": "^1.19.1" "prettier": "^2.0.2"
}, },
"husky": { "husky": {
"hooks": { "hooks": {

View file

@ -30,9 +30,9 @@ service principals. Environment variables will override any parameters set in th
- `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory. - `tenant_id` (`string: <required>`) - The tenant id for the Azure Active Directory.
This value can also be provided with the AZURE_TENANT_ID environment variable. This value can also be provided with the AZURE_TENANT_ID environment variable.
- `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided - `client_id` (`string:""`) - The OAuth2 client id to connect to Azure. This value can also be provided
with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details. with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
- `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be - `client_secret` (`string:""`) - The OAuth2 client secret to connect to Azure. This value can also be
provided with the AZURE_CLIENT_ID environment variable. See [authentication](#Authentication) for more details. provided with the AZURE_CLIENT_ID environment variable. See [authentication](/docs/secrets/azure#authentication) for more details.
- `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT - `environment` (`string:""`) - The Azure environment. This value can also be provided with the AZURE_ENVIRONMENT
environment variable. If not specified, Vault will use Azure Public Cloud. environment variable. If not specified, Vault will use Azure Public Cloud.

View file

@ -26,7 +26,7 @@ This endpoint configures shared information for the secrets engine.
### Parameters ### Parameters
- `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file') - `credentials` (`string:""`) - JSON credentials (either file contents or '@path/to/file')
See docs for [alternative ways](/docs/secrets/gcp#passing-credentials-to-vault) See docs for [alternative ways](/docs/secrets/gcp#setup)
to pass in to this parameter, as well as the to pass in to this parameter, as well as the
[required permissions](/docs/secrets/gcp#required-permissions). [required permissions](/docs/secrets/gcp#required-permissions).
@ -73,7 +73,6 @@ account keys.
| :----- | :------------------------ | | :----- | :------------------------ |
| `POST` | `/gcp/config/rotate-root` | | `POST` | `/gcp/config/rotate-root` |
### Sample Request ### Sample Request
``` ```
@ -117,7 +116,7 @@ $ curl \
| :----- | :------------------- | | :----- | :------------------- |
| `POST` | `/gcp/roleset/:name` | | `POST` | `/gcp/roleset/:name` |
This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#rolesets) for the GCP secrets backend This method allows you to create a roleset or update an existing roleset. See [roleset docs](/docs/secrets/gcp#roleset-bindings) for the GCP secrets backend
to learn more about what happens when you create or update a roleset. to learn more about what happens when you create or update a roleset.
**If you update a roleset's bindings, this will effectively revoke any secrets **If you update a roleset's bindings, this will effectively revoke any secrets

View file

@ -13,9 +13,9 @@ see the [Vault Identity documentation](/docs/secrets/identity).
## API Sections ## API Sections
- [Entity](entity) - [Entity](/api-docs/secret/identity/entity)
- [Entity Alias](entity-alias) - [Entity Alias](/api-docs/secret/identity/entity-alias)
- [Group](group) - [Group](/api-docs/secret/identity/group)
- [Group Alias](group-alias) - [Group Alias](/api-docs/secret/identity/group-alias)
- [Identity Tokens](tokens) - [Identity Tokens](/api-docs/secret/identity/tokens)
- [Lookup](lookup) - [Lookup](/api-docs/secret/identity/lookup)

View file

@ -32,7 +32,7 @@ update your API calls accordingly.
- [Set Signed Intermediate](#set-signed-intermediate) - [Set Signed Intermediate](#set-signed-intermediate)
- [Generate Certificate](#generate-certificate) - [Generate Certificate](#generate-certificate)
- [Revoke Certificate](#revoke-certificate) - [Revoke Certificate](#revoke-certificate)
- [Create/Update Role](#createupdate-role) - [Create/Update Role](#create-update-role)
- [Read Role](#read-role) - [Read Role](#read-role)
- [List Roles](#list-roles) - [List Roles](#list-roles)
- [Delete Role](#delete-role) - [Delete Role](#delete-role)

View file

@ -36,7 +36,7 @@ If Vault is hosted on Azure, Vault can use MSI to access Azure instead of a shar
The next sections review how the authN/Z workflows work. If you The next sections review how the authN/Z workflows work. If you
have already reviewed these sections, here are some quick links to: have already reviewed these sections, here are some quick links to:
- [Usage](#usage) - [Usage](/docs/secrets/azure/#usage)
- [API documentation](/api/auth/azure) docs. - [API documentation](/api/auth/azure) docs.
## Authentication ## Authentication

View file

@ -87,7 +87,7 @@ management tool.
If you are using instance credentials or want to specify credentials via If you are using instance credentials or want to specify credentials via
an environment variable, you can skip this step. To learn more, see the an environment variable, you can skip this step. To learn more, see the
[Google Cloud Authentication](#google-cloud-authentication) section below. [Google Cloud Authentication](#authentication) section below.
1. Create a named role: 1. Create a named role:

View file

@ -69,7 +69,7 @@ To limit authorization to a set of email addresses:
} }
``` ```
Bound claims can optionally be configured with globs. See the [API documentation](/auth/jwt/#bound_claims_type) for more details. Bound claims can optionally be configured with globs. See the [API documentation](/api-docs/auth/jwt/#bound_claims_type) for more details.
### Claims as Metadata ### Claims as Metadata

View file

@ -120,7 +120,7 @@ for further discussion of available parameters.
who successfully authenticate based on their LDAP group membership. who successfully authenticate based on their LDAP group membership.
Since this is identical to the LDAP auth method, see Since this is identical to the LDAP auth method, see
[Group Membership Resolution](/docs/auth/ldap#group-membership-resolution) [Group Membership Resolution](/docs/auth/ldap#group-membership-resolution)
and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-gt-policy-mapping) and [LDAP Group -> Policy Mapping](/docs/auth/ldap#ldap-group-policy-mapping)
for further discussion. for further discussion.
```text ```text

View file

@ -113,7 +113,7 @@ You will see a response that includes a token with the previously added policy.
`vault login -method=oci auth_type=apikey role=vaultadminrole` `vault login -method=oci auth_type=apikey role=vaultadminrole`
1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information. 1. Stop Vault and re-start it in the production environment. See [the configuration docs](/docs/configuration/) for more information.
1. Repeat all steps in this [Configure the OCI Auth Method](#OnboardingtoOCIAuthMethod-ConfiguretheOCIAuthMethod) section while in the production environment. 1. Repeat all steps in this [Configure the OCI Auth Method](#configure-the-oci-auth-method) section while in the production environment.
### Manage Roles in the OCI Auth method ### Manage Roles in the OCI Auth method

View file

@ -13,7 +13,7 @@ description: |-
~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause ~> **Note:** The Vault CLI interface was changed substantially in 0.9.2+ and may cause
confusion while using older versions of Vault with this documentation. Read our confusion while using older versions of Vault with this documentation. Read our
[upgrade guide](/guides/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information. [upgrade guide](/docs/upgrading/upgrade-to-0.9.2#backwards-compatible-cli-changes) for more information.
In addition to a verbose [HTTP API](/api), Vault features a In addition to a verbose [HTTP API](/api), Vault features a
command-line interface that wraps common functionality and formats output. The command-line interface that wraps common functionality and formats output. The

View file

@ -72,7 +72,7 @@ storage_destination "consul" {
The below configuration will migrate away from Consul storage to integrated The below configuration will migrate away from Consul storage to integrated
raft storage. The raft data will be stored on the local filesystem in the raft storage. The raft data will be stored on the local filesystem in the
defined `path`. `node_id` can optionally be set to identify this node. defined `path`. `node_id` can optionally be set to identify this node.
[cluster_addr](/docs/configuration/#inlinecode-cluster_addr) must be set to the [cluster_addr](/docs/configuration/#cluster_addr) must be set to the
cluster hostname of this node. For more configuration options see the [raft cluster hostname of this node. For more configuration options see the [raft
storage configuration documentation](/docs/configuration/storage/raft). storage configuration documentation](/docs/configuration/storage/raft).

View file

@ -22,6 +22,7 @@ A valid Vault Enterprise license is required for Entropy Augmentation
Additionally, the following software packages and enterprise modules are required for sourcing entropy Additionally, the following software packages and enterprise modules are required for sourcing entropy
via the [PKCS11 seal](/docs/configuration/seal/pkcs11): via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
- Governance and Policy module - Governance and Policy module
- PKCS#11 compatible HSM integration library. Vault targets version 2.2 or - PKCS#11 compatible HSM integration library. Vault targets version 2.2 or
higher of PKCS#11. Depending on any given HSM, some functions (such as key higher of PKCS#11. Depending on any given HSM, some functions (such as key
@ -29,7 +30,6 @@ via the [PKCS11 seal](/docs/configuration/seal/pkcs11):
- The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl) - The [GNU libltdl library](https://www.gnu.org/software/libtool/manual/html_node/Using-libltdl)
— ensure that it is installed for the correct architecture of your servers — ensure that it is installed for the correct architecture of your servers
## `entropy` Example ## `entropy` Example
This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration This example shows configuring entropy augmentation through a PKCS11 HSM seal from Vault's configuration
@ -54,4 +54,4 @@ These parameters apply to the `entropy` stanza in the Vault configuration file:
- `mode` `(string: <required>)`: The mode determines which Vault operations requiring - `mode` `(string: <required>)`: The mode determines which Vault operations requiring
entropy will sample entropy from the external source. Currently, the only mode supported entropy will sample entropy from the external source. Currently, the only mode supported
is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](</docs/enterprise/entropy-augmentation/index#Critical-Security-Parameters-(CSPs)>). is `augmentation` which sources entropy for [Critical Security Parameters (CSPs)](/docs/enterprise/entropy-augmentation#critical-security-parameters-csps).

View file

@ -179,7 +179,7 @@ scrape_configs:
- targets: ['your_vault_server_here:8200'] - targets: ['your_vault_server_here:8200']
``` ```
An example telemetry configuration to be added to Vault's configuration file is shown below: An example telemetry configuration to be added to Vault's configuration file is shown below:
```hcl ```hcl
telemetry { telemetry {
@ -228,5 +228,4 @@ telemetry {
} }
``` ```
[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry [telemetry-tcp]: /docs/configuration/listener/tcp/#telemetry-parameters

View file

@ -70,7 +70,7 @@ referenced from ACL and Sentinel policies in any namespace via the method name
and can be tied to a mount accessor in any namespace. and can be tied to a mount accessor in any namespace.
When using [Sentinel When using [Sentinel
EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps-), EGPs](/docs/enterprise/sentinel#endpoint-governing-policies-egps),
any MFA configuration specified must be satisfied by all requests affected by any MFA configuration specified must be satisfied by all requests affected by
the policy, which can be difficult if the configured paths spread across the policy, which can be difficult if the configured paths spread across
namespaces. One way to address this is to use a policy similar to the namespaces. One way to address this is to use a policy similar to the

View file

@ -19,7 +19,7 @@ supports Enterprise Replication features, and provides backup/restore workflows.
## Consensus Protocol ## Consensus Protocol
Vault's integrated storage uses a [consensus Vault's integrated storage uses a [consensus
protocol](https://en.wikipedia.org/wiki/Consensus_(computer_science)) to provide protocol](<https://en.wikipedia.org/wiki/Consensus_(computer_science)>) to provide
[Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem). [Consistency (as defined by CAP)](https://en.wikipedia.org/wiki/CAP_theorem).
The consensus protocol is based on ["Raft: In search of an Understandable The consensus protocol is based on ["Raft: In search of an Understandable
Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation Consensus Algorithm"](https://raft.github.io/raft.pdf). For a visual explanation
@ -34,35 +34,35 @@ understandable algorithm.
There are a few key terms to know when discussing Raft: There are a few key terms to know when discussing Raft:
* Log - The primary unit of work in a Raft system is a log entry. The problem - Log - The primary unit of work in a Raft system is a log entry. The problem
of consistency can be decomposed into a *replicated log*. A log is an ordered of consistency can be decomposed into a _replicated log_. A log is an ordered
sequence of entries. Entries includes any cluster change: adding nodes, adding sequence of entries. Entries includes any cluster change: adding nodes, adding
services, new key-value pairs, etc. We consider the log consistent if all services, new key-value pairs, etc. We consider the log consistent if all
members agree on the entries and their order. members agree on the entries and their order.
* FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine). - FSM - [Finite State Machine](https://en.wikipedia.org/wiki/Finite-state_machine).
An FSM is a collection of finite states with transitions between them. As new logs An FSM is a collection of finite states with transitions between them. As new logs
are applied, the FSM is allowed to transition between states. Application of the are applied, the FSM is allowed to transition between states. Application of the
same sequence of logs must result in the same state, meaning behavior must be deterministic. same sequence of logs must result in the same state, meaning behavior must be deterministic.
* Peer set - The peer set is the set of all members participating in log replication. - Peer set - The peer set is the set of all members participating in log replication.
For Vault's purposes, all server nodes are in the peer set of the local cluster. For Vault's purposes, all server nodes are in the peer set of the local cluster.
* Quorum - A quorum is a majority of members from a peer set: for a set of size `n`, - Quorum - A quorum is a majority of members from a peer set: for a set of size `n`,
quorum requires at least `(n+1)/2` members. For example, if there are 5 members quorum requires at least `(n+1)/2` members. For example, if there are 5 members
in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is in the peer set, we would need 3 nodes to form a quorum. If a quorum of nodes is
unavailable for any reason, the cluster becomes *unavailable* and no new logs unavailable for any reason, the cluster becomes _unavailable_ and no new logs
can be committed. can be committed.
* Committed Entry - An entry is considered *committed* when it is durably stored - Committed Entry - An entry is considered _committed_ when it is durably stored
on a quorum of nodes. Once an entry is committed it can be applied. on a quorum of nodes. Once an entry is committed it can be applied.
* Leader - At any given time, the peer set elects a single node to be the leader. - Leader - At any given time, the peer set elects a single node to be the leader.
The leader is responsible for ingesting new log entries, replicating to followers, The leader is responsible for ingesting new log entries, replicating to followers,
and managing when an entry is considered committed. For Vault's purposes, the and managing when an entry is considered committed. For Vault's purposes, the
leader node is also the Active vault node and followers are standby nodes. See leader node is also the Active vault node and followers are standby nodes. See
the [High Avaibility docs](/docs/internals/high-availability/#design-overview) the [High Avaibility docs](/docs/internals/high-availability/#design-overview)
for more information. for more information.
Raft is a complex protocol and will not be covered here in detail (for those who Raft is a complex protocol and will not be covered here in detail (for those who
desire a more comprehensive treatment, the full specification is available in this desire a more comprehensive treatment, the full specification is available in this
@ -80,7 +80,7 @@ Once a cluster has a leader, it is able to accept new log entries. A client can
request that a leader append a new log entry (from Raft's perspective, a log entry request that a leader append a new log entry (from Raft's perspective, a log entry
is an opaque binary blob). The leader then writes the entry to durable storage and is an opaque binary blob). The leader then writes the entry to durable storage and
attempts to replicate to a quorum of followers. Once the log entry is considered attempts to replicate to a quorum of followers. Once the log entry is considered
*committed*, it can be *applied* to a finite state machine. The finite state machine _committed_, it can be _applied_ to a finite state machine. The finite state machine
is application specific; in Vault's case, we use is application specific; in Vault's case, we use
[BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes [BoltDB](https://github.com/etcd-io/bbolt) to maintain cluster state. Vault's writes
block until it is both _committed_ and _applied_. block until it is both _committed_ and _applied_.
@ -102,13 +102,13 @@ about peer membership. For example, suppose there are only 2 peers: A and B. The
size is also 2, meaning both nodes must agree to commit a log entry. If either A or B size is also 2, meaning both nodes must agree to commit a log entry. If either A or B
fails, it is now impossible to reach quorum. This means the cluster is unable to add fails, it is now impossible to reach quorum. This means the cluster is unable to add
or remove a node or to commit any additional log entries. This results in or remove a node or to commit any additional log entries. This results in
*unavailability*. At this point, manual intervention would be required to remove _unavailability_. At this point, manual intervention would be required to remove
either A or B and to restart the remaining node in bootstrap mode. either A or B and to restart the remaining node in bootstrap mode.
A Raft cluster of 3 nodes can tolerate a single node failure while a cluster A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
of 5 can tolerate 2 node failures. The recommended configuration is to either of 5 can tolerate 2 node failures. The recommended configuration is to either
run 3 or 5 Vault servers per cluster. This maximizes availability without run 3 or 5 Vault servers per cluster. This maximizes availability without
greatly sacrificing performance. The [deployment table](#deployment_table) below greatly sacrificing performance. The [deployment table](#deployment-table) below
summarizes the potential cluster size options and the fault tolerance of each. summarizes the potential cluster size options and the fault tolerance of each.
In terms of performance, Raft is comparable to Paxos. Assuming stable leadership, In terms of performance, Raft is comparable to Paxos. Assuming stable leadership,
@ -146,11 +146,14 @@ server deployment is _**highly**_ discouraged as data loss is inevitable in a
failure scenario. failure scenario.
<table class="table table-bordered table-striped"> <table class="table table-bordered table-striped">
<thead>
<tr> <tr>
<th>Servers</th> <th>Servers</th>
<th>Quorum Size</th> <th>Quorum Size</th>
<th>Failure Tolerance</th> <th>Failure Tolerance</th>
</tr> </tr>
</thead>
<tbody>
<tr> <tr>
<td>1</td> <td>1</td>
<td>1</td> <td>1</td>
@ -186,4 +189,5 @@ failure scenario.
<td>4</td> <td>4</td>
<td>3</td> <td>3</td>
</tr> </tr>
</tbody>
</table> </table>

View file

@ -22,4 +22,4 @@ The AWS Marketplace listings can be found below.
The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies. The Vault AMIs listed in the AWS Marketplace are intended to serve as an easy starting point for a Vault installation. Vault AMIs are built on top of a minimal Ubuntu distribution and contain up to date packages for both Vault and the underlying operating system dependencies.
The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run#Architecture) section of this documentation. The Open Source Vault AMI is intended for development and test use cases. This listing will launch a non-HA Vault instance with Vault running and the Vault UI available. For production use cases, please see the [Architecture](/docs/platform/aws-mp/run/#architecture) section of this documentation.

View file

@ -172,7 +172,7 @@ guide demonstrates using an external Vault within a Kubernetes cluster.
The Vault UI is enabled but NOT exposed as service for security reasons. The The Vault UI is enabled but NOT exposed as service for security reasons. The
Vault UI can also be exposed via port-forwarding or through a [`ui` Vault UI can also be exposed via port-forwarding or through a [`ui`
configuration value](/docs/platform/k8s/helm#v-ui). configuration value](/docs/platform/k8s/helm/configuration/#ui).
Expose the Vault UI with port-forwarding: Expose the Vault UI with port-forwarding:
@ -518,14 +518,14 @@ _End-to-End TLS._ Vault should always be used with TLS in production. If
intermediate load balancers or reverse proxies are used to front Vault, intermediate load balancers or reverse proxies are used to front Vault,
they should not terminate TLS. This way traffic is always encrypted in transit they should not terminate TLS. This way traffic is always encrypted in transit
to Vault and minimizes risks introduced by intermediate layers. See the to Vault and minimizes risks introduced by intermediate layers. See the
[official documentation](/docs/platform/k8s/helm#standalone-server-with-tls) [official documentation](/docs/platform/k8s/helm/examples/standalone-tls/)
for example on configuring Vault Helm to use TLS. for example on configuring Vault Helm to use TLS.
_Single Tenancy._ Vault should be the only main process running on a machine. _Single Tenancy._ Vault should be the only main process running on a machine.
This reduces the risk that another process running on the same machine is This reduces the risk that another process running on the same machine is
compromised and can interact with Vault. This can be accomplished by using Vault compromised and can interact with Vault. This can be accomplished by using Vault
Helm's `affinity` configurable. See the Helm's `affinity` configurable. See the
[official documentation](/docs/platform/k8s/helm#highly-available-vault-cluster-with-consul) [official documentation](/docs/platform/k8s/helm/examples/ha-with-consul/)
for example on configuring Vault Helm to use affinity rules. for example on configuring Vault Helm to use affinity rules.
_Enable Auditing._ Vault supports several auditing backends. Enabling auditing _Enable Auditing._ Vault supports several auditing backends. Enabling auditing
@ -534,7 +534,7 @@ trail in the case of misuse or compromise. Audit logs securely hash any sensitiv
data, but access should still be restricted to prevent any unintended disclosures. data, but access should still be restricted to prevent any unintended disclosures.
Vault Helm includes a configurable `auditStorage` option that provisions a persistent Vault Helm includes a configurable `auditStorage` option that provisions a persistent
volume to store audit logs. See the volume to store audit logs. See the
[official documentation](/docs/platform/k8s/helm#standalone-server-with-audit-storage) [official documentation](/docs/platform/k8s/helm/examples/standalone-audit/)
for an example on configuring Vault Helm to use auditing. for an example on configuring Vault Helm to use auditing.
_Immutable Upgrades._ Vault relies on an external storage backend for persistence, _Immutable Upgrades._ Vault relies on an external storage backend for persistence,

View file

@ -257,5 +257,5 @@ The Azure secrets engine has a full HTTP API. Please see the [Azure secrets engi
for more details. for more details.
[api]: /api/secret/azure [api]: /api/secret/azure
[config]: /api/secret/azure#configure [config]: /api/secret/azure#configure-access
[repo]: https://github.com/hashicorp/vault-plugin-secrets-azure [repo]: https://github.com/hashicorp/vault-plugin-secrets-azure

View file

@ -13,7 +13,7 @@ description: |-
with the Advanced Data Protection Module. with the Advanced Data Protection Module.
The KMIP secrets engine allows Vault to act as a [Key Management The KMIP secrets engine allows Vault to act as a [Key Management
Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle Interoperability Protocol](https://docs.oasis-open.org/kmip/kmip-spec/v2.0/os/kmip-spec-v2.0-os.html) (KMIP) server provider and handle
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
services and applications to perform cryptographic operations without having to services and applications to perform cryptographic operations without having to
manage cryptographic material, otherwise known as managed objects, by delegating manage cryptographic material, otherwise known as managed objects, by delegating
@ -135,7 +135,7 @@ which will be used when evaluating permissions during a KMIP request.
### Supported KMIP Operations ### Supported KMIP Operations
The KMIP protocol supports a wide [variety of operations](#kmip-ops) that can be The KMIP protocol supports a wide variety of operations that can be
issued by clients to perform certain actions, such as key management, issued by clients to perform certain actions, such as key management,
encryption, signing, etc. The KMIP secrets engine currently supports a subset of encryption, signing, etc. The KMIP secrets engine currently supports a subset of
KMIP operations. KMIP operations.

View file

@ -51,5 +51,5 @@ If using the Consul HA storage backend, Vault will now automatically register
itself as the `vault` service and perform its own health checks/lifecycle itself as the `vault` service and perform its own health checks/lifecycle
status management. This behavior can be adjusted or turned off in Vault's status management. This behavior can be adjusted or turned off in Vault's
configuration; see the configuration; see the
[documentation](/docs/configuration#check_timeout) [documentation](/docs/configuration/storage/consul/#check_timeout)
for details. for details.

View file

@ -16,7 +16,7 @@ carefully.
Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be Once an active node is running 0.6.1, only standby nodes running 0.6.1+ will be
able to form an HA cluster. If following our [general upgrade able to form an HA cluster. If following our [general upgrade
instructions](/guides/upgrading) this will instructions](/docs/upgrading) this will
not be an issue. not be an issue.
## Health Endpoint Status Code Changes ## Health Endpoint Status Code Changes
@ -57,7 +57,7 @@ details.
If using DynamoDB and want to use HA support, you will need to explicitly If using DynamoDB and want to use HA support, you will need to explicitly
enable it in Vault's configuration; see the enable it in Vault's configuration; see the
[documentation](/docs/configuration#ha_enabled) [documentation](/docs/configuration#ha_storage)
for details. for details.
If you are already using DynamoDB in an HA fashion and wish to keep doing so, If you are already using DynamoDB in an HA fashion and wish to keep doing so,

View file

@ -13,4 +13,4 @@ Due to a rapid release following 0.9.2, there are no version-specific upgrade
instructions although any upgrade notices for 0.9.2 apply if you are coming instructions although any upgrade notices for 0.9.2 apply if you are coming
from a previous version. from a previous version.
Please see the [0.9.2 upgrade guide](/guides/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3. Please see the [0.9.2 upgrade guide](/docs/upgrading/upgrade-to-0.9.2) for notes on upgrading to 0.9.3.

View file

@ -34,7 +34,7 @@ detailed audit logs is almost impossible without a custom solution. This is
where Vault steps in. where Vault steps in.
Examples work best to showcase Vault. Please see the Examples work best to showcase Vault. Please see the
[use cases](/intro/use-cases). [use cases](/docs/use-cases).
The key features of Vault are: The key features of Vault are:
@ -68,9 +68,9 @@ The key features of Vault are:
## Next Steps ## Next Steps
See the page on [Vault use cases](/intro/use-cases) to see the See the page on [Vault use cases](/docs/use-cases) to see the
multiple ways Vault can be used. Then see multiple ways Vault can be used. Then see
[how Vault compares to other software](/intro/vs) [how Vault compares to other software](/docs/vs)
to see how it fits into your existing infrastructure. Finally, continue onwards with to see how it fits into your existing infrastructure. Finally, continue onwards with
the [getting started guide](/intro/getting-started) to use the [getting started guide](https://learn.hashicorp.com/vault/getting-started/install) to use
Vault to read, write, and create real secrets and see how it works in practice. Vault to read, write, and create real secrets and see how it works in practice.

View file

@ -416,7 +416,7 @@ If everything looked fine in [Step 2](#step2), you are ready to write some data.
![Vault UI](/img/vault-java-demo-9.png) ![Vault UI](/img/vault-java-demo-9.png)
You have [verified in the `spring` log](#task-3-examine-the-sprig-container) You have [verified in the `spring` log](#task-3-examine-the-spring-container)
that the demo app successfully retrieved a database credential from the Vault that the demo app successfully retrieved a database credential from the Vault
server during its initialization. server during its initialization.

View file

@ -226,7 +226,7 @@ $ vault write auth/approle/role/<ROLE_NAME> [parameters]
``` ```
> There are a number of > There are a number of
> [parameters](/api/auth/approle#create-new-approle) that you can set > [parameters](/api/auth/approle#create-update-approle) that you can set
> on a role. If you want to limit the use of the generated secret ID, set > on a role. If you want to limit the use of the generated secret ID, set
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can > `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
> specify `token_num_uses` and `token_ttl`. You may never want the app token to > specify `token_num_uses` and `token_ttl`. You may never want the app token to
@ -295,7 +295,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \
``` ```
> There are a number of > There are a number of
> [parameters](/api/auth/approle#create-new-approle) that you can set > [parameters](/api/auth/approle#create-update-approle) that you can set
> on a role. If you want to limit the use of the generated secret ID, set > on a role. If you want to limit the use of the generated secret ID, set
> `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can > `secret_id_num_uses` or `secret_id_ttl` parameter values. Similarly, you can
> specify `token_num_uses` and `token_ttl`. You may never want the app token to > specify `token_num_uses` and `token_ttl`. You may never want the app token to

View file

@ -24,7 +24,7 @@ During the installation of Vault you should also review and apply the recommenda
To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage. To provide a highly-available single cluster architecture, we recommend Vault be deployed to more than one host, as shown in the [Vault Reference Architecture](/guides/operations/reference-architecture), and connected to a Consul cluster for persistent data storage.
![Reference Diagram](/img/vault-ref-arch-2-02305ae7.png) ![Reference Diagram](/img/vault-ref-arch-2.png)
The below setup steps should be completed on all Vault hosts. The below setup steps should be completed on all Vault hosts.

View file

@ -35,7 +35,7 @@ replication setup.
## Reference Materials ## Reference Materials
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication) - [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
- [DR Replication API](/api/system/replication-dr) - [DR Replication API](/api/system/replication/replication-dr)
- [Replication Setup & Guidance](/guides/operations/replication) - [Replication Setup & Guidance](/guides/operations/replication)
- [Vault HA guide](/guides/operations/vault-ha-consul) - [Vault HA guide](/guides/operations/vault-ha-consul)
@ -586,8 +586,8 @@ these operations based on experience within their own environments. You can
review the available replication APIs at the following links: review the available replication APIs at the following links:
- [Vault Replication API](/api/system/replication) - [Vault Replication API](/api/system/replication)
- [DR Replication API](/api/system/replication-dr) - [DR Replication API](/api/system/replication/replication-dr)
- [Performance Replication API](/api/system/replication-performance) - [Performance Replication API](/api/system/replication/replication-performance)
## Next steps ## Next steps

View file

@ -49,7 +49,7 @@ cluster that meets your organization's needs.
- [Replication Setup & Guidance](/guides/operations/replication) - [Replication Setup & Guidance](/guides/operations/replication)
walks you through the commands to activate the Vault servers in replication mode. walks you through the commands to activate the Vault servers in replication mode.
Please note that [Vault Replication](/docs/vault-enterprise/replication) Please note that [Vault Replication](/docs/enterprise/replication)
is a Vault Enterprise feature. is a Vault Enterprise feature.
- [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery) - [Disaster Recovery Replication Setup](/guides/operations/disaster-recovery)

View file

@ -27,7 +27,7 @@ control the movement of secrets across their infrastructure.
- Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault) - Preparing for GDPR Compliance with HashiCorp Vault [webinar](https://www.hashicorp.com/resources/preparing-for-gdpr-compliance-with-hashicorp-vault)
- Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault) - Preparing for GDPR Compliance with HashiCorp Vault [blog post](https://www.hashicorp.com/blog/preparing-for-gdpr-compliance-with-hashicorp-vault)
- [Create Mounts Filter (API)](/api/system/replication-performance#create-mounts-filter) - [Create Mounts Filter (API)](/api/system/replication/replication-performance#create-mounts-filter-deprecated)
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication) - [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
## Estimated Time to Complete ## Estimated Time to Complete

View file

@ -10,7 +10,7 @@ description: Learn how to set up and manage Vault Enterprise Performance Replica
~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_. ~> **Enterprise Only:** Vault replication feature is a part of _Vault Enterprise_.
If you're unfamiliar with Vault Replication concepts, please first look at the If you're unfamiliar with Vault Replication concepts, please first look at the
[general information page](/docs/vault-enterprise/replication). More [general information page](/docs/enterprise/replication). More
details can be found in the details can be found in the
[replication internals](/docs/internals/replication) document. [replication internals](/docs/internals/replication) document.
@ -91,7 +91,7 @@ working with both clusters.
Vaults performance replication model is intended to allow horizontally scaling Vaults Vaults performance replication model is intended to allow horizontally scaling Vaults
functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the functions rather than to act in a strict Disaster Recovery (DR) capacity. For more information on Vault's disaster recovery replication, look at the
[general information page](/docs/vault-enterprise/replication). [general information page](/docs/enterprise/replication).
As a result, Vault performance replication acts on static items within Vault, meaning As a result, Vault performance replication acts on static items within Vault, meaning
information that is not part of Vaults lease-tracking system. In a practical information that is not part of Vaults lease-tracking system. In a practical
@ -172,4 +172,4 @@ Local backend mounts are not replicated and their use will require existing DR
mechanisms if DR is necessary in your implementation. mechanisms if DR is necessary in your implementation.
If you need true DR, look at the If you need true DR, look at the
[general information page](/docs/vault-enterprise/replication) for information on Vault's disaster recovery replication. [general information page](/docs/enterprise/replication) for information on Vault's disaster recovery replication.