diff --git a/website/redirects.txt b/website/redirects.txt index 0a317b3f1..9f59114bc 100644 --- a/website/redirects.txt +++ b/website/redirects.txt @@ -68,10 +68,11 @@ /docs/http/sys-rotate.html /api/system/rotate.html /docs/http/sys-raw.html /api/system/raw.html /docs/http/sys-health.html /api/system/health.html -/docs/guides/generate-root.html /guides/generate-root.html + +/docs/guides/generate-root.html /guides/configuration/generate-root.html /docs/guides/index.html /guides/index.html -/docs/guides/production.html /guides/production.html -/docs/guides/replication.html /guides/replication.html +/docs/guides/production.html /guides/operations/production.html +/docs/guides/replication.html /guides/operations/replication.html /docs/guides/upgrading/index.html /guides/upgrading/index.html /docs/guides/upgrading/upgrade-to-0.5.0.html /guides/upgrading/upgrade-to-0.5.0.html /docs/guides/upgrading/upgrade-to-0.5.1.html /guides/upgrading/upgrade-to-0.5.1.html @@ -81,6 +82,17 @@ /docs/guides/upgrading/upgrade-to-0.6.3.html /guides/upgrading/upgrade-to-0.6.3.html /docs/guides/upgrading/upgrade-to-0.6.4.html /guides/upgrading/upgrade-to-0.6.4.html /docs/guides/upgrading/upgrade-to-0.7.0.html /guides/upgrading/upgrade-to-0.7.0.html +/guides/production.html /guides/operations/production.html +/guides/replication.html /guides/operations/replication.html +/guides/policies.html /guides/configuration/policies.html +/guides/authentication.html /guides/configuration/authentication.html +/guides/lease.html /guides/configuration/lease.html +/guides/generate-root.html /guides/configuration/generate-root.html +/guides/rekeying-and-rotating.html /guides/configuration/rekeying-and-rotating.html +/guides/plugin-backends.html /guides/configuration/plugin-backends.html +/guides/static-secrets.html /guides/secret-mgmt/static-secrets.html +/guides/dynamic-secret.html /guides/secret-mgmt/dynamic-secret.html +/guides/cubbyhole.html /guides/secret-mgmt/cubbyhole.html /docs/secrets/custom.html /docs/plugin/index.html /docs/secrets/generic/index.html /docs/secrets/kv/index.html /intro/getting-started/acl.html /intro/getting-started/policies.html diff --git a/website/source/docs/commands/operator/generate-root.html.md b/website/source/docs/commands/operator/generate-root.html.md index 4a235aa3c..70f0f6da2 100644 --- a/website/source/docs/commands/operator/generate-root.html.md +++ b/website/source/docs/commands/operator/generate-root.html.md @@ -26,7 +26,7 @@ An unseal key may be provided directly on the command line as an argument to the command. If key is specified as "-", the command will read from stdin. If a TTY is available, the command will prompt for text. -Please see the [generate root guide](/guides/generate-root.html) for +Please see the [generate root guide](/guides/configuration/generate-root.html) for step-by-step instructions. ## Examples diff --git a/website/source/docs/commands/operator/rekey.html.md b/website/source/docs/commands/operator/rekey.html.md index 04bd95418..2635d0923 100644 --- a/website/source/docs/commands/operator/rekey.html.md +++ b/website/source/docs/commands/operator/rekey.html.md @@ -22,7 +22,7 @@ An unseal key may be provided directly on the command line as an argument to the command. If key is specified as "-", the command will read from stdin. If a TTY is available, the command will prompt for text. -Please see the [rotating and rekeying](/guides/rekeying-and-rotating.html) for +Please see the [rotating and rekeying](/guides/configuration/rekeying-and-rotating.html) for step-by-step instructions. ## Examples diff --git a/website/source/docs/concepts/policies.html.md b/website/source/docs/concepts/policies.html.md index 20188b88f..6d37e895b 100644 --- a/website/source/docs/concepts/policies.html.md +++ b/website/source/docs/concepts/policies.html.md @@ -437,8 +437,8 @@ $ curl \ For more information, please read: -- [Production Hardening](/guides/production.html) -- [Generating a Root Token](/guides/generate-root.html) +- [Production Hardening](/guides/operations/production.html) +- [Generating a Root Token](/guides/configuration/generate-root.html) ## Managing Policies diff --git a/website/source/docs/concepts/tokens.html.md b/website/source/docs/concepts/tokens.html.md index c917e294f..53e3d12e7 100644 --- a/website/source/docs/concepts/tokens.html.md +++ b/website/source/docs/concepts/tokens.html.md @@ -54,7 +54,7 @@ of version 0.6.1, there are only three ways to create root tokens: expiration 2. By using another root token; a root token with an expiration cannot create a root token that never expires -3. By using `vault generate-root` ([example](/guides/generate-root.html)) +3. By using `vault generate-root` ([example](/guides/configuration/generate-root.html)) with the permission of a quorum of unseal key holders Root tokens are useful in development but should be extremely carefully guarded diff --git a/website/source/docs/enterprise/replication/index.html.md b/website/source/docs/enterprise/replication/index.html.md index f55bc2e47..7d3d1b727 100644 --- a/website/source/docs/enterprise/replication/index.html.md +++ b/website/source/docs/enterprise/replication/index.html.md @@ -134,7 +134,7 @@ its encrypted barrier. ## Setup and Best Practices -A [setup guide](/guides/replication.html) is +A [setup guide](/guides/operations/replication.html) is available to help you get started; this guide also contains best practices around operationalizing the replication feature. diff --git a/website/source/guides/configuration/authentication.html.md b/website/source/guides/configuration/authentication.html.md index 42bb8fa90..882cb0d22 100644 --- a/website/source/guides/configuration/authentication.html.md +++ b/website/source/guides/configuration/authentication.html.md @@ -36,7 +36,7 @@ enabling the [**AppRole**](/docs/auth/approle.html) auth backend. ## Reference Material - [Getting Started](/intro/getting-started/authentication.html) -- [Auth Backends](docs/auth/index.html) +- [Auth Backends](/docs/auth/index.html) - [GitHub Auth APIs](/api/auth/github/index.html) @@ -123,7 +123,7 @@ path "secret/mysql/*" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -133,7 +133,7 @@ to allow machines or apps to acquire a token to interact with Vault. It uses **Role ID** and **Secret ID** for login. The basic workflow is: -![AppRole auth backend workflow](assets/images/vault-approle-workflow.png) +![AppRole auth backend workflow](/assets/images/vault-approle-workflow.png) > For the purpose of introducing the basics of AppRole, this guide walks you > through a very simple scenario involving only two personas (admin and app). @@ -235,7 +235,7 @@ $ vault write auth/approle/role/ [parameters] > specify `token_num_uses` and `token_ttl`. You may never want the app token to > expire. In such a case, specify the `period` so that the token generated by > this AppRole is a periodic token. To learn more about periodic token, refer to -> the [Tokens and Leases](/guifes/lease.html#step4) guide. +> the [Tokens and Leases](/guides/configuration/lease.html#step4) guide. **Example:** @@ -304,7 +304,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ > specify `token_num_uses` and `token_ttl`. You may never want the app token to > expire. In such a case, specify the `period` so that the token generated by > this AppRole is a periodic token. To learn more about periodic token, refer to -> the [Tokens and Leases](/guifes/lease.html#step4) guide. +> the [Tokens and Leases](/guides/configuration/lease.html#step4) guide. **NOTE:** To attach multiple policies, pass the policy names as a comma @@ -617,7 +617,7 @@ For example, Terraform as a trusted entity can deliver the Role ID onto the virtual machine. When the app runs on the virtual machine, the Role ID already exists on the virtual machine. -![AppRole auth backend workflow](assets/images/vault-approle-workflow2.png) +![AppRole auth backend workflow](/assets/images/vault-approle-workflow2.png) Secret ID is like a password. To keep the Secret ID confidential, use [**response wrapping**](/docs/concepts/response-wrapping.html) so that the only @@ -668,4 +668,4 @@ b07d7a47-1d0d-741d-20b4-ae0de7c6d964 ## Next steps To learn more about response wrapping, go to [Cubbyhole Response -Wrapping](/guides/cubbyhole.html) guide. +Wrapping](/guides/secret-mgmt/cubbyhole.html) guide. diff --git a/website/source/guides/configuration/lease.html.md b/website/source/guides/configuration/lease.html.md index e50af7d01..9060e661c 100644 --- a/website/source/guides/configuration/lease.html.md +++ b/website/source/guides/configuration/lease.html.md @@ -41,8 +41,8 @@ two hours later, `b519c6aa...` will be revoked and takes its child ## Reference Material -- The [Validation](/guides/dynamic-secrets.html#validation) section of the -[Secret as a Service](/guides/dynamic-secrets.html) guide demonstrated lease +- The [Validation](/guides/secret-mgmt/dynamic-secrets.html#validation) section of the +[Secret as a Service](/guides/secret-mgmt/dynamic-secrets.html) guide demonstrated lease renewal and revocation - [Tokens documentation](/docs/concepts/tokens.html) - [Token Auth Backend HTTP API](/api/auth/token/index.html) @@ -131,7 +131,7 @@ path "sys/mounts/database/tune" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -625,7 +625,7 @@ are talking about long-running apps need to be able to renew its token indefinitely. -> For more details about AppRole, read the [AppRole Pull --Authentication](/guides/authentication.html) guide. +-Authentication](/guides/configuration/authentication.html) guide. To create AppRole periodic tokens, create your AppRole role with `period` specified. @@ -803,5 +803,5 @@ renewable true ## Next steps Now you have learned the lifecycle of tokens and leases, read [AppRole Pull -Authentication](/guides/authentication.html) guide to learn how to generate +Authentication](/guides/configuration/authentication.html) guide to learn how to generate tokens for apps or machines. diff --git a/website/source/guides/configuration/policies.html.md b/website/source/guides/configuration/policies.html.md index e08de04c7..343b98e7d 100644 --- a/website/source/guides/configuration/policies.html.md +++ b/website/source/guides/configuration/policies.html.md @@ -584,5 +584,5 @@ $ curl --request POST --header "X-Vault-Token: ..." --data '{"path":"sys/auth/ap ## Next steps In this guide, you learned how to write policies based on given policy -requirements. Next, [AppRole Pull Authentication](/guides/authentication.html) +requirements. Next, [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates how to associate policies to a role. diff --git a/website/source/guides/operations/index.html.md b/website/source/guides/operations/index.html.md index 6e8dc8d65..83a3d02d6 100644 --- a/website/source/guides/operations/index.html.md +++ b/website/source/guides/operations/index.html.md @@ -13,11 +13,11 @@ Vault Operations guides address Vault infrastructure discussions. These guides are designed to help the operations team to plan and install a Vault cluster that meets your organization's needs. -- [Production Hardening](/guides/architecture/production.html) guide provides -guidance on best practices for a production hardened deployment of Vault. +- [Production Hardening](/guides/operations/production.html) guide provides +guidance on best practices for a production hardened deployment of Vault. The recommendations are based on the [security model](/docs/internals/security.html) and focus on defense in depth. -- [Replication Setup & Guidance](/guides/architecture/replication.html) +- [Replication Setup & Guidance](/guides/operations/replication.html) walks you through the commands to activate the Vault servers in replication mode. Please note that [Vault Replication](/docs/vault-enterprise/replication/index.html) is a Vault Enterprise feature. diff --git a/website/source/guides/operations/production.html.md b/website/source/guides/operations/production.html.md index 4bc54a110..13f3ad946 100644 --- a/website/source/guides/operations/production.html.md +++ b/website/source/guides/operations/production.html.md @@ -81,7 +81,7 @@ and practical. code](https://www.hashicorp.com/blog/codifying-vault-policies-and-configuration/), and using version control to manage policies. Once setup, the root token should be revoked to eliminate the risk of exposure. Root tokens can be - [generated when needed](/guides/generate-root.html), and should be + [generated when needed](/guides/configuration/generate-root.html), and should be revoked as soon as possible. * **Enable Auditing**. Vault supports several auditing backends. Enabling diff --git a/website/source/guides/secret-mgmt/cubbyhole.html.md b/website/source/guides/secret-mgmt/cubbyhole.html.md index ccbe576d5..b0c6905f3 100644 --- a/website/source/guides/secret-mgmt/cubbyhole.html.md +++ b/website/source/guides/secret-mgmt/cubbyhole.html.md @@ -111,7 +111,7 @@ uses cubbyhole response wrapping. In this guide, you perform the following: **NOTE:** This guide demonstrates how the response wrapping works. To learn more about reading and writing secrets in Vault, refer to the [Static -Secret](/guide/static-secrets.html) guide. +Secret](/guides/secret-mgmt/static-secrets.html) guide. ### Step 1: Create and wrap a token (**Persona:** admin) @@ -539,7 +539,7 @@ Also, refer to [Cubbyhole Secret Backend HTTP API](/api/secret/cubbyhole/index.h ## Next steps -The use of [AppRole Pull Authentication](/guides/authentication.html) is a good +The use of [AppRole Pull Authentication](/guides/configuration/authentication.html) is a good use case to leverage the response wrapping. Go through the guide if you have not done so. To better understand the lifecycle of Vault tokens, proceed to [Tokens -and Leases](/guides/lease.html) guide. +and Leases](/guides/configuration/lease.html) guide. diff --git a/website/source/guides/secret-mgmt/dynamic-secrets.html.md b/website/source/guides/secret-mgmt/dynamic-secrets.html.md index c90a99a92..3e8e0167d 100644 --- a/website/source/guides/secret-mgmt/dynamic-secrets.html.md +++ b/website/source/guides/secret-mgmt/dynamic-secrets.html.md @@ -50,7 +50,7 @@ environment variables. The administrator specifies the TTL of the database credentials to enforce its validity so that they are automatically revoked when they are no longer used. -![Dynamic Secret Workflow](assets/images/vault-dynamic-secrets.png) +![Dynamic Secret Workflow](/assets/images/vault-dynamic-secrets.png) Each app instance can get unique credentials that they don't have to share. By making those credentials to be short-lived, you reduced the change of the secret @@ -124,7 +124,7 @@ path "auth/token/create" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -338,7 +338,7 @@ token_policies [apps default] Use the returned token to perform the remaining. -**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +**NOTE:** [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates more sophisticated way of generating a token for your apps. ```shell @@ -412,7 +412,7 @@ $ curl --header "X-Vault-Token: ..." --request POST \ Be sure to use the returned token to perform the remaining. -**NOTE:** [AppRole Pull Authentication](/guides/authentication.html) guide +**NOTE:** [AppRole Pull Authentication](/guides/configuration/authentication.html) guide demonstrates more sophisticated way of generating a token for your apps. ```shell @@ -498,5 +498,5 @@ user name exists. This guide discussed how to generate credentials on--dataemand so that the access credentials no longer need to be written to disk. Next, learn about the -[Tokens and Leases](/guides/lease.html) so that you can control the lifecycle of +[Tokens and Leases](/guides/configuration/lease.html) so that you can control the lifecycle of those credentials. diff --git a/website/source/guides/secret-mgmt/static-secrets.html.md b/website/source/guides/secret-mgmt/static-secrets.html.md index af7fffd0f..4ebb8e1d8 100644 --- a/website/source/guides/secret-mgmt/static-secrets.html.md +++ b/website/source/guides/secret-mgmt/static-secrets.html.md @@ -20,8 +20,8 @@ Secret Storage. ## Reference Material - [Key/Value Secret Backend](/docs/secrets/kv/index.html) -- [Key/Value Secret Backend API](/apikey/secret/kv/index.html) -- [Client libraries](/apikey/libraries.html) for Vault API for commonly used languages +- [Key/Value Secret Backend API](/api/secret/kv/index.html) +- [Client libraries](/api/libraries.html) for Vault API for commonly used languages ## Estimated Time to Complete @@ -94,7 +94,7 @@ path "auth/token/create" { ``` If you are not familiar with policies, complete the -[policies](/guides/policies.html) guide. +[policies](/guides/configuration/policies.html) guide. ## Steps @@ -545,5 +545,5 @@ $ cat mongodb.txt This guide introduced the CLI commands and API endpoints to read and write secrets in key/value backend. To keep it simple, the `devops` persona generated a token for `apps`. Read [AppRole Pull -Authentication](/guides/authentication.html) guide to learn about +Authentication](/guides/configuration/authentication.html) guide to learn about programmatically generate a token for apps.