Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217.

- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
This commit is contained in:
Cameron Stokes 2017-01-23 16:41:25 -08:00
parent 82af6a17c8
commit a307328f04
5 changed files with 228 additions and 201 deletions

View File

@ -54,7 +54,7 @@ of version 0.6.1, there are only three ways to create root tokens:
expiration
2. By using another root token; a root token with an expiration cannot create a
root token that never expires
3. By using `vault generate-root` ([example](../cookbook/index.html#generate-a-root-token-when-none-exists))
3. By using `vault generate-root` ([example](../guides/generate-root.html))
with the permission of a quorum of unseal key holders
Root tokens are useful in development but should be extremely carefully guarded

View File

@ -1,20 +0,0 @@
---
layout: "docs"
page_title: "Vault Cookbook"
sidebar_current: "docs-cookbook"
description: |-
Vault server how-to cookbook.
---
# Day-to-day tasks with Vault
## Generate a root token (when none exists)
It's considered [best practice](../concepts/tokens.html#root-tokens) not to keep root tokens around, as they are all-powerful. Instead, if one is absolutely needed, create it using vault's generate-root command:
1. Unseal the vault. You do not need to be authenticated (you do not need an existing root token).
2. Generate a one-time password with `vault generate-root -genotp`
3. Get the encoded root token: `vault generate-root -otp <generated_otp>` (Requires a quorum of unseal keys again, so needs to be done \<quorum\> times.)
4. Decode the encoded root token with `vault generate-root -otp <generated_otp> -decode=<encoded_root_token> `
(See `vault generate-root -h` for information on the alternate technique using a PGP key.)

View File

@ -0,0 +1,24 @@
---
layout: "docs"
page_title: "Generate Root"
sidebar_current: "docs-guides-generate-root"
description: |-
Generate a new root key using a threshold of unseal keys.
---
# Generate a root token (when none exists)
It's considered [best practice](../concepts/tokens.html#root-tokens) not to
keep root tokens around, as they are all-powerful. Instead, if one is
absolutely needed, create it using Vault's `generate-root` command:
1. Unseal the vault. You do not need to be authenticated (you do not need an
existing root token).
2. Generate a one-time password with `vault generate-root -genotp`.
3. Get the encoded root token: `vault generate-root -otp <generated_otp>`
(Requires a quorum of unseal keys again, so needs to be done \<quorum\> times.)
4. Decode the encoded root token with
`vault generate-root -otp <generated_otp> -decode=<encoded_root_token> `
See `vault generate-root -help` for information on the alternate technique
using a PGP key.

View File

@ -0,0 +1,18 @@
---
layout: "docs"
page_title: "Guides"
sidebar_current: "docs-guides"
description: |-
This section provides various guides for common actions. Due to the nature of Vault, some of these procedures can be complex, so our goal is to provide guidance to do them safely.
---
# Vault Guides
This section provides various guides for common actions. Due to the nature
of Vault, some of these procedures can be complex, so our goal is to provide
guidance to do them safely.
The following guides are available:
* [Generate Root](/docs/guides/generate-root.html) - This guide covers how to
generate new root tokens using unseal keys.

View File

@ -104,6 +104,15 @@
<a href="/docs/http/index.html">API & Libraries</a>
</li>
<li<%= sidebar_current("docs-guides") %>>
<a href="/docs/guides/index.html">Guides</a>
<ul class="nav">
<li<%= sidebar_current("docs-guides-generate-root") %>>
<a href="/docs/guides/generate-root.html">Generate Root</a>
</li>
</ul>
</li>
<hr>
<li<%= sidebar_current("docs-secrets") %>>
@ -221,10 +230,6 @@
</ul>
</li>
<li<%= sidebar_current("docs-cookbook") %>>
<a href="/docs/cookbook/index.html">Cookbook</a>
</li>
</ul>
</div>
<% end %>