luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217. 

- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
This commit is contained in:
Cameron Stokes 2017-01-23 16:41:25 -08:00
parent 82af6a17c8
commit a307328f04
5 changed files with 228 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
website/source/docs/concepts/tokens.html.md
View File

@ -3,7 +3,7 @@ layout: "docs"
page_title: "Tokens"
sidebar_current: "docs-concepts-tokens"
description: |-
Tokens are a core authentication method in Vault. Concepts and important features.
Tokens are a core authentication method in Vault. Concepts and important features.
---
# Tokens
@ -54,7 +54,7 @@ of version 0.6.1, there are only three ways to create root tokens:
expiration
2. By using another root token; a root token with an expiration cannot create a
root token that never expires
3. By using `vault generate-root` ([example](../cookbook/index.html#generate-a-root-token-when-none-exists))
3. By using `vault generate-root` ([example](../guides/generate-root.html))
with the permission of a quorum of unseal key holders
Root tokens are useful in development but should be extremely carefully guarded
@ -205,5 +205,5 @@ to be given periodic tokens.
There are a few important things to know when using periodic tokens:
* When a periodic token is created via a token store role, the _current_ value of the role's period setting will be used at renewal time
* When a periodic token is created via a token store role, the _current_ value of the role's period setting will be used at renewal time
* A token with both a period and an explicit max TTL will act like a periodic token but will be revoked when the explicit max TTL is reached

20
website/source/docs/cookbook/index.html.md
View File

@ -1,20 +0,0 @@
---
layout: "docs"
page_title: "Vault Cookbook"
sidebar_current: "docs-cookbook"
description: |-
Vault server how-to cookbook.
---
# Day-to-day tasks with Vault
## Generate a root token (when none exists)
It's considered [best practice](../concepts/tokens.html#root-tokens) not to keep root tokens around, as they are all-powerful. Instead, if one is absolutely needed, create it using vault's generate-root command:
1. Unseal the vault. You do not need to be authenticated (you do not need an existing root token).
2. Generate a one-time password with `vault generate-root -genotp`
3. Get the encoded root token: `vault generate-root -otp <generated_otp>` (Requires a quorum of unseal keys again, so needs to be done \<quorum\> times.)
4. Decode the encoded root token with `vault generate-root -otp <generated_otp> -decode=<encoded_root_token> `
(See `vault generate-root -h` for information on the alternate technique using a PGP key.)

24
website/source/docs/guides/generate-root.html.md Normal file
View File

@ -0,0 +1,24 @@
---
layout: "docs"
page_title: "Generate Root"
sidebar_current: "docs-guides-generate-root"
description: |-
Generate a new root key using a threshold of unseal keys.
---
# Generate a root token (when none exists)
It's considered [best practice](../concepts/tokens.html#root-tokens) not to
keep root tokens around, as they are all-powerful. Instead, if one is
absolutely needed, create it using Vault's `generate-root` command:
1. Unseal the vault. You do not need to be authenticated (you do not need an
existing root token).
2. Generate a one-time password with `vault generate-root -genotp`.
3. Get the encoded root token: `vault generate-root -otp <generated_otp>`
(Requires a quorum of unseal keys again, so needs to be done \<quorum\> times.)
4. Decode the encoded root token with
`vault generate-root -otp <generated_otp> -decode=<encoded_root_token> `
See `vault generate-root -help` for information on the alternate technique
using a PGP key.

18
website/source/docs/guides/index.html.md Normal file
View File

@ -0,0 +1,18 @@
---
layout: "docs"
page_title: "Guides"
sidebar_current: "docs-guides"
description: |-
This section provides various guides for common actions. Due to the nature of Vault, some of these procedures can be complex, so our goal is to provide guidance to do them safely.
---
# Vault Guides
This section provides various guides for common actions. Due to the nature
of Vault, some of these procedures can be complex, so our goal is to provide
guidance to do them safely.
The following guides are available:
* [Generate Root](/docs/guides/generate-root.html) - This guide covers how to
generate new root tokens using unseal keys.

361
website/source/layouts/docs.erb
View File

@ -1,233 +1,238 @@
<% wrap_layout :inner do %>
<% content_for :sidebar do %>
<div class="docs-sidebar hidden-print affix-top" role="complementary">
<ul class="nav docs-sidenav">
<li<%= sidebar_current("docs-home") %>>
<a href="/docs/index.html">Docs Home</a>
</li>
<% content_for :sidebar do %>
<div class="docs-sidebar hidden-print affix-top" role="complementary">
<ul class="nav docs-sidenav">
<li<%= sidebar_current("docs-home") %>>
<a href="/docs/index.html">Docs Home</a>
</li>
<li<%= sidebar_current("docs-internal") %>>
<a href="/docs/internals/index.html">Internals</a>
<ul class="nav">
<li<%= sidebar_current("docs-internals-architecture") %>>
<a href="/docs/internals/architecture.html">Architecture</a>
<li<%= sidebar_current("docs-internal") %>>
<a href="/docs/internals/index.html">Internals</a>
<ul class="nav">
<li<%= sidebar_current("docs-internals-architecture") %>>
<a href="/docs/internals/architecture.html">Architecture</a>
</li>
<li<%= sidebar_current("docs-internals-ha") %>>
<a href="/docs/internals/high-availability.html">High Availability</a>
</li>
<li<%= sidebar_current("docs-internals-ha") %>>
<a href="/docs/internals/high-availability.html">High Availability</a>
</li>
<li<%= sidebar_current("docs-internals-security") %>>
<a href="/docs/internals/security.html">Security Model</a>
<li<%= sidebar_current("docs-internals-security") %>>
<a href="/docs/internals/security.html">Security Model</a>
</li>
<li<%= sidebar_current("docs-internals-telemetry") %>>
<a href="/docs/internals/telemetry.html">Telemetry</a>
<li<%= sidebar_current("docs-internals-telemetry") %>>
<a href="/docs/internals/telemetry.html">Telemetry</a>
</li>
<li<%= sidebar_current("docs-internals-token") %>>
<a href="/docs/internals/token.html">Token Authentication</a>
<li<%= sidebar_current("docs-internals-token") %>>
<a href="/docs/internals/token.html">Token Authentication</a>
</li>
<li<%= sidebar_current("docs-internals-rotation") %>>
<a href="/docs/internals/rotation.html">Key Rotation</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-internals-rotation") %>>
<a href="/docs/internals/rotation.html">Key Rotation</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-install") %>>
<a href="/docs/install/index.html">Install &amp; Upgrade</a>
</li>
<li<%= sidebar_current("docs-install") %>>
<a href="/docs/install/index.html">Install &amp; Upgrade</a>
</li>
<li<%= sidebar_current("docs-concepts") %>>
<a href="/docs/concepts/index.html">Basic Concepts</a>
<ul class="nav">
<li<%= sidebar_current("docs-concepts-devserver") %>>
<a href="/docs/concepts/dev-server.html">"Dev" Server</a>
</li>
<li<%= sidebar_current("docs-concepts") %>>
<a href="/docs/concepts/index.html">Basic Concepts</a>
<ul class="nav">
<li<%= sidebar_current("docs-concepts-devserver") %>>
<a href="/docs/concepts/dev-server.html">"Dev" Server</a>
</li>
<li<%= sidebar_current("docs-concepts-seal") %>>
<a href="/docs/concepts/seal.html">Seal/Unseal</a>
</li>
<li<%= sidebar_current("docs-concepts-seal") %>>
<a href="/docs/concepts/seal.html">Seal/Unseal</a>
</li>
<li<%= sidebar_current("docs-concepts-lease") %>>
<a href="/docs/concepts/lease.html">Lease, Renew, and Revoke</a>
</li>
<li<%= sidebar_current("docs-concepts-lease") %>>
<a href="/docs/concepts/lease.html">Lease, Renew, and Revoke</a>
</li>
<li<%= sidebar_current("docs-concepts-auth") %>>
<a href="/docs/concepts/auth.html">Authentication</a>
</li>
<li<%= sidebar_current("docs-concepts-auth") %>>
<a href="/docs/concepts/auth.html">Authentication</a>
</li>
<li<%= sidebar_current("docs-concepts-tokens") %>>
<a href="/docs/concepts/tokens.html">Tokens</a>
</li>
<li<%= sidebar_current("docs-concepts-tokens") %>>
<a href="/docs/concepts/tokens.html">Tokens</a>
</li>
<li<%= sidebar_current("docs-concepts-response-wrapping") %>>
<a href="/docs/concepts/response-wrapping.html">Response Wrapping</a>
</li>
<li<%= sidebar_current("docs-concepts-response-wrapping") %>>
<a href="/docs/concepts/response-wrapping.html">Response Wrapping</a>
</li>
<li<%= sidebar_current("docs-concepts-policies") %>>
<a href="/docs/concepts/policies.html">Access Control Policies</a>
</li>
<li<%= sidebar_current("docs-concepts-policies") %>>
<a href="/docs/concepts/policies.html">Access Control Policies</a>
</li>
<li<%= sidebar_current("docs-concepts-ha") %>>
<a href="/docs/concepts/ha.html">High Availability</a>
</li>
<li<%= sidebar_current("docs-concepts-ha") %>>
<a href="/docs/concepts/ha.html">High Availability</a>
</li>
<li<%= sidebar_current("docs-concepts-pgp-gpg-keybase") %>>
<a href="/docs/concepts/pgp-gpg-keybase.html">PGP, GPG, and Keybase</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-concepts-pgp-gpg-keybase") %>>
<a href="/docs/concepts/pgp-gpg-keybase.html">PGP, GPG, and Keybase</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-config") %>>
<a href="/docs/config/index.html">Configuration</a>
</li>
<li<%= sidebar_current("docs-config") %>>
<a href="/docs/config/index.html">Configuration</a>
</li>
<li<%= sidebar_current("docs-commands") %>>
<a href="/docs/commands/index.html">Commands (CLI)</a>
<ul class="nav">
<li<%= sidebar_current("docs-commands-path-help") %>>
<a href="/docs/commands/help.html">Path Help</a>
</li>
<li<%= sidebar_current("docs-commands") %>>
<a href="/docs/commands/index.html">Commands (CLI)</a>
<ul class="nav">
<li<%= sidebar_current("docs-commands-path-help") %>>
<a href="/docs/commands/help.html">Path Help</a>
</li>
<li<%= sidebar_current("docs-commands-readwrite") %>>
<a href="/docs/commands/read-write.html">Reading and Writing Data</a>
</li>
<li<%= sidebar_current("docs-commands-environment") %>>
<a href="/docs/commands/environment.html">Environment Variables</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-commands-readwrite") %>>
<a href="/docs/commands/read-write.html">Reading and Writing Data</a>
</li>
<li<%= sidebar_current("docs-commands-environment") %>>
<a href="/docs/commands/environment.html">Environment Variables</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-http") %>>
<a href="/docs/http/index.html">API & Libraries</a>
</li>
<li<%= sidebar_current("docs-http") %>>
<a href="/docs/http/index.html">API & Libraries</a>
</li>
<hr>
<li<%= sidebar_current("docs-guides") %>>
<a href="/docs/guides/index.html">Guides</a>
<ul class="nav">
<li<%= sidebar_current("docs-guides-generate-root") %>>
<a href="/docs/guides/generate-root.html">Generate Root</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-secrets") %>>
<a href="/docs/secrets/index.html">Secret Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-secrets-aws") %>>
<a href="/docs/secrets/aws/index.html">AWS</a>
</li>
<hr>
<li<%= sidebar_current("docs-secrets-cassandra") %>>
<a href="/docs/secrets/cassandra/index.html">Cassandra</a>
</li>
<li<%= sidebar_current("docs-secrets") %>>
<a href="/docs/secrets/index.html">Secret Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-secrets-aws") %>>
<a href="/docs/secrets/aws/index.html">AWS</a>
</li>
<li<%= sidebar_current("docs-secrets-consul") %>>
<a href="/docs/secrets/consul/index.html">Consul</a>
</li>
<li<%= sidebar_current("docs-secrets-cassandra") %>>
<a href="/docs/secrets/cassandra/index.html">Cassandra</a>
</li>
<li<%= sidebar_current("docs-secrets-cubbyhole") %>>
<a href="/docs/secrets/cubbyhole/index.html">Cubbyhole</a>
</li>
<li<%= sidebar_current("docs-secrets-consul") %>>
<a href="/docs/secrets/consul/index.html">Consul</a>
</li>
<li<%= sidebar_current("docs-secrets-generic") %>>
<a href="/docs/secrets/generic/index.html">Generic</a>
</li>
<li<%= sidebar_current("docs-secrets-cubbyhole") %>>
<a href="/docs/secrets/cubbyhole/index.html">Cubbyhole</a>
</li>
<li<%= sidebar_current("docs-secrets-mongodb") %>>
<a href="/docs/secrets/mongodb/index.html">MongoDB</a>
</li>
<li<%= sidebar_current("docs-secrets-generic") %>>
<a href="/docs/secrets/generic/index.html">Generic</a>
</li>
<li<%= sidebar_current("docs-secrets-mssql") %>>
<a href="/docs/secrets/mssql/index.html">MSSQL</a>
</li>
<li<%= sidebar_current("docs-secrets-mongodb") %>>
<a href="/docs/secrets/mongodb/index.html">MongoDB</a>
</li>
<li<%= sidebar_current("docs-secrets-mysql") %>>
<a href="/docs/secrets/mysql/index.html">MySQL</a>
</li>
<li<%= sidebar_current("docs-secrets-mssql") %>>
<a href="/docs/secrets/mssql/index.html">MSSQL</a>
</li>
<li<%= sidebar_current("docs-secrets-pki") %>>
<a href="/docs/secrets/pki/index.html">PKI (Certificates)</a>
</li>
<li<%= sidebar_current("docs-secrets-mysql") %>>
<a href="/docs/secrets/mysql/index.html">MySQL</a>
</li>
<li<%= sidebar_current("docs-secrets-postgresql") %>>
<a href="/docs/secrets/postgresql/index.html">PostgreSQL</a>
</li>
<li<%= sidebar_current("docs-secrets-pki") %>>
<a href="/docs/secrets/pki/index.html">PKI (Certificates)</a>
</li>
<li<%= sidebar_current("docs-secrets-rabbitmq") %>>
<a href="/docs/secrets/rabbitmq/index.html">RabbitMQ</a>
</li>
<li<%= sidebar_current("docs-secrets-postgresql") %>>
<a href="/docs/secrets/postgresql/index.html">PostgreSQL</a>
</li>
<li<%= sidebar_current("docs-secrets-ssh") %>>
<a href="/docs/secrets/ssh/index.html">SSH</a>
</li>
<li<%= sidebar_current("docs-secrets-rabbitmq") %>>
<a href="/docs/secrets/rabbitmq/index.html">RabbitMQ</a>
</li>
<li<%= sidebar_current("docs-secrets-transit") %>>
<a href="/docs/secrets/transit/index.html">Transit</a>
</li>
<li<%= sidebar_current("docs-secrets-ssh") %>>
<a href="/docs/secrets/ssh/index.html">SSH</a>
</li>
<li<%= sidebar_current("docs-secrets-custom") %>>
<a href="/docs/secrets/custom.html">Custom</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-secrets-transit") %>>
<a href="/docs/secrets/transit/index.html">Transit</a>
</li>
<li<%= sidebar_current("docs-auth") %>>
<a href="/docs/auth/index.html">Auth Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-auth-appid") %>>
<a href="/docs/auth/app-id.html">App ID</a>
</li>
<li<%= sidebar_current("docs-secrets-custom") %>>
<a href="/docs/secrets/custom.html">Custom</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-auth-approle") %>>
<a href="/docs/auth/approle.html">AppRole</a>
</li>
<li<%= sidebar_current("docs-auth") %>>
<a href="/docs/auth/index.html">Auth Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-auth-appid") %>>
<a href="/docs/auth/app-id.html">App ID</a>
</li>
<li<%= sidebar_current("docs-auth-aws-ec2") %>>
<a href="/docs/auth/aws-ec2.html">AWS EC2</a>
</li>
<li<%= sidebar_current("docs-auth-approle") %>>
<a href="/docs/auth/approle.html">AppRole</a>
</li>
<li<%= sidebar_current("docs-auth-github") %>>
<a href="/docs/auth/github.html">GitHub</a>
</li>
<li<%= sidebar_current("docs-auth-aws-ec2") %>>
<a href="/docs/auth/aws-ec2.html">AWS EC2</a>
</li>
<li<%= sidebar_current("docs-auth-ldap") %>>
<a href="/docs/auth/ldap.html">LDAP</a>
</li>
<li<%= sidebar_current("docs-auth-github") %>>
<a href="/docs/auth/github.html">GitHub</a>
</li>
<li<%= sidebar_current("docs-auth-mfa") %>>
<a href="/docs/auth/mfa.html">MFA</a>
</li>
<li<%= sidebar_current("docs-auth-ldap") %>>
<a href="/docs/auth/ldap.html">LDAP</a>
</li>
<li<%= sidebar_current("docs-auth-cert") %>>
<a href="/docs/auth/cert.html">TLS Certificates</a>
</li>
<li<%= sidebar_current("docs-auth-mfa") %>>
<a href="/docs/auth/mfa.html">MFA</a>
</li>
<li<%= sidebar_current("docs-auth-token") %>>
<a href="/docs/auth/token.html">Tokens</a>
</li>
<li<%= sidebar_current("docs-auth-cert") %>>
<a href="/docs/auth/cert.html">TLS Certificates</a>
</li>
<li<%= sidebar_current("docs-auth-userpass") %>>
<a href="/docs/auth/userpass.html">Username &amp; Password</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-auth-token") %>>
<a href="/docs/auth/token.html">Tokens</a>
</li>
<li<%= sidebar_current("docs-audit") %>>
<a href="/docs/audit/index.html">Audit Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-audit-file") %>>
<a href="/docs/audit/file.html">File</a>
<li<%= sidebar_current("docs-auth-userpass") %>>
<a href="/docs/auth/userpass.html">Username &amp; Password</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-audit") %>>
<a href="/docs/audit/index.html">Audit Backends</a>
<ul class="nav">
<li<%= sidebar_current("docs-audit-file") %>>
<a href="/docs/audit/file.html">File</a>
</li>
<li<%= sidebar_current("docs-audit-syslog") %>>
<a href="/docs/audit/syslog.html">Syslog</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-audit-syslog") %>>
<a href="/docs/audit/syslog.html">Syslog</a>
</li>
</ul>
</li>
<li<%= sidebar_current("docs-cookbook") %>>
<a href="/docs/cookbook/index.html">Cookbook</a>
</li>
</ul>
</div>
<% end %>
</ul>
</div>
<% end %>
<%= yield %>
<%= yield %>
<% end %>