luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

New Website! (#8154) 

* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes
This commit is contained in:
Jeff Escalante 2020-01-17 19:18:09 -05:00 committed by Calvin Leung Huang
parent 9c262d82ec
commit df34412570
883 changed files with 32497 additions and 35617 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.circleci/config.yml generated
View File

@ -305,6 +305,29 @@ jobs:
- GO_VERSION: 1.12.14
- GO111MODULE: 'off'
- GOTESTSUM_VERSION: 0.3.3
website-docker-image:
docker:
- image: circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
command: |
echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
name: Diff package-lock.json
- run:
command: |
if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
cd website/
docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker push hashicorp/vault-website
else
echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
fi
name: Build Docker Image if Necessary
workflows:
ci:
jobs:
@ -332,6 +355,7 @@ workflows:
- test-go-race:
requires:
- build-go-dev
- website-docker-image
version: 2
# Original config.yml file:
@ -574,6 +598,29 @@ workflows:
# export PATH=\"${PWD}\"/bin:${PATH}
# make test-ui-browserstack
# name: Run Browserstack Tests
# website-docker-image:
# docker:
# - image: circleci/buildpack-deps
# shell: /usr/bin/env bash -euo pipefail -c
# steps:
# - checkout
# - setup_remote_docker
# - run:
# command: |
# echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
# name: Diff package-lock.json
# - run:
# command: |
# if [ \"$CIRCLE_BRANCH\" = \"master\" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
# cd website/
# docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
# docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
# docker login -u $DOCKER_USER -p $DOCKER_PASS
# docker push hashicorp/vault-website
# else
# echo \"Not building a new website docker image - branch is not master and/or dependencies have not changed.\"
# fi
# name: Build Docker Image if Necessary
# references:
# cache:
# go-sum: go-sum-v1-{{ checksum \"go.sum\" }}
@ -607,4 +654,5 @@ workflows:
# - build-go-dev
# - test-go-race:
# requires:
# - build-go-dev
# - build-go-dev
# - website-docker-image

22
.circleci/config/jobs/website-docker-image.yml Normal file
View File

@ -0,0 +1,22 @@
docker:
- image: circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
name: Diff package-lock.json
command: |
echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
- run:
name: Build Docker Image if Necessary
command: |
if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
cd website/
docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker push hashicorp/vault-website
else
echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
fi

7
.circleci/config/workflows/ci.yml
View File

@ -15,12 +15,13 @@ jobs:
- install-ui-dependencies
- build-go-dev
filters:
branches:
# Forked pull requests have CIRCLE_BRANCH set to pull/XXX
ignore: /pull\/[0-9]+/
branches:
# Forked pull requests have CIRCLE_BRANCH set to pull/XXX
ignore: /pull\/[0-9]+/
- test-go:
requires:
- build-go-dev
- test-go-race:
requires:
- build-go-dev
- website-docker-image

18
website/.editorconfig Normal file
View File

@ -0,0 +1,18 @@
# This file is for unifying the coding style for different editors and IDEs
# editorconfig.org
root = true
[*]
end_of_line = lf
charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 2
[Makefile]
indent_style = tab
[{*.md,*.json}]
max_line_length = null

5
website/.eslintrc.js Normal file
View File

@ -0,0 +1,5 @@
module.exports = {
...require('@hashicorp/nextjs-scripts/.eslintrc.js'),
/* Specify overrides here */
ignorePatterns: ['public/']
}

5
website/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
node_modules
.DS_Store
.next
out
.mdx-data

1
website/.node-version
View File

@ -1 +0,0 @@
10.15.3

8
website/.npm-upgrade.json Normal file
View File

@ -0,0 +1,8 @@
{
"ignore": {
"marked": {
"versions": "0.8.0",
"reason": "breaks IE"
}
}
}

4
website/.prettierrc
View File

@ -1,4 +0,0 @@
{
"semi": false,
"singleQuote": true
}

7
website/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM node:10.16.3-alpine
RUN apk add --update --no-cache git make g++ automake autoconf libtool nasm libpng-dev
COPY ./package.json /website/package.json
COPY ./package-lock.json /website/package-lock.json
WORKDIR /website
RUN npm install

9
website/Gemfile
View File

@ -1,9 +0,0 @@
source "https://rubygems.org"
gem 'middleman', '~> 4.2'
gem 'middleman-hashicorp', git: 'https://github.com/carrot/middleman-hashicorp'
# gem 'middleman-hashicorp', path: '/Users/jeff/Sites/middleman-hashicorp-carrot'
gem 'builder'
gem 'tzinfo-data', platforms: [:mswin, :mingw, :jruby]
gem 'wdm', '~> 0.1', platforms: [:mswin, :mingw]
gem 'middleman-dato'

175
website/Gemfile.lock
View File

@ -1,175 +0,0 @@
GIT
remote: https://github.com/carrot/middleman-hashicorp
revision: a1e3615e8f7d1c3c798d1ec7d7040ff1ba565c0f
specs:
middleman-hashicorp (0.3.28)
activesupport (~> 5.0)
middleman (~> 4.2)
middleman-dato
middleman-livereload (~> 3.4)
middleman-syntax (~> 3.0)
nokogiri (~> 1.8)
redcarpet (~> 3.3)
GEM
remote: https://rubygems.org/
specs:
activesupport (5.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
backports (3.15.0)
builder (3.2.3)
cacert (0.5.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.12.2)
concurrent-ruby (1.1.5)
contracts (0.13.0)
dato (0.7.7)
activesupport (>= 4.2.7)
addressable
cacert
dato_json_schema
dotenv
faraday (>= 0.9.0)
faraday_middleware (>= 0.9.0)
imgix (>= 0.3.1)
listen
mime-types
pusher-client
thor
toml
dato_json_schema (0.20.8)
dotenv (2.1.0)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
erubis (2.7.0)
eventmachine (1.2.7)
execjs (2.7.0)
faraday (0.17.0)
multipart-post (>= 1.2, < 3)
faraday_middleware (0.13.1)
faraday (>= 0.7.4, < 1.0)
fast_blank (1.0.0)
fastimage (2.1.7)
ffi (1.11.1)
haml (5.1.2)
temple (>= 0.8.0)
tilt
hamster (3.0.0)
concurrent-ruby (~> 1.0)
hashie (3.6.0)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
imgix (3.1.1)
addressable
json (2.2.0)
kramdown (1.17.0)
listen (3.0.8)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
memoist (0.16.0)
middleman (4.3.5)
coffee-script (~> 2.2)
haml (>= 4.0.5)
kramdown (~> 1.2)
middleman-cli (= 4.3.5)
middleman-core (= 4.3.5)
middleman-cli (4.3.5)
thor (>= 0.17.0, < 2.0)
middleman-core (4.3.5)
activesupport (>= 4.2, < 5.1)
addressable (~> 2.3)
backports (~> 3.6)
bundler
contracts (~> 0.13.0)
dotenv
erubis
execjs (~> 2.0)
fast_blank
fastimage (~> 2.0)
hamster (~> 3.0)
hashie (~> 3.4)
i18n (~> 0.9.0)
listen (~> 3.0.0)
memoist (~> 0.14)
padrino-helpers (~> 0.13.0)
parallel
rack (>= 1.4.5, < 3)
sassc (~> 2.0)
servolux
tilt (~> 2.0.9)
uglifier (~> 3.0)
middleman-dato (0.9.0)
activesupport
dato (>= 0.7.0)
dotenv (<= 2.1)
middleman-core (>= 4.1.10)
middleman-livereload (3.4.6)
em-websocket (~> 0.5.1)
middleman-core (>= 3.3)
rack-livereload (~> 0.3.15)
middleman-syntax (3.2.0)
middleman-core (>= 3.2)
rouge (~> 3.2)
mime-types (3.3)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.1009)
mini_portile2 (2.4.0)
minitest (5.12.2)
multipart-post (2.1.1)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
padrino-helpers (0.13.3.4)
i18n (~> 0.6, >= 0.6.7)
padrino-support (= 0.13.3.4)
tilt (>= 1.4.1, < 3)
padrino-support (0.13.3.4)
activesupport (>= 3.1)
parallel (1.18.0)
parslet (1.8.2)
public_suffix (4.0.1)
pusher-client (0.6.2)
json
websocket (~> 1.0)
rack (2.0.7)
rack-livereload (0.3.17)
rack
rb-fsevent (0.10.3)
rb-inotify (0.10.0)
ffi (~> 1.0)
redcarpet (3.5.0)
rouge (3.12.0)
sassc (2.2.1)
ffi (~> 1.9)
servolux (0.13.0)
temple (0.8.2)
thor (0.20.3)
thread_safe (0.3.6)
tilt (2.0.10)
toml (0.2.0)
parslet (~> 1.8.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
uglifier (3.2.0)
execjs (>= 0.3.0, < 3)
websocket (1.2.8)
PLATFORMS
ruby
DEPENDENCIES
builder
bundler (= 2.0.1)
middleman (~> 4.2)
middleman-dato
middleman-hashicorp!
tzinfo-data
wdm (~> 0.1)

10
website/LICENSE.md
View File

@ -1,10 +0,0 @@
# Proprietary License
This license is temporary while a more official one is drafted. However,
this should make it clear:
The text contents of this website are MPL 2.0 licensed.
The design contents of this website are proprietary and may not be reproduced
or reused in any way other than to run the website locally. The license for
the design is owned solely by HashiCorp, Inc.

76
website/Makefile
View File

@ -1,32 +1,56 @@
configure-cache:
@mkdir -p tmp/cache .bundle
build: configure-cache
@echo "==> Starting build in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--volume "$(shell pwd):/opt/buildhome/repo" \
--volume "$(shell pwd)/tmp/cache:/opt/buildhome/cache" \
--user buildbot:$(shell id -g) \
--env "ENV=production" \
netlify/build \
build "sh bootstrap.sh && middleman build --verbose"
website: configure-cache
# Default: run this if working on the website locally to run in watch mode.
website:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting website in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--volume "$(shell pwd):/opt/buildhome/repo" \
--volume "$(shell pwd)/tmp/cache:/opt/buildhome/cache" \
--user buildbot:$(shell id -g) \
--publish "4567:4567" \
--publish "35729:35729" \
--env "ENV=production" \
netlify/build \
build "sh bootstrap.sh && middleman"
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
--publish "3000:3000" \
hashicorp/vault-website \
npm start
.PHONY: configure-cache build website
# This command will generate a static version of the website to the "out" folder.
build:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting build in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
hashicorp/vault-website \
npm run static
# If you are changing node dependencies locally, run this to generate a new
# local Docker image with the dependency changes included.
build-image:
@echo "==> Building Docker image..."
@docker build -t hashicorp-vault-website-local .
# Use this if you have run `build-image` to use the locally built image
# rather than our CI-generated image to test dependency changes.
website-local:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting website in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
--publish "3000:3000" \
hashicorp-vault-website-local \
npm start
.DEFAULT_GOAL := website
.PHONY: build build-image website website-local

87
website/README.md
View File

@ -1,48 +1,73 @@
# Vault Website
This subdirectory contains the entire source for the [Vault Website][vault].
This is a [Middleman][middleman] project, which builds a static site from these
source files.
[![Netlify Status](https://img.shields.io/netlify/f7fa8963-0022-4a0e-9ccf-f5385355906b?style=flat-square)](https://app.netlify.com/sites/vault-docs-platform/deploys)
## Updating Navigation
There are a couple different places on the website that present navigation interfaces with differing levels of detail.
On the homepage, docs index page, and api docs index page, there are grids of major categories [that look like this](https://cl.ly/73df9722848d/Screen%20Shot%202018-11-09%20at%2011.40.56%20AM.png). These major category grids can be updated through [`data/docs_basic_categories.yml`](data/docs_basic_categories.yml) and [`data/api_basic_categories.yml`](data/api_basic_categories.yml).
On the docs and api index pages, there are more detailed breakdowns of top-level documentation pages within each category [that look like this](https://cl.ly/b05cf42402eb/Screen%20Shot%202018-11-09%20at%2011.43.25%20AM.png). These more detailed category listings can be updated through [`data/docs_detailed_categories.yml`](data/docs_detailed_categories.yml) and [`data/api_detailed_categories.yml`](data/api_detailed_categories.yml).
Finally, within a given docs page, there is a sidebar which displays a fully nested version of all docs pages. This sidebar navigation can be updated through via middleman's layouts, found at [`source/layouts/docs.erb`](source/layouts/docs.erb) and [`source/layouts/api.erb`](source/layouts/api.erb). You will see within these files that it is no longer necessary to type out full nested html list item and link tags, you can simply add the documentation page's slug, defined as `sidebar_current` within the frontmatter of any docs markdown file. The sidebar nav component will go find the page by slug and render out its human-readable title and a link for you. This component does not allow broken links or nesting mistakes, so if you make a typo on the slug or put a page in the wrong category, the build will fail.
This subdirectory contains the entire source for the [Vault Website](https://vaultproject.io/). This is a [NextJS](https://nextjs.org/) project, which builds a static site from these source files.
## Contributions Welcome!
If you find a typo or you feel like you can improve the HTML, CSS, or
JavaScript, we welcome contributions. Feel free to open issues or pull requests
like any normal GitHub project, and we'll merge it in.
If you find a typo or you feel like you can improve the HTML, CSS, or JavaScript, we welcome contributions. Feel free to open issues or pull requests like any normal GitHub project, and we'll merge it in 🚀
## Running the Site Locally
When running the site locally, you can choose between running it directly on your machine, or running it through Docker. Docker has the advantage of requiring only Docker to be installed - no other dependencies are needed on your machine. However, Docker's overhead makes the site's compilation perform much slower than running it directly on your machine. If you are a frequent contributor, are bothered by the performance in Docker, or have no issues with installing ruby and node / already have them installed, it might be an advantage to try running the site directly on your machine. Instructions for both approaches are included below.
The website can be run locally through node.js or Docker. If you choose to run through Docker, everything will be a little bit slower due to the additional overhead, so for frequent contributors it may be worth it to use node. Also if you are a vim user, it's also worth noting that vim's swapfile usage can cause issues for the live reload functionality. In order to avoid these issues, make sure you have run `:set backupcopy=yes` within vim.
### Running the Site with Docker
### With Docker
First, make sure that [docker](docker) is installed. It can be installed in many ways, [the desktop app](docker-desktop) is the simplest. To run the site, clone this repo down, `cd` into the `website` directory, and run `make website`. If it is your first time running the site, the build will take a little longer as it needs to download a docker image and a bunch of dependencies, so maybe go grab a coffee. On subsequent runs, it will be faster as dependencies are cached.
Running the site locally is simple. Provided you have Docker installed, clone this repo, run `make`, and then visit `http://localhost:3000`.
### Running the Site Directly
The docker image is pre-built with all the website dependencies installed, which is what makes it so quick and simple, but also means if you need to change dependencies and test the changes within Docker, you'll need a new image. If this is something you need to do, you can run `make build-image` to generate a local Docker image with updated dependencies, then `make website-local` to use that image and preview.
This site requires a recent version of ruby as well as nodejs to be installed in order to run. There are [many ways to install ruby](https://www.ruby-lang.org/en/documentation/installation/), we recommend [rbenv](rbenv), which has very clear installation instructions in its readme, linked here, and installing ruby version `2.4.3`. Once ruby has been installed, you will need to install `bundler` as well, using `gem install bundler`. Node is quite easy to install [via universal binary](node) or [homebrew](homebrew) if you are a mac user.
### With Node
Once ruby and node have been installed, within this directory, you can run `sh bootstrap.sh` to install all the dependencies needed to run the site, then run `middleman` to start the dev server.
If your local development environment has a supported version (v10.0.0+) of [node installed](https://nodejs.org/en/) you can run:
### Browsing the Site Locally
- `npm install`
- `npm start`
Once you have the local dev server running, head to `http://localhost:4567` in your browser. Note that for some URLs, you may need to append
".html" to make them work (in the navigation).
and then visit `http://localhost:3000`.
[middleman]: https://www.middlemanapp.com
[vault]: https://www.vaultproject.io
[docker]: https://www.docker.com/
[docker-desktop]: https://www.docker.com/products/docker-desktop
[rbenv]: https://github.com/rbenv/rbenv#installation
[node]: https://nodejs.org/en/
[homebrew]: https://brew.sh/
If you pull down new code from github, you should run `npm install` again. Otherwise, there's no need to re-run `npm install` each time the site is run, you can just run `npm start` to get it going.
## Editing Content
Documentation content is written in [Markdown](https://www.markdownguide.org/cheat-sheet/) and you'll find all files listed under the `/pages` directory.
To create a new page with Markdown, create a file ending in `.mdx` in the `pages/` directory. The path in the pages directory will be the URL route. For example, `pages/hello/world.mdx` will be served from the `/hello/world` URL.
This file can be standard Markdown and also supports [YAML frontmatter](https://middlemanapp.com/basics/frontmatter/). YAML frontmatter is optional, there are defaults for all keys.
```yaml
---
title: 'My Title'
description: "A thorough, yet succinct description of the page's contents"
---
```
The significant keys in the YAML frontmatter are:
- `title` `(string)` - This is the title of the page that will be set in the HTML title.
- `description` `(string)` - This is a description of the page that will be set in the HTML description.
> ⚠Since `api` is a reserved directory within NextJS, all `/api/**` pages are listed under the `/pages/api-docs` path.
### Editing Sidebars
The structure of the sidebars are controlled by files in the [`/data` directory](data).
- Edit [this file](data/docs-navigation.js) to change the **docs** sidebar
- Edit [this file](data/docs-navigation.js) to change the **api docs** sidebar
To nest sidebar items, you'll want to add a new `category` key/value accompanied by the appropriate embedded `content` values.
- `category` values will be **directory names** within the `pages` directory
- `content` values will be **file names** within their appropriately nested directory.
### Creating New Pages
There is currently a small bug with new page creation - if you create a new page and link it up via subnav data while the server is running, it will report an error saying the page was not found. This can be resolved by restarting the server.
### Deployment
This website is hosted on Netlify and configured to automatically deploy anytime you push code to the `stable-website` branch. Any time a pull request is submitted that changes files within the `website` folder, a deployment preview will appear in the github checks which can be used to validate the way docs changes will look live. Deployments from `stable-website` will look and behave the same way as deployment previews.

30
website/source/netlify-redirects → website/_redirects
View File

@ -1,11 +1,5 @@
# API landing
/api /api/overview
# Docs landing
/docs /docs/install/index.html
# Intro landing
/intro /intro/getting-started/index.html
/api/* /api-docs/:splat 200
/intro /intro/getting-started
/api/secret/generic/index.html /api/secret/kv
/api/system/renew.html /api/system/leases
@ -54,7 +48,6 @@
/guides/upgrading/upgrade-to-0.10.4.html /docs/upgrading/upgrade-to-0.10.4
/guides/upgrading/upgrade-to-0.11.0.html /docs/upgrading/upgrade-to-0.11.0
/guides/upgrading/upgrade-to-0.11.2.html /docs/upgrading/upgrade-to-0.11.2
/guides/upgrading/upgrade-to-1.0.html /docs/upgrading/upgrade-to-1.0.0
/docs/http/sys-audit.html /api/system/audit
/docs/http/sys-auth.html /api/system/auth
/docs/http/sys-health.html /api/system/health
@ -141,7 +134,7 @@
/guides/identity/policy-templating.html https://learn.hashicorp.com/vault/identity-access-management/policy-templating
/guides/identity/authentication.html https://learn.hashicorp.com/vault/identity-access-management/iam-authentication
/guides/identity/approle-trusted-entities.html https://learn.hashicorp.com/vault/identity-access-management/iam-approle-trusted-entities
/guides/identity/lease.html https://learn.hashicorp.com/vault/secrets-management/tokens
/guides/identity/lease.html https://learn.hashicorp.com/vault/secrets-management/sm-lease
/guides/identity/identity.html https://learn.hashicorp.com/vault/identity-access-management/iam-identity
/guides/identity/sentinel.html https://learn.hashicorp.com/vault/identity-access-management/iam-sentinel
/guides/identity/control-groups.html https://learn.hashicorp.com/vault/identity-access-management/iam-control-groups
@ -175,4 +168,19 @@
/intro/vs/index.html /docs/vs
/intro/vs/keywhiz.html /docs/vs/keywhiz
/intro/vs/kms.html /docs/vs/kms
/intro/what-is-vault/index.html /docs/what-is-vault
/intro/what-is-vault/index.html /docs/what-is-vault
# Intro getting started content -> Learn
/intro/index.html https://learn.hashicorp.com/vault/#getting-started
/intro/getting-started/ https://learn.hashicorp.com/vault/getting-started/install
/intro/getting-started/index.html https://learn.hashicorp.com/vault/getting-started/install
/intro/getting-started/dev-server.html https://learn.hashicorp.com/vault/getting-started/dev-server
/intro/getting-started/first-secret.html https://learn.hashicorp.com/vault/getting-started/first-secret
/intro/getting-started/secrets-engines.html https://learn.hashicorp.com/vault/getting-started/secrets-engines
/intro/getting-started/dynamic-secrets.html https://learn.hashicorp.com/vault/getting-started/dynamic-secrets
/intro/getting-started/help.html https://learn.hashicorp.com/vault/getting-started/help
/intro/getting-started/authentication.html https://learn.hashicorp.com/vault/getting-started/authentication
/intro/getting-started/policies.html https://learn.hashicorp.com/vault/getting-started/policies
/intro/getting-started/deploy.html https://learn.hashicorp.com/vault/getting-started/deploy
/intro/getting-started/apis.html https://learn.hashicorp.com/vault/getting-started/apis
/intro/getting-started/next-steps.html https://learn.hashicorp.com/vault/getting-started/next-steps

57
website/assets/app.js
View File

@ -1,57 +0,0 @@
const cssStandards = require('spike-css-standards')
const jsStandards = require('spike-js-standards')
const preactPreset = require('babel-preset-preact')
const extendRule = require('postcss-extend-rule')
const webpack = require('webpack')
/* eslint-disable-next-line */
console.log(`Building assets for environment *${process.env.NODE_ENV}*`)
const isProd =
process.env.NODE_ENV === 'production' ||
process.env.NODE_ENV === 'tmp-production'
let utilServerUrl
if (isProd) {
utilServerUrl = 'https://util.hashicorp.com'
} else {
utilServerUrl = 'https://hashicorp-web-util-staging.herokuapp.com'
}
if (process.env.UTIL_SERVER) {
utilServerUrl = process.env.UTIL_SERVER
// remove trailing slash
utilServerUrl = utilServerUrl.replace(/\/$/, '')
/* eslint-disable-next-line */
console.log(`utilServerUrl=${utilServerUrl}`)
}
let segmentWriteKey
if (isProd) {
segmentWriteKey = 'OdSFDq9PfujQpmkZf03dFpcUlywme4sC'
} else {
segmentWriteKey = '0EXTgkNx0Ydje2PGXVbRhpKKoe5wtzcE'
}
module.exports = {
ignore: ['yarn.lock', '**/_*'],
entry: {
'js/main': './js/index.js',
'js/analytics.js': './js/analytics.js',
'js/consent-manager': './js/consent-manager.js'
},
postcss: cssStandards({
appendPlugins: [extendRule()]
}),
plugins: [
new webpack.DefinePlugin({
'process.env.NODE_ENV': JSON.stringify(process.env.NODE_ENV),
utilityServerRoot: JSON.stringify(utilServerUrl),
segmentWriteKey: JSON.stringify(segmentWriteKey)
})
],
babel: jsStandards({ appendPresets: [preactPreset] }),
server: { open: false }
}

83
website/assets/css/_fonts.css
View File

@ -1,83 +0,0 @@
/* Logo Font (Klavika) */
@font-face {
font-family: 'klavika-web';
src: url('/fonts/klavika/500.woff2') format('woff2'),
url('/fonts/klavika/500.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Display Font (Gilmer) */
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-light.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-light.woff') format('woff');
font-weight: 300;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-regular.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-regular.woff') format('woff');
font-weight: 400;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-medium.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-medium.woff') format('woff');
font-weight: 500;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-bold.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-bold.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Body Font (Metro) */
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-book.woff2') format('woff2'),
url('/fonts/metro/metro-sans-book.woff') format('woff');
font-weight: 300;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-regular.woff2') format('woff2'),
url('/fonts/metro/metro-sans-regular.woff') format('woff');
font-weight: 400;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-semi-bold.woff2') format('woff2'),
url('/fonts/metro/metro-sans-semi-bold.woff') format('woff');
font-weight: 600;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-bold.woff2') format('woff2'),
url('/fonts/metro/metro-sans-bold.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Code Font (Deja Vu) */
@font-face {
font-family: "dejavu-sans-mono-web";
src: url("/fonts/dejavu/DejaVuSansMono.woff2") format("woff2"),
url("/fonts/dejavu/DejaVuSansMono.woff") format("woff");
font-style: normal;
font-weight: 400;
}

40
website/assets/css/_inner.css
View File

@ -1,40 +0,0 @@
.content-wrap {
display: flex;
flex-direction: column;
flex-wrap: wrap;
flex: 1 0 auto;
position: relative;
width: 100%;
@media (min-width: 940px) {
flex-direction: row;
margin-top: 72px;
margin-bottom: 72px;
}
}
#inner {
margin: 64px 0;
overflow: auto;
width: 100%;
@media (min-width: 940px) {
flex: 1;
margin: 0;
}
& .g-content {
@media (max-width: 939px) {
padding-left: 0;
padding-right: 0;
}
& > h1:first-child {
margin-top: 0;
}
}
& .g-section-header {
margin-bottom: 100px;
}
}

133
website/assets/css/_print.css
View File

@ -1,133 +0,0 @@
@media print {
*,
*:before,
*:after {
background: transparent !important;
box-shadow: none !important;
text-shadow: none !important;
}
/* Hide nav elements from print */
.g-mega-nav,
.g-product-subnav,
.g-footer,
.g-docs-sidenav {
display: none;
}
/* Add border around code blocks */
div.highlight {
border: 1px solid #ddd;
page-break-inside: avoid;
& pre.highlight {
margin: 0;
}
}
/* Hide anchor links */
.anchor {
display: none !important;
}
/* Display link address in brackets */
/* Some overrides here because of the way we handle link hover on screens */
a[href]:after {
content: ' (' attr(href) ')' !important;
font-size: 90%;
position: static !important;
opacity: 1 !important;
text-decoration: none !important;
}
.g-content {
& p code {
/* Restore background grey on inline code */
background: rgba(0, 0, 0, 0.05) !important;
}
& pre code {
color: black !important;
& span {
color: black !important;
}
}
& p {
page-break-inside: avoid !important;
}
/* Let code blocks wrap if needed */
& pre > code {
white-space: normal;
}
}
a,
a:visited {
text-decoration: underline !important;
}
abbr[title]:after {
content: ' (' attr(title) ')';
}
a[href^='#']:after,
a[href^='javascript:']:after {
content: '';
}
pre,
blockquote {
border: 1px solid #999;
page-break-inside: avoid;
}
thead {
display: table-header-group;
}
tr,
img {
page-break-inside: avoid;
}
img {
max-width: 100% !important;
}
p,
h2,
h3 {
orphans: 3;
widows: 3;
page-break-inside: avoid;
}
h2,
h3 {
page-break-after: avoid;
}
.label {
border: 1px solid #000;
}
.table,
#inner table {
border-collapse: collapse !important;
}
.table td,
#inner table td,
.table th,
#inner table th {
background-color: #fff !important;
}
.table-bordered th,
.table-bordered td {
border: 1px solid #ddd !important;
}
}

113
website/assets/css/_secondary-nav.css
View File

@ -1,113 +0,0 @@
#secondary-nav {
width: 100%;
border-bottom: 1px solid var(--gray-9);
& .g-container {
display: flex;
flex-direction: column;
flex-wrap: nowrap;
justify-content: space-between;
margin: 0 auto;
@media (min-width: 768px) {
flex-direction: row;
align-items: center;
max-width: var(--medium-grid-max-width);
}
@media (min-width: 1120px) {
max-width: var(--site-max-width);
}
}
&.light {
background-color: var(--white);
color: var(--black);
}
&.dark {
background-color: var(--black);
color: var(--white);
}
& ul {
list-style: none;
padding: 0;
margin: 0;
& li {
display: inline-block;
}
}
& .breadcrumbs {
list-style: none;
padding: 0;
margin: 0;
& li {
font-size: 1.25em;
line-height: 1.6;
padding: .625em 0;
& + li:before {
content: "/\00a0";
font-weight: 300;
margin: 0 5px;
}
&:nth-child(odd) {
font-weight: 300;
}
&.active {
font-weight: bold;
}
}
}
& .doc-links {
& li {
font-size: .875em;
line-height: 1.7;
margin: 0 20px;
padding: 0 0 14px;
@media (min-width: 768px) {
padding: 32px 0;
}
&:first-child {
margin-left: 0;
}
&.active {
border-bottom: 3px solid #1563FF;
& a {
opacity: 0.7;
}
}
& a {
color: inherit;
cursor: pointer;
display: block;
text-decoration: none;
transition: opacity .25s ease;
&:hover {
opacity: 0.7s;
}
& svg {
position: relative;
top: 2px;
width: 14px;
height: 14px;
margin-right: 3px;
}
}
}
}
}

351
website/assets/css/_section.css
View File

@ -1,351 +0,0 @@
@import '@hashicorp/hashi-global-styles/style';
.g-section-block {
padding: 160px 0;
@media (max-width: 1119px) {
padding: 104px 0;
}
@media (max-width: 767px) {
padding: 80px 0;
}
&.theme-white-background-black-text:not(.divider-gray-line)
+ .theme-white-background-black-text {
padding-top: 32px;
}
/* Layout Styles */
&.layout-horizontal {
& > .g-container {
display: flex;
align-items: center;
& > * + * {
margin-left: 96px;
}
}
& .img-container {
flex-shrink: 0;
& img {
align-self: center;
}
}
}
&.layout-vertical {
& > .g-container {
& > * + * {
margin-top: 96px;
@media (max-width: 1119px) {
margin-top: 72px;
}
@media (max-width: 767px) {
margin-top: 56px;
}
}
& > .g-text-and-content + .g-text-and-content {
margin-top: 192px;
@media (max-width: 1119px) {
margin-top: 144px;
}
@media (max-width: 767px) {
margin-top: 112px;
}
}
& > .g-section-header {
& + * {
margin-top: 72px;
@media (max-width: 1119px) {
margin-top: 64px;
}
@media (max-width: 767px) {
margin-top: 40px;
}
}
}
& > * + .btn-container {
margin-top: 40px;
@media (max-width: 767px) {
margin-top: 32px;
}
}
}
}
/* TODO: remove this once new section header is out */
& .g-section-header {
margin: 0 auto;
}
/* Module styles */
& .btn-container {
display: flex;
flex-wrap: wrap;
justify-content: center;
margin: auto -8px -16px;
& > * {
margin: auto 8px 16px;
}
}
& .img-container {
display: flex;
justify-content: center;
& .g-container {
flex-shrink: 0;
width: 100%;
}
& img {
max-width: 100%;
}
& picture {
display: flex;
justify-content: center;
width: 100%;
& img {
object-fit: contain;
font-family: 'object-fit:contain';
flex-shrink: 0;
}
}
}
& .two-col-text-container {
& .g-container {
display: flex;
@media (max-width: 850px) {
flex-direction: column;
}
}
& .left,
& .right {
width: 48%;
flex-shrink: 0;
@media (max-width: 850px) {
width: 100%;
}
& > *:first-child {
margin-top: 0;
}
}
& .left {
margin-right: 4%;
@media (max-width: 850px) {
margin-right: 0;
margin-bottom: 32px;
}
}
& a {
font-weight: 600;
color: inherit;
&:hover {
border-bottom: 1px solid;
opacity: 0.8;
}
}
& h5 {
margin-bottom: 1em;
}
& ul {
list-style: none;
padding-left: 15px;
& li {
display: flex;
align-items: center;
margin-bottom: 5px;
&:before {
content: '';
width: 18px;
height: 18px;
background: url('/img/black-circle-white-check.svg') no-repeat;
background-size: 100%;
margin-right: 10px;
}
}
}
}
& .g-text-and-image {
& .imgwrap {
display: flex;
& picture {
display: flex;
justify-content: center;
width: 100%;
& img {
object-fit: contain;
font-family: 'object-fit:contain';
max-width: 350px;
}
}
}
& .text {
& h2 {
font-size: 1.5rem;
}
& a {
font-weight: 600;
color: white;
padding-bottom: 1px;
&:hover {
border-bottom: 1px solid;
}
}
}
}
& .small-text-tag {
text-align: center;
text-transform: uppercase;
color: #8d9096;
font-size: 0.9rem;
font-weight: 600;
}
& .g-logo-grid.large li {
background-color: white;
}
& .video-container {
max-width: 80%;
margin-left: auto;
margin-right: auto;
}
/* THEMES */
&.theme-terraform-purple-top-gradient {
color: white;
background: linear-gradient(to bottom, #1b212c, #000000);
}
&.theme-dark-blue {
color: white;
background: #1b212d;
}
&.theme-white-background-black-text {
background: white;
color: black;
}
&.theme-black-background-white-text {
background: var(--gray-1);
color: white;
}
&.theme-light-gray {
color: black;
background: #f3f4f6;
}
&.theme-default-blue-gradient {
background: url('/img/backgrounds/partner-cta-bg.svg');
background-position: center center;
background-size: cover;
color: var(--white);
}
&.theme-terraform-purple-gradient {
@extend %gradient-bg;
background: linear-gradient(to right, #695af0, #6b5cf3);
&::before {
background: linear-gradient(to right, #5b48e7, #6b5cf3);
}
}
&.theme-nomad-green-gradient {
@extend %gradient-bg;
background: linear-gradient(to right, #1dbe83, #1ec185);
&::before {
background: linear-gradient(to right, #20c78a, #17c185);
}
}
&.theme-terraform-purple-testimonial-split {
color: white;
position: relative;
overflow: hidden;
&:before {
content: '';
background: linear-gradient(to right, #695af0, #6b5cf3);
width: 100%;
height: 550px;
position: absolute;
top: 0;
left: 0;
}
& .g-container {
position: relative;
}
}
/* DIVIDERS */
&.divider-gray-line {
border-bottom: 1px solid #d9dbdd;
}
&.divider-dark-gray-line {
border-bottom: 1px solid #424242;
}
&.divider-black-down-arrow {
border-bottom: 1px solid #d0d2d5;
position: relative;
&:after {
content: '';
width: 82px;
height: 82px;
background: black url('/img/white-down-chevron.svg') 50% 55% no-repeat;
margin-top: 21px;
border-radius: 50%;
position: absolute;
bottom: -40px;
margin-left: auto;
margin-right: auto;
left: 0;
right: 0;
z-index: 2;
}
}
}

60
website/assets/css/index.css
View File

@ -1,60 +0,0 @@
@import 'normalize.css';
@import '_fonts';
@import '@hashicorp/hashi-global-styles/style';
/* NPM Preact Components */
@import '@hashicorp/hashi-alert/dist/style.css';
@import '@hashicorp/hashi-button/dist/style.css';
@import '@hashicorp/hashi-case-study-slider/dist/style.css';
@import '@hashicorp/hashi-code-block/dist/style.css';
@import '@hashicorp/hashi-consent-manager/dist/style.css';
@import '@hashicorp/hashi-content/dist/style.css';
@import '@hashicorp/hashi-docs-sidenav/dist/style.css';
@import '@hashicorp/hashi-docs-sitemap/dist/style.css';
@import '@hashicorp/hashi-footer/dist/style.css';
@import '@hashicorp/hashi-hero/dist/style.css';
@import '@hashicorp/hashi-linked-text-summary-list/dist/style.css';
@import '@hashicorp/hashi-logo-grid/dist/style.css';
@import '@hashicorp/hashi-mega-nav/dist/style.css';
@import '@hashicorp/hashi-nav/dist/style.css';
@import '@hashicorp/hashi-newsletter-signup-form/dist/style.css';
@import '@hashicorp/hashi-product-downloader/dist/style.css';
@import '@hashicorp/hashi-product-subnav/dist/style.css';
@import '@hashicorp/hashi-section-header/dist/style.css';
@import '@hashicorp/hashi-split-cta/dist/style.css';
@import '@hashicorp/hashi-text-and-content/dist/style.css';
@import '@hashicorp/hashi-toggle/dist/style.css';
@import '@hashicorp/hashi-use-cases/dist/style.css';
@import '@hashicorp/hashi-vertical-text-block-list/dist/style.css';
/* Local Preact Components */
@import '../js/components/before-after-diagram/style.css';
/* to be removed pending new components */
@import '_inner';
@import '_secondary-nav';
/* Layout */
@import '_section';
/* Pages */
@import 'pages/_docs';
@import 'pages/_section_block';
@import 'pages/_home';
@import 'pages/_use_cases';
@import 'pages/_downloads.css';
/* Print styles */
@import '_print';
.g-text-and-content .image img {
width: 100%;
}
/* Hide Mega Nav on mobile */
nav.g-mega-nav {
display: none;
@media (min-width: 1023px) {
display: block;
}
}

37
website/assets/css/pages/_docs.css
View File

@ -1,37 +0,0 @@
#sidebar {
& .g-docs-sidebar {
margin-right: 25px;
}
}
#intro {
padding-bottom: 0px;
& .g-section-header {
margin-bottom: 48px;
& h3 {
margin: 1em auto 0 auto;
width: 85%;
}
}
}
#categories {
& .g-linked-text-summary-list {
padding-top: 12px;
padding-bottom: 12px;
}
}
#sitemap {
@media (max-width: 768px) {
display: none;
}
}
#get-started {
@media (max-width: 768px) {
display: none;
}
}

25
website/assets/css/pages/_downloads.css
View File

@ -1,25 +0,0 @@
#download-vault {
& .content-wrap {
margin-bottom: 118px;
@media (max-width: 1199px) {
margin-bottom: 104px;
}
@media (max-width: 767px) {
margin-bottom: 0px;
}
}
}
#beta1-1-0 {
margin-bottom: 40px;
@media (max-width: 1199px) {
text-align: center;
}
& p:last-child {
margin: 0px;
}
}

78
website/assets/css/pages/_section_block.css
View File

@ -1,78 +0,0 @@
.g-section-block {
& section {
padding-top: 96px;
padding-bottom: 96px;
@media (max-width: 768px) {
padding-top: 60px;
padding-bottom: 60px;
}
&.gray {
background: #f6f7fa;
}
&.black {
background: var(--black);
color: white;
}
&.no-pad {
padding: 0;
}
/* copied over from www, should be component-ized */
& > * + *,
& > .g-container > * + * {
margin-top: 96px;
@media (max-width: 1119px) {
margin-top: 72px;
}
@media (max-width: 767px) {
margin-top: 56px;
}
}
& > .g-section-header,
& > .g-container > .g-section-header {
& + * {
margin-top: 72px;
@media (max-width: 1119px) {
margin-top: 64px;
}
@media (max-width: 767px) {
margin-top: 40px;
}
}
}
& > * + .button-container,
& > .g-container > * + .button-container {
margin-top: 40px;
@media (max-width: 767px) {
margin-top: 32px;
}
}
}
& .button-container {
display: flex;
flex-wrap: wrap;
justify-content: center;
margin: auto -8px -16px;
& > * {
margin: auto 8px 16px;
}
}
/* Temporary Overrides */
& .g-section-header {
margin: 0 auto;
}
}

72
website/assets/css/pages/_use_cases.css
View File

@ -1,72 +0,0 @@
@import '@hashicorp/hashi-global-styles/_variables.css';
#use-cases {
& .g-section-block section.pad-bottom {
padding-bottom: 144px;
}
& .g-logo-grid li img {
max-height: 50%;
max-width: 50%;
}
& .g-section-block.page-wrap {
padding-top: 0;
padding-bottom: 0;
}
& .g-section-block.g-cta-section {
align-items: center;
background: var(--vault-gray-dark);
display: flex;
justify-content: center;
padding-left: 15px;
padding-right: 15px;
position: relative;
text-align: center;
color: var(--white);
& h2 {
margin-top: 0;
}
& .g-btn.white {
background: var(--white);
border: 2px solid var(--white);
color: var(--vault-gray-dark);
&:hover {
background-color: var(--vault-gray);
border-color: var(--vault-gray);
color: var(--white);
& path {
fill: var(--white);
}
}
}
& .g-btn.download svg {
margin: 0 4px -4px 0;
}
& .g-btn.download svg path {
transition: fill 0.25s ease;
}
& .g-btn + .g-btn {
margin-left: 18px;
}
& .g-btn.white-outline {
background: none;
border: 2px solid var(--white);
color: var(--white);
&:hover {
background-color: var(--white);
color: var(--vault-gray-dark);
}
}
}
}

BIN
website/assets/files/press-kit.zip (Stored with Git LFS)
View File

Binary file not shown.

101
website/assets/js/analytics.js
View File

@ -1,101 +0,0 @@
import { each } from './utils'
/* Segment's analytics.js provides a ready() function that is called once tracking is up and running */
/* Some clients block analytics.js, so to prevent errors, we assign noop functions if window.analytics isn't present */
window.analytics.ready(() => {
const analytics = window.analytics || {
trackLink: () => {},
track: () => {},
mock: true
}
// Track all button clicks
track(
'[data-ga-button]',
el => {
return {
event: 'Click',
category: 'Button',
label: el.getAttribute('data-ga-button')
}
},
true
)
// Track product subnav link clicks
track(
'[data-ga-product-subnav]',
el => {
return {
event: 'Click',
category: 'Product Subnav Navigation',
label: el.getAttribute('data-ga-product-subnav')
}
},
true
)
// Track meganav link clicks
track(
'[data-ga-meganav]',
el => {
return {
event: 'Click',
category: 'Meganav Navigation',
label: el.getAttribute('data-ga-meganav')
}
},
true
)
// Track footer link clicks
track(
'[data-ga-footer]',
el => {
return {
event: 'Click',
category: 'Footer Navigation',
label: el.getAttribute('data-ga-footer')
}
},
true
)
// Track outbound links
track(
'a[href^="http"]:not([href^="http://vaultproject.io"]):not([href^="https://vaultproject.io"]):not([href^="http://www.vaultproject.io"]):not([href^="https://www.vaultproject.io"])',
el => {
return {
event: `Outbound Link | ${window.location.pathname}`,
category: 'Outbound link',
label: el.href
}
},
true
)
// Note: Downloads are tracked from within the Product Downloader component
/**
* Wrapper for segment's track function that will track multiple elements,
* normalize parameters, and easily switch between tracking links or events.
* @param {String} selector - query selector, multi element compatible
* @param {Function} cb - optional function that should return params, and will receive the element as a parameter
* @param {Boolean} [link=false] - if true, tracks a link click
*/
function track(selector, cb, link = false) {
each(document.querySelectorAll(selector), el => {
let params = cb
if (typeof cb === 'function') params = cb(el)
const event = params.event
delete params.event
if (link) {
analytics.trackLink(el, event, params)
} else {
el.addEventListener('click', () => {
analytics.track(event, params)
})
}
})
}
})

32
website/assets/js/components/before-after-diagram/alert-icon.js
View File

@ -1,32 +0,0 @@
const { h } = require('preact')
module.exports = function AlertIcon() {
return (
<svg
width="24"
height="24"
viewBox="0 0 24 24"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
fillRule="evenodd"
clipRule="evenodd"
d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z"
fill="white"
stroke="#E80134"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M12 8V12"
stroke="#E80134"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
<circle cx="12" cy="16" r="1" fill="#E80134" />
</svg>
)
}

27
website/assets/js/components/before-after-diagram/check-icon.js
View File

@ -1,27 +0,0 @@
const { h } = require('preact')
module.exports = function CheckIcon() {
return (
<svg
width="24"
height="24"
viewBox="0 0 24 24"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M12 23C5.92487 23 0.999999 18.0751 0.999999 12C1 5.92487 5.92487 0.999999 12 0.999999C18.0751 1 23 5.92487 23 12C23 18.0751 18.0751 23 12 23Z"
fill="black"
stroke="black"
strokeWidth="2"
/>
<path
d="M16.6663 9.08203L10.2497 15.4987L7.33301 12.582"
stroke="white"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
</svg>
)
}

94
website/assets/js/components/before-after-diagram/index.js
View File

@ -1,94 +0,0 @@
const { h, Component } = require('preact')
const { decode } = require('reshape-preact-components')
const marked = require('8fold-marked')
const Image = require('@hashicorp/hashi-image').default
const AlertIcon = require('./alert-icon')
const CheckIcon = require('./check-icon')
module.exports = class BeforeAfterDiagram extends Component {
render() {
const data = decode(this.props._data)
const markedOptions = this.generateMarkedOptions()
return (
<div class={`g-before-after-diagrams ${data.theme}`}>
<div class="before">
<div class="image">
<div>
<Image src={data.before_image.url} svg="true" />
</div>
</div>
<div class="content">
<span class="line">
<span />
<AlertIcon />
<span />
</span>
<div>
{data.before_headline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(data.before_headline, [])
}}
/>
)}
{data.before_content && (
<div
dangerouslySetInnerHTML={{
__html: marked(data.before_content, markedOptions)
}}
/>
)}
</div>
</div>
</div>
<div class="after">
<div class="image">
<div>
<Image src={data.after_image.url} svg="true" />
</div>
</div>
<div class="content">
<div class="line">
<CheckIcon />
</div>
<div>
{data.after_headline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(data.after_headline, [])
}}
/>
)}
{data.after_content && (
<div
dangerouslySetInnerHTML={{
__html: marked(data.after_content, markedOptions)
}}
/>
)}
</div>
</div>
</div>
</div>
)
}
generateMarkedOptions() {
const markedRenderer = new marked.Renderer()
markedRenderer.heading = function(text, level) {
return `<h${level} class="g-type-label">${text}</h${level}>`
}
markedRenderer.paragraph = function(text) {
return `<p class="g-type-body">${text}</p>`
}
markedRenderer.list = function(text) {
return `<ul class="g-type-body">${text}</ul>`
}
return { renderer: markedRenderer }
}
}

24
website/assets/js/index.js
View File

@ -1,24 +0,0 @@
// components
import { each, initializeComponents } from './utils'
// external components
import nav from '@hashicorp/hashi-nav'
import footer from '@hashicorp/hashi-footer'
import newsletterSignupForm from '@hashicorp/hashi-newsletter-signup-form'
import productSubnav from '@hashicorp/hashi-product-subnav'
import megaNav from '@hashicorp/hashi-mega-nav'
import productDownloader from '@hashicorp/hashi-product-downloader'
import hero from '@hashicorp/hashi-hero'
import docsSidenav from '@hashicorp/hashi-docs-sidenav'
import consentManager from '@hashicorp/hashi-consent-manager'
const components = initializeComponents({
nav,
footer,
newsletterSignupForm,
productSubnav,
megaNav,
productDownloader,
hero,
docsSidenav,
consentManager
})

70
website/assets/js/utils.js
View File

@ -1,70 +0,0 @@
import { render } from 'preact'
import { hydrateInitialState } from 'reshape-preact-components/lib/browser'
// rehydrates and initializes top-level preact components
export function initializeComponents(obj) {
const res = {}
for (let k in obj) {
const name = getName(k)
res[name] = []
each(document.querySelectorAll(`.g-${name}`), el => {
// do not initialize nested components
const matches = Object.keys(obj)
.map(getName)
.reduce((m, name) => {
const parent = findParent(el, `.g-${name}`)
if (parent) m.push(parent)
return m
}, [])
if (matches.length > 1) return
// if there's no data-state, don't try
if (!el.dataset.state || !el.dataset.state.length) {
return
}
// otherwise, initialize away
const vdom = hydrateInitialState(el.dataset.state, {
[`hashi-${name}`]: obj[k]
})
res[name].push(render(vdom, el.parentElement, el))
})
}
return res
function getName(s) {
return s.replace(/([A-Z])/g, '-$1').toLowerCase()
}
}
// iterates through a NodeList
export function each(list, cb) {
for (let i = 0; i < list.length; i++) {
cb(list[i], i)
}
}
// polyfills object-fit in unsupported browsers
export function fixObjectFit() {
if (Modernizr.objectfit) {
import('object-fit-images').then(ofi => {
ofi.default()
})
}
}
// given an element and selector, finds the closest parent element. doesn't
// handle attribute selectors, just class, id, and element name
export function findParent(el, selector) {
const firstChar = selector[0]
if (firstChar === '.') {
if (el.classList.contains(selector.substr(1))) return el
} else if (firstChar === '#') {
if (el.id === selector.substr(1)) return el
} else {
if (el.tagName.toLowerCase() === selector) return el
}
if (!el.parentNode.tagName) return undefined
return findParent(el.parentNode, selector)
}

11632
website/assets/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

67
website/assets/package.json
View File

@ -1,67 +0,0 @@
{
"name": "middleman-spike-assets",
"description": "simple config to use postcss and webpack for asset processing",
"version": "0.0.0",
"author": "Jeff Escalante",
"main": "app.js",
"dependencies": {
"8fold-marked": "^0.3.8",
"@hashicorp-tmp/consent-manager": "^0.0.5",
"@hashicorp/hashi-alert": "^2.0.0",
"@hashicorp/hashi-button": "^2.0.0",
"@hashicorp/hashi-case-study-slider": "^2.3.0",
"@hashicorp/hashi-code-block": "^1.2.0",
"@hashicorp/hashi-consent-manager": "^2.0.0",
"@hashicorp/hashi-content": "^2.0.1",
"@hashicorp/hashi-docs-sidenav": "^2.0.0",
"@hashicorp/hashi-docs-sitemap": "^0.1.6",
"@hashicorp/hashi-footer": "^2.0.2",
"@hashicorp/hashi-ga-form-fields": "1.0.2",
"@hashicorp/hashi-global-styles": "^2.0.3",
"@hashicorp/hashi-hero": "^4.0.0",
"@hashicorp/hashi-image": "1.0.5",
"@hashicorp/hashi-linked-text-summary-list": "^1.0.1",
"@hashicorp/hashi-logo-grid": "^2.4.1",
"@hashicorp/hashi-mega-nav": "2.0.0",
"@hashicorp/hashi-nav": "^1.1.2",
"@hashicorp/hashi-newsletter-signup-form": "^2.0.0",
"@hashicorp/hashi-product-downloader": "^1.0.0",
"@hashicorp/hashi-product-subnav": "^1.0.1",
"@hashicorp/hashi-section-header": "^5.0.0",
"@hashicorp/hashi-split-cta": "^1.0.0",
"@hashicorp/hashi-text-and-content": "^1.1.0",
"@hashicorp/hashi-toggle": "0.2.3",
"@hashicorp/hashi-use-cases": "^1.0.1",
"@hashicorp/hashi-vertical-text-block-list": "^1.0.0",
"@hashicorp/js-utils": "^1.0.0",
"@hashicorp/localstorage-polyfill": "^1.0.3",
"@segment/in-eu": "^0.2.1",
"@segment/top-domain": "^3.0.0",
"color-contrast": "^0.0.1",
"highlight.js": "^9.15.10",
"js-cookie": "^2.2.0",
"marked": "^0.5.1",
"normalize.css": "^8.0.0",
"object-assign": "^4.1.1",
"object-fit-images": "^3.2.4",
"postcss-extend-rule": "^2.0.0",
"preact": "^8.3.1",
"promise-polyfill": "^8.1.0",
"query-string": "^5.1.1",
"reshape-preact-components": "^0.6.0",
"siema": "^1.5.1",
"slugify": "^1.3.1",
"strftime": "^0.10.0",
"tippy.js": "^3.0.6",
"unfetch": "^4.0.1"
},
"devDependencies": {
"babel-preset-preact": "^1.1.0",
"babel-register": "^6.26.0",
"node-fetch": "^2.2.1",
"spike": "^2.3.0",
"spike-css-standards": "^4.0.0",
"spike-js-standards": "^2.1.0",
"webpack-bundle-analyzer": "^3.0.3"
}
}

42
website/assets/reshape.js
View File

@ -1,42 +0,0 @@
const button = require('@hashicorp/hashi-button')
const caseStudySlider = require('@hashicorp/hashi-case-study-slider')
const consentManager = require('@hashicorp/hashi-consent-manager')
const content = require('@hashicorp/hashi-content')
const docsSidenav = require('@hashicorp/hashi-docs-sidenav')
const docsSitemap = require('@hashicorp/hashi-docs-sitemap')
const footer = require('@hashicorp/hashi-footer')
const hero = require('@hashicorp/hashi-hero')
const linkedTextSummaryList = require('@hashicorp/hashi-linked-text-summary-list')
const megaNav = require('@hashicorp/hashi-mega-nav')
const nav = require('@hashicorp/hashi-nav')
const productDownloader = require('@hashicorp/hashi-product-downloader')
const productSubnav = require('@hashicorp/hashi-product-subnav')
const sectionHeader = require('@hashicorp/hashi-section-header')
const splitCta = require('@hashicorp/hashi-split-cta')
const textAndContent = require('@hashicorp/hashi-text-and-content')
const useCases = require('@hashicorp/hashi-use-cases')
const verticalTextBlockList = require('@hashicorp/hashi-vertical-text-block-list')
const beforeAfterDiagram = require('./js/components/before-after-diagram')
module.exports = {
'hashi-button': button,
'hashi-case-study-slider': caseStudySlider,
'hashi-consent-manager': consentManager,
'hashi-content': content,
'hashi-docs-sidenav': docsSidenav,
'hashi-docs-sitemap': docsSitemap,
'hashi-footer': footer,
'hashi-hero': hero,
'hashi-linked-text-summary-list': linkedTextSummaryList,
'hashi-mega-nav': megaNav,
'hashi-nav': nav,
'hashi-product-downloader': productDownloader,
'hashi-product-subnav': productSubnav,
'hashi-section-header': sectionHeader,
'hashi-split-cta': splitCta,
'hashi-text-and-content': textAndContent,
'hashi-use-cases': useCases,
'hashi-vertical-text-block-list': verticalTextBlockList,
'hashi-before-after': beforeAfterDiagram
}

7314
website/assets/yarn.lock
View File

File diff suppressed because it is too large Load Diff

4
website/babel.config.js Normal file
View File

@ -0,0 +1,4 @@
module.exports = {
presets: ['next/babel'],
plugins: ['import-glob-array']
}

6
website/bootstrap.sh
View File

@ -1,6 +0,0 @@
echo "==> installing bundler and middleman"
gem install bundler middleman --no-ri --no-rdoc
echo "==> installing ruby dependencies"
bundle
echo "==> installing node dependencies"
cd assets && npm install

1
website/components/before-after-diagram/img/alert-icon.svg Normal file
View File

@ -0,0 +1 @@
<svg width="24" height="24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 22c5.523 0 10-4.477 10-10S17.523 2 12 2 2 6.477 2 12s4.477 10 10 10z" fill="#fff" stroke="#E80134"/><path d="M12 8v4" stroke="#E80134"/><circle cx="12" cy="16" r="1" fill="#E80134"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 276 B

1
website/components/before-after-diagram/img/alert-triangle.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><path stroke="#D2D4DB" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M8.575 4.048L1.517 15.832a1.667 1.667 0 001.425 2.5h14.116a1.667 1.667 0 001.425-2.5L11.425 4.048a1.667 1.667 0 00-2.85 0z" clip-rule="evenodd"/><path stroke="#E80134" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M10 8.332v3.333"/><circle cx="10" cy="15.001" fill="#E80134" r=".833"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 481 B

1
website/components/before-after-diagram/img/check-circle-blue.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="19" fill="none"><path stroke="#D2D4DB" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M15.75 9.928v.698a7.5 7.5 0 11-4.447-6.855"/><path stroke="#1563FF" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M16.5 3.875l-8.25 8.25L6 9.875"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 345 B

1
website/components/before-after-diagram/img/check-circle.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="none"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M15.75 9.053v.698a7.5 7.5 0 11-4.447-6.855"/><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M16.5 3l-8.25 8.25L6 9"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 304 B

1
website/components/before-after-diagram/img/check-icon.svg Normal file
View File

@ -0,0 +1 @@
<svg width="24" height="24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 23C5.925 23 1 18.075 1 12S5.925 1 12 1s11 4.925 11 11-4.925 11-11 11z" fill="#000" stroke="#000"/><path d="M16.666 9.082l-6.416 6.417-2.917-2.917" stroke="#fff"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 256 B

108
website/components/before-after-diagram/index.jsx Normal file
View File

@ -0,0 +1,108 @@
import marked from 'marked'
import Image from '@hashicorp/react-image'
import alertIcon from './img/alert-icon.svg?include'
import checkIcon from './img/check-icon.svg?include'
function BeforeAfterDiagram(props) {
const markedOptions = generateMarkedOptions()
const {
theme,
beforeHeadline,
beforeContent,
beforeImage,
afterHeadline,
afterContent,
afterImage
} = props
return (
<div className={`g-before-after-diagrams ${theme}`}>
<div className="before">
<div className="image">
<div>
<Image {...beforeImage} />
</div>
</div>
<div className="content">
<span className="line">
<span />
<div
dangerouslySetInnerHTML={{
__html: alertIcon
}}
/>
<span />
</span>
<div>
{beforeHeadline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(beforeHeadline, [])
}}
/>
)}
{beforeContent && (
<div
className="g-type-body-small"
dangerouslySetInnerHTML={{
__html: marked(beforeContent, markedOptions)
}}
/>
)}
</div>
</div>
</div>
<div className="after">
<div className="image">
<div>
<Image {...afterImage} />
</div>
</div>
<div className="content">
<div className="line">
<div
dangerouslySetInnerHTML={{
__html: checkIcon
}}
/>
</div>
<div>
{afterHeadline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(afterHeadline, [])
}}
/>
)}
{afterContent && (
<div
dangerouslySetInnerHTML={{
__html: marked(afterContent, markedOptions)
}}
/>
)}
</div>
</div>
</div>
</div>
)
}
export default BeforeAfterDiagram
function generateMarkedOptions() {
const markedRenderer = new marked.Renderer()
markedRenderer.heading = function(text, level) {
return `<h${level} class="g-type-label">${text}</h${level}>`
}
markedRenderer.paragraph = function(text) {
return `<p class="g-type-body-small">${text}</p>`
}
markedRenderer.list = function(text) {
return `<ul class="g-type-body-small">${text}</ul>`
}
return { renderer: markedRenderer }
}

131
website/assets/js/components/before-after-diagram/style.css → website/components/before-after-diagram/style.css
View File

@ -94,7 +94,7 @@
}
& .content {
border: 1px solid var(--gray-9);
border: 1px solid var(--DEPRECATED-gray-9);
padding: 24px 32px 20px;
position: relative;
flex-grow: 1;
@ -123,7 +123,7 @@
&:before {
border-color: rgba(229, 230, 235, 0);
border-bottom-color: var(--gray-9);
border-bottom-color: var(--DEPRECATED-gray-9);
border-width: 18px;
margin-left: -18px;
}
@ -152,7 +152,7 @@
}
& h3 {
border-bottom: 1px solid var(--gray-9);
border-bottom: 1px solid var(--DEPRECATED-gray-9);
color: var(--black);
margin: 0 0 24px;
padding-bottom: 24px;
@ -161,10 +161,6 @@
& h4 {
display: block;
font-size: 0.75rem;
font-weight: var(--font-weight-bold);
letter-spacing: 0.5px;
line-height: 1.125rem;
margin: 24px 0 26px;
text-transform: uppercase;
}
@ -216,7 +212,7 @@
background-image: linear-gradient(
90deg,
rgba(210, 212, 219, 0) 0%,
var(--gray-8) 100%
var(--DEPRECATED-gray-8) 100%
);
right: calc(50% + 20px);
width: calc(50% + 140px);
@ -225,7 +221,7 @@
background-image: linear-gradient(
180deg,
rgba(210, 212, 219, 0) 0%,
var(--gray-8) 100%
var(--DEPRECATED-gray-8) 100%
);
height: 245px;
right: auto;
@ -237,7 +233,7 @@
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--DEPRECATED-gray-8) 0%,
var(--black) 100%
);
left: calc(50% + 20px);
@ -245,7 +241,7 @@
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--DEPRECATED-gray-8) 0%,
var(--black) 100%
);
height: calc(100% + 375px);
@ -298,121 +294,14 @@
}
/*
* TERRAFORM THEME
* VAULT THEME
*/
&.terraform {
& .line span {
&:first-child {
background-image: linear-gradient(
90deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
}
}
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--terraform-purple) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--terraform-purple) 100%
);
}
&:after {
border-color: transparent transparent transparent
var(--terraform-purple);
border-style: solid;
border-width: 5.5px 0 5.5px 8px;
}
}
}
&.vault {
& .after {
& li:before {
background: url('/img/icons/check-circle-purple.svg');
background: url('/img/icons/check-circle-blue.svg');
height: 19px;
}
.line {
svg,
path:first-child {
fill: var(--terraform-purple);
stroke: var(--terraform-purple);
}
}
}
}
/*
* CONSUL THEME
*/
&.consul {
& .line span {
&:first-child {
background-image: linear-gradient(
90deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
}
}
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--consul-pink) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--consul-pink) 100%
);
}
&:after {
border-color: transparent transparent transparent var(--consul-pink);
border-style: solid;
border-width: 5.5px 0 5.5px 8px;
}
}
}
& .after {
& li:before {
background: url('/img/icons/check-circle-pink.svg');
height: 19px;
}
.line {
svg,
path:first-child {
fill: var(--consul-pink);
stroke: var(--consul-pink);
}
}
}
}
}

65
website/components/default-head-tags/index.jsx Normal file
View File

@ -0,0 +1,65 @@
import Head from 'next/head'
export default function DefaultHeadTags() {
return (
<Head>
<title key="title">Vault by HashiCorp</title>
<meta charSet="utf-8" />
<meta httpEquiv="x-ua-compatible" content="ie=edge" />
{/* ref: https://www.phpied.com/minimum-viable-sharing-meta-tags/ */}
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="website" />
<meta
property="og:site_name"
content="Vault by HashiCorp"
key="og-name"
/>
<meta name="twitter:site" content="@HashiCorp" />
<meta name="twitter:card" content="summary_large_image" />
<meta
property="article:publisher"
content="https://www.facebook.com/HashiCorp/"
/>
<meta
name="description"
property="og:description"
content="Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, auditing, and provides secrets as a service through a unified API."
key="description"
/>
<meta
property="og:image"
content="https://www.vaultproject.io/img/og-image.png"
key="image"
/>
<link
sizes="16x16"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=16&w=16"
/>
<link
sizes="32x32"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=32&w=32"
/>
<link
sizes="96x96"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=96&w=96"
/>
<link
sizes="192x192"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=192&w=192"
/>
<link rel="stylesheet" href="/css/nprogress.css"></link>
<link
href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&display=swap"
rel="stylesheet"
/>
</Head>
)
}

1
website/components/docs-page/img/github-icon.svg Normal file
View File

@ -0,0 +1 @@
<svg width="23" height="22" xmlns="http://www.w3.org/2000/svg"><path d="M11.608.342C5.535.342.61 5.162.61 11.108c0 4.757 3.152 8.792 7.523 10.215.55.1.751-.233.751-.518 0-.256-.01-.933-.015-1.831-3.06.65-3.705-1.444-3.705-1.444-.5-1.243-1.222-1.574-1.222-1.574-.998-.668.076-.655.076-.655 1.104.076 1.685 1.11 1.685 1.11.981 1.645 2.575 1.17 3.201.894.1-.695.385-1.17.699-1.439-2.443-.271-5.011-1.195-5.011-5.32 0-1.176.429-2.137 1.132-2.89-.113-.272-.49-1.367.108-2.849 0 0 .924-.289 3.025 1.104.877-.24 1.819-.358 2.754-.363.934.005 1.875.124 2.754.363 2.1-1.393 3.022-1.104 3.022-1.104.6 1.482.222 2.577.11 2.85.705.752 1.13 1.713 1.13 2.888 0 4.136-2.572 5.046-5.022 5.313.394.332.746.99.746 1.994 0 1.438-.013 2.6-.013 2.953 0 .288.198.623.756.518 4.368-1.427 7.516-5.46 7.516-10.215 0-5.946-4.925-10.766-11-10.766" fill="#161514" fill-rule="evenodd"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 863 B

60
website/components/docs-page/index.jsx Normal file
View File

@ -0,0 +1,60 @@
import DocsSidenav from '@hashicorp/react-docs-sidenav'
import Content from '@hashicorp/react-content'
import InlineSvg from '@hashicorp/react-inline-svg'
import githubIcon from './img/github-icon.svg?include'
import Link from 'next/link'
import Head from 'next/head'
export default function DocsPage({
children,
path,
orderData,
frontMatter,
category,
pageMeta
}) {
return (
<div id="p-docs">
<Head>
<title key="title">{pageMeta.page_title} | Vault by HashiCorp</title>
{pageMeta.description && (
<meta
name="description"
property="og:description"
content={pageMeta.description}
key="description"
/>
)}
</Head>
<div className="content-wrap g-container">
<div id="sidebar" role="complementary">
<div className="nav docs-nav">
<DocsSidenav
currentPage={path}
category={category}
order={orderData}
data={frontMatter}
Link={Link}
/>
</div>
</div>
<div id="inner" role="main">
<Content product="vault" content={children} />
</div>
</div>
<div id="edit-this-page" className="g-container">
<a
href={`https://github.com/hashicorp/vault/blob/master/website/pages/${pageMeta.__resourcePath}`}
>
<InlineSvg src={githubIcon} />
<span>Edit this page</span>
</a>
</div>
</div>
)
}
export async function getInitialProps({ asPath }) {
return { path: asPath }
}

77
website/components/docs-page/style.css Normal file
View File

@ -0,0 +1,77 @@
#p-docs {
& .content-wrap {
display: flex;
flex-direction: column;
flex-wrap: wrap;
flex: 1 0 auto;
position: relative;
width: 100%;
@media (min-width: 940px) {
flex-direction: row;
margin-top: 72px;
margin-bottom: 24px;
}
}
& #inner {
margin: 64px 0;
overflow: auto;
width: 100%;
@media (min-width: 940px) {
flex: 1;
margin: 0;
}
& .g-content {
@media (max-width: 939px) {
padding-left: 0;
padding-right: 0;
}
& > h1:first-child {
margin-top: 0;
}
}
& .g-section-header {
margin-bottom: 100px;
}
/* TODO: this should be applied in global styles, temporary override here */
& pre,
& code {
font-size: 0.875em;
}
& pre code {
font-size: 1em;
}
}
& #edit-this-page {
margin-bottom: 48px;
display: flex;
justify-content: flex-end;
& a {
color: var(--gray-1);
display: flex;
align-items: center;
opacity: 0.5;
transition: opacity 0.4s ease;
padding-right: 32px;
&:hover {
opacity: 1;
}
& > div {
margin-right: 9px;
width: 23px;
height: 22px;
}
}
}
}

1
website/components/subnav/img/carat.svg Normal file
View File

@ -0,0 +1 @@
<svg width="8" height="5" fill="none"><path stroke="#000" d="M1 1l3 3 3-3"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 82 B

1
website/components/subnav/img/download.svg Normal file
View File

@ -0,0 +1 @@
<svg width="14" height="16"><path d="M6.734 11.047a.667.667 0 00.944 0l2.666-2.666a.666.666 0 10-.943-.943L7.873 8.967V1.243a.666.666 0 10-1.334 0v7.724L5.011 7.438a.666.666 0 10-.943.943l2.666 2.666zm7.139.196v2c0 1.102-.897 2-2 2H2.54c-1.103 0-2-.898-2-2v-2a.666.666 0 111.333 0v2c0 .367.299.666.667.666h9.333a.667.667 0 00.667-.666v-2a.666.666 0 111.333 0z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 368 B

1
website/components/subnav/img/github.svg Normal file
View File

@ -0,0 +1 @@
<svg width="20" height="20"><path d="M9.97.271C4.464.271 0 4.736 0 10.241c0 4.404 2.875 8.134 6.789 9.48.49.061.673-.245.673-.49V17.52c-2.753.612-3.364-1.345-3.364-1.345-.428-1.162-1.101-1.468-1.101-1.468-.917-.612.061-.612.061-.612.979.061 1.53 1.04 1.53 1.04.917 1.529 2.323 1.1 2.874.856a2.13 2.13 0 01.611-1.345C5.872 14.4 3.547 13.544 3.547 9.69c0-1.1.367-1.957 1.04-2.69-.061-.184-.428-1.224.122-2.57 0 0 .857-.244 2.753 1.04.795-.244 1.651-.306 2.507-.306.857 0 1.713.123 2.508.306 1.896-1.284 2.752-1.04 2.752-1.04.55 1.346.184 2.386.123 2.63a3.956 3.956 0 011.04 2.692c0 3.853-2.325 4.648-4.527 4.893.367.305.673.917.673 1.834v2.753c0 .244.184.55.673.489A9.98 9.98 0 0020 10.241C19.939 4.736 15.474.27 9.97.27z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 728 B

203
website/components/subnav/index.jsx Normal file
View File

@ -0,0 +1,203 @@
import React, { Component } from 'react'
import Link from 'next/link'
import LinkWrap from '@hashicorp/react-link-wrap'
import InlineSvg from '@hashicorp/react-inline-svg'
import caratIcon from './img/carat.svg?include'
import downloadIcon from './img/download.svg?include'
import githubIcon from './img/github.svg?include'
class ProductSubnav extends Component {
constructor(props) {
super(props)
this.state = {
fixNav: true,
menuOpen: false
}
this.toggleMenu = this.toggleMenu.bind(this)
this.openSubmenu = this.openSubmenu.bind(this)
this.closeSubmenu = this.closeSubmenu.bind(this)
}
toggleMenu() {
this.setState({ menuOpen: !this.state.menuOpen })
}
openSubmenu(e) {
const dropdown = e.currentTarget.nextElementSibling
dropdown && dropdown.classList.add('open')
}
closeSubmenu(e) {
e.currentTarget.parentElement.classList.remove('open')
}
render() {
const {
rootUrl,
buttonText,
hideDownloadIcon,
buttonExternal,
links
} = this.props
const currentProduct = {
slug: 'vault',
siteUrl: 'https://www.vaultproject.io',
downloadUrl: '/downloads',
githubUrl: 'https://github.com/hashicorp/vault',
colorLogo: {
url: 'https://www.datocms-assets.com/2885/1509990185-vault-dark.svg',
alt: 'Vault Logo'
}
}
return (
<div className={`g-product-subnav ${currentProduct.slug}`}>
<div className={`wrapper${this.state.fixed ? ' fixed' : ''}`}>
<div className="g-container">
<div className="logo-wrapper">
<div className="logo">
<Link href="/">
<a
data-ga-product-subnav={`Product logo | ${currentProduct.slug}`}
>
<img
src={currentProduct.colorLogo.url}
alt={currentProduct.colorLogo.alt}
/>
<h4>
{currentProduct.slug.charAt(0).toUpperCase() +
currentProduct.slug.slice(1)}
</h4>
</a>
</Link>
</div>
</div>
<div
className={`toggle${currentProduct.downloadUrl ? ' center' : ''}${
this.state.menuOpen ? ' open' : ''
}`}
>
<span onClick={this.toggleMenu}>
<InlineSvg src={caratIcon} />
</span>
</div>
<div
className={`links-wrapper${this.state.menuOpen ? ' open' : ''}`}
>
<div className="links g-type-body-small-strong">
<ul>
{links.map(link => {
if (link.title === '|')
return <li className="divider" key="divider" />
return link.links ? (
<li className="dropdown" key={link.title}>
<span onClick={this.openSubmenu}>
{link.title}
<InlineSvg src={caratIcon} />
</span>
<ul>
<li className="close" onClick={this.closeSubmenu}>
<span>
<InlineSvg src={caratIcon} /> Back
</span>
</li>
<li className="name">{link.title}</li>
{link.links.map(sublink => (
<li key={sublink.title}>
<LinkWrap
Link={Link}
href={resolveLocalUrl(rootUrl, sublink.url)}
{...(sublink.external && {
rel: 'noopener',
target: '_blank'
})}
data-ga-product-subnav={`Subnav sublink | ${sublink.title}`}
>
{sublink.title}
</LinkWrap>
</li>
))}
</ul>
</li>
) : (
<li key={link.url}>
<LinkWrap
Link={Link}
href={resolveLocalUrl(rootUrl, link.url)}
onClick={this.toggleMenu}
{...(link.external && {
rel: 'noopener',
target: '_blank'
})}
data-ga-product-subnav={`Subnav link | ${link.title}`}
>
{link.title}
</LinkWrap>
</li>
)
})}
</ul>
<div className="ctas-mobile">
{currentProduct.githubUrl && (
<a className="github g-btn" href={currentProduct.githubUrl}>
<InlineSvg src={githubIcon} /> GitHub
</a>
)}
{currentProduct.downloadUrl && (
<LinkWrap
Link={Link}
className="download g-btn variant-primary brand-vault background-light"
href={resolveLocalUrl(
rootUrl,
currentProduct.downloadUrl
)}
data-ga-product-subnav={`Download mobile | ${currentProduct.slug}`}
{...(buttonExternal && {
rel: 'noopener',
target: '_blank'
})}
>
{!hideDownloadIcon && <InlineSvg src={downloadIcon} />}
<span>{buttonText || 'Download'}</span>
</LinkWrap>
)}
</div>
</div>
</div>
<div className="ctas">
{currentProduct.githubUrl && (
<a className="github" href={currentProduct.githubUrl}>
<InlineSvg src={githubIcon} />
</a>
)}
{currentProduct.downloadUrl && (
<LinkWrap
Link={Link}
className="download g-btn variant-primary brand-vault background-light"
href={resolveLocalUrl(rootUrl, currentProduct.downloadUrl)}
data-ga-product-subnav={`Download desktop | ${currentProduct.slug}`}
{...(buttonExternal && { rel: 'noopener', target: '_blank' })}
>
{!hideDownloadIcon && <InlineSvg src={downloadIcon} />}
<span>{buttonText || 'Download'}</span>
</LinkWrap>
)}
</div>
</div>
</div>
</div>
)
}
}
// This function ensures that if the root url is the same as the link's url,
// we strip the root and resolve from a relative path, so as to not redirect
// from the local dev environment to production unexpectedly.
function resolveLocalUrl(rootUrl, url) {
const urlRegex = new RegExp(`^(?:http(?:s)*://)?(?:www.)?${rootUrl}`)
return url.replace(/\.html$/, '').replace(urlRegex, '')
}
export default ProductSubnav

554
website/components/subnav/style.css Normal file
View File

@ -0,0 +1,554 @@
.g-product-subnav {
position: relative;
z-index: 75;
font-size: 0.875rem;
line-height: 1.25rem;
font-family: var(--font-body);
@media (max-width: 1140px) {
height: 64px;
}
@media (max-width: 767px) {
height: 54px;
}
& .wrapper {
padding: 25px 0;
@media (max-width: 1140px) {
background-color: var(--white);
padding: 0;
}
&.fixed {
@media (max-width: 1140px) {
position: fixed;
top: 0;
left: 0;
width: 100%;
}
}
}
& .g-container {
display: flex;
align-items: center;
height: 100%;
@media (max-width: 1140px) {
justify-content: space-between;
height: 64px;
}
@media (max-width: 767px) {
height: 54px;
}
}
& .dropdown {
cursor: pointer;
@media (min-width: 1140px) {
position: relative;
}
&:hover ul {
@media (min-width: 1140px) {
visibility: visible;
opacity: 1;
}
}
& ul {
display: flex;
flex-direction: column;
position: absolute;
top: 100%;
left: 0;
visibility: hidden;
opacity: 0;
list-style: none;
background: var(--white);
color: var(--DEPRECATED-gray-1);
box-shadow: 0px 8px 24px rgba(0, 0, 0, 0.08);
min-width: 180px;
margin: 0 0 0 -18px;
padding: 0;
border-radius: 2px;
z-index: 4;
}
}
& .logo {
padding-bottom: 10px;
margin-bottom: -13px;
margin-right: 32px;
@media (max-width: 1140px) {
margin-right: 0;
width: auto;
}
& > a {
align-items: center;
color: var(--black);
display: flex;
& > img {
width: 45px;
height: 45px;
@media (max-width: 1140px) {
width: 30px;
height: 30px;
}
}
& > svg {
margin-left: 10px;
& path {
stroke: var(--DEPRECATED-gray-5);
}
@media (max-width: 1140px) {
display: none;
}
}
}
& h4 {
display: flex;
align-items: center;
font-family: var(--font-klavika);
font-size: 2.2rem;
margin: 0;
padding: 6px 0 6px 10px;
font-weight: var(--font-weight-bold);
@media (max-width: 1140px) {
font-size: 1.8em;
}
}
}
& .toggle {
display: none;
@media (max-width: 1140px) {
align-items: center;
display: flex;
position: absolute;
right: 20px;
}
&.center {
height: 100%;
justify-content: center;
left: 0;
position: absolute;
top: 0;
width: 100%;
@media (max-width: 767px) {
position: relative;
}
}
&.open svg {
transform: rotate(-180deg);
}
& span {
cursor: pointer;
padding: 5px;
line-height: 0;
}
& svg {
width: 14px;
height: 9px;
transition: 0.25s ease;
transition-property: transform;
}
& path {
stroke: var(--brand);
}
}
& .links-wrapper {
background-color: var(--white);
margin-left: auto;
margin-right: 32px;
@media (max-width: 1140px) {
position: absolute;
top: 100%;
left: 0;
height: 0;
overflow: hidden;
transition: 0.25s ease;
transition-property: height;
z-index: 4;
width: 100%;
}
&.open {
@media (max-width: 1140px) {
overflow-y: visible;
height: 100vh;
}
}
}
& .links {
display: flex;
font-weight: var(--font-weight-bold);
position: relative;
@media (max-width: 1140px) {
display: block;
position: absolute;
top: 0;
left: 0;
width: 100%;
padding: 10px 24px;
overflow-x: hidden;
}
& ul a,
& ul span {
color: inherit;
padding: 0 0 8px;
transition: 0.25s ease;
transition-property: border-bottom-color;
@media (max-width: 1140px) {
display: block;
padding: 12px 0;
border-bottom: 1px solid var(--DEPRECATED-gray-9);
}
}
& span {
@media (max-width: 1140px) {
display: flex;
justify-content: space-between;
align-items: center;
}
}
& > ul {
list-style: none;
padding: 0;
margin: 0;
display: flex;
flex-direction: row;
justify-content: space-between;
align-items: center;
@media (max-width: 1140px) {
flex-direction: column;
justify-content: flex-start;
font-size: 1.125rem;
line-height: 1.75rem;
font-weight: normal;
}
& + ul {
@media (min-width: 1140px) {
border-left: 1px solid var(--DEPRECATED-gray-8);
padding-left: 24px;
margin-left: 24px;
}
@media (min-width: 1200px) {
padding-left: 32px;
margin-left: 32px;
}
}
& > li {
margin-right: 35px;
@media (max-width: 1140px) {
margin-right: 28px;
}
@media (max-width: 1140px) {
margin-right: 0;
}
&:last-child {
@media (min-width: 1140px) {
margin-right: 0;
}
}
& > a,
& > span {
@media (min-width: 1140px) {
border-bottom: 2px solid transparent;
}
}
& .selected,
& > a:hover {
@media (min-width: 1140px) {
border-bottom-color: var(--brand);
}
}
}
}
& .dropdown {
& > span > div {
margin: -2px 0 0 8px;
float: right;
@media (max-width: 1140px) {
display: inline-block;
float: none;
margin: 0;
transform: rotate(-90deg);
width: 12px;
}
}
& path {
stroke: var(--DEPRECATED-gray-6);
@media (max-width: 1140px) {
stroke: var(--DEPRECATED-gray-1);
}
}
& ul {
transition: 0.25s ease;
transition-property: left, opacity, visibility;
margin: 6px 0 0 -23px;
padding: 15px 29px 15px 24px;
@media (max-width: 1140px) {
visibility: visible;
opacity: 1;
position: absolute;
top: 0;
bottom: 0;
left: 100%;
padding: 10px 24px;
margin: 0;
width: 100%;
box-shadow: none;
}
&.open {
@media (max-width: 1140px) {
left: 0;
}
}
}
& li {
@media (min-width: 1140px) {
margin: 9px 0;
}
&.close,
&.name {
@media (min-width: 1140px) {
display: none;
}
}
&.close {
& span {
justify-content: flex-start;
}
& div {
display: inline-block;
}
& svg {
margin: 2px 12px 3px 0;
transform: rotate(90deg);
}
}
&.name {
border: none;
color: var(--DEPRECATED-gray-5);
font-weight: var(--font-weight-bold);
font-size: 0.75rem;
letter-spacing: 0.03125rem;
text-transform: uppercase;
padding: 24px 0 12px;
}
& a,
& span {
white-space: nowrap;
@media (min-width: 1140px) {
border: none;
}
&:hover {
@media (min-width: 1140px) {
color: var(--DEPRECATED-gray-3);
}
}
}
}
}
}
& .divider {
border-left: 1px solid #d2d4db;
width: 1px;
height: 100%;
}
& .ctas-mobile,
& .ctas {
& .download,
& .github {
font-size: 0.875rem;
border-radius: 2px;
display: flex;
align-items: center;
& > div {
line-height: 0;
}
}
& .download {
color: var(--white);
border: none;
& path {
fill: var(--white);
}
}
& .github {
border: 1px solid var(--DEPRECATED-gray-8);
transition: 0.25s ease;
transition-property: transform;
color: inherit;
& path {
fill: var(--DEPRECATED-gray-1);
}
}
}
& .ctas {
display: flex;
& .github {
padding: 7px;
height: 2.25rem;
width: 2.25rem;
@media (max-width: 1140px) {
display: none;
}
&:hover {
transform: translateY(-1px);
& path {
fill: var(--DEPRECATED-gray-3);
}
}
}
& .download {
margin-left: 16px;
padding: 10px 15px 10px 12px;
white-space: nowrap;
@media (max-width: 1140px) {
background: none;
color: inherit;
padding: 0;
border-bottom: 2px solid transparent;
margin-left: 0;
}
&:hover {
@media (max-width: 1140px) {
color: var(--DEPRECATED-gray-5);
transform: none;
}
&:after {
@media (max-width: 1140px) {
display: none;
}
}
}
& div {
margin-right: 8px;
line-height: 0;
@media (max-width: 767px) {
display: none;
}
}
& path {
fill: var(--white);
@media (max-width: 1140px) {
fill: var(--brand);
}
}
& span {
line-height: 1em;
}
}
}
& .ctas-mobile {
margin: 56px 0 28px;
@media (min-width: 1140px) {
display: none;
}
& a {
display: flex;
align-items: center;
justify-content: center;
& + a {
margin-top: 16px;
}
&.github {
padding: 13px;
background: transparent;
& > div {
line-height: 0;
}
}
&.download {
padding: 14px;
}
& svg {
margin-right: 8px;
}
}
}
}

23
website/components/use-case-cta-section/index.jsx Normal file
View File

@ -0,0 +1,23 @@
export default function UseCaseCtaSection() {
return (
<section className="g-section-block g-cta-section">
<div>
<h2>Ready to get started?</h2>
<a className="g-btn white download" href="/downloads.html">
<svg
xmlns="http://www.w3.org/2000/svg"
width="20"
height="22"
viewBox="0 0 20 22"
>
<path d="M9.292 15.706a1 1 0 0 0 1.416 0l3.999-3.999a1 1 0 1 0-1.414-1.414L11 12.586V1a1 1 0 1 0-2 0v11.586l-2.293-2.293a1 1 0 1 0-1.414 1.414l3.999 3.999zM20 16v3c0 1.654-1.346 3-3 3H3c-1.654 0-3-1.346-3-3v-3a1 1 0 1 1 2 0v3c0 .551.448 1 1 1h14c.552 0 1-.449 1-1v-3a1 1 0 1 1 2 0z"></path>
</svg>
Download
</a>
<a className="g-btn white-outline" href="/docs">
Explore Docs
</a>
</div>
</section>
)
}

49
website/components/use-case-cta-section/style.css Normal file
View File

@ -0,0 +1,49 @@
.g-section-block.g-cta-section {
-webkit-box-align: center;
align-items: center;
background: var(--gray-2);
display: -webkit-box;
display: flex;
-webkit-box-pack: center;
justify-content: center;
padding-left: 15px;
padding-right: 15px;
position: relative;
text-align: center;
color: var(--white);
& .g-btn.white {
background: var(--white);
border: 2px solid var(--white);
color: var(--gray-2);
&:hover {
background-color: var(--gray-1);
border-color: var(--gray-1);
color: var(--white);
& path {
fill: var(--white);
}
}
}
& .g-btn.white-outline {
background: none;
border: 2px solid var(--white);
color: var(--white);
&:hover {
background-color: var(--white);
color: var(--gray-2);
}
}
& .g-btn.download svg {
margin: 0 4px -4px 0;
}
& .g-btn + .g-btn {
margin-left: 18px;
}
}

182
website/config.rb
View File

@ -1,182 +0,0 @@
set :product_name, "Vault"
set :base_url, "https://www.vaultproject.io/"
# Middleware for rendering preact components
use ReshapeMiddleware, component_file: "assets/reshape.js"
activate :hashicorp do |h|
h.name = "vault"
h.version = "1.3.1"
h.github_slug = "hashicorp/vault"
h.website_root = "website"
h.releases_enabled = true
h.datocms_api_key = '78d2968c99a076419fbb'
end
# Netlify redirects/headers
proxy '_redirects', 'netlify-redirects', ignore: true
helpers do
# Formats and filters a category of docs for the sidebar component
def get_sidebar_data(category)
sitemap.resources.select { |resource|
!!Regexp.new("^#{category}").match(resource.path)
}.map { |resource|
{
path: resource.path,
data: resource.data.to_hash.tap { |a| a.delete 'description'; a }
}
}
end
# Returns the FQDN of the image URL.
# @param [String] path
# @return [String]
def image_url(path)
File.join(config[:base_url], "/img/#{path}")
end
# Get the title for the page.
#
# @param [Middleman::Page] page
#
# @return [String]
def title_for(page)
if page && page.data.page_title
return "#{page.data.page_title} - Vault by HashiCorp"
end
"Vault by HashiCorp"
end
# Get the description for the page
#
# @param [Middleman::Page] page
#
# @return [String]
def description_for(page)
description = (page.data.description || "")
.gsub('"', '')
.gsub(/\n+/, ' ')
.squeeze(' ')
return escape_html(description)
end
# This helps by setting the "active" class for sidebar nav elements
# if the YAML frontmatter matches the expected value.
def sidebar_current(expected)
current = current_page.data.sidebar_current || ""
if current.start_with?(expected)
return " class=\"active\""
else
return ""
end
end
# Returns the id for this page.
# @return [String]
def body_id_for(page)
if !(name = page.data.sidebar_current).blank?
return "page-#{name.strip}"
end
if page.url == "/" || page.url == "/index.html"
return "page-home"
end
if page.path.include? "use-cases"
return "use-cases"
end
if !(title = page.data.page_title).blank?
return title
.downcase
.gsub('"', '')
.gsub(/[^\w]+/, '-')
.gsub(/_+/, '-')
.squeeze('-')
.squeeze(' ')
end
return ""
end
# Returns the list of classes for this page.
# @return [String]
def body_classes_for(page)
classes = []
if !(layout = page.data.layout).blank?
classes << "layout-#{page.data.layout}"
end
if !(title = page.data.page_title).blank?
title = title
.downcase
.gsub('"', '')
.gsub(/[^\w]+/, '-')
.gsub(/_+/, '-')
.squeeze('-')
.squeeze(' ')
classes << "page-#{title}"
end
return classes.join(" ")
end
# Returns data / attributes used by the product subnav component.
# @return [Object]
def getSubNavData
return {
current_path: current_page.path,
products: dato.enterprise_products.map(&:to_hash),
subnav: {
tdm_focused_links: [
{
title: "Intro",
url: "/intro"
},
{
item_type: "dropdown_link",
title: "Use Cases",
links: [{
title: "Secrets Management",
url: "/use-cases/secrets-management"
},
{
title: "Data Encryption",
url: "/use-cases/data-encryption"
}, {
title: "Identity-based Access",
url: "/use-cases/identity-based-access"
}]
},
{
title: "Enterprise",
url: "https://www.hashicorp.com/products/vault/enterprise"
},
{
title: "Whitepaper",
url: "https://www.hashicorp.com/resources/unlocking-the-cloud-operating-model-security?utm_source=vaultsubnav"
}
],
practitioner_focused_links: [
{
title: "Learn",
url: "https://learn.hashicorp.com/vault"
},
{
title: "Docs",
url: "/docs"
},
{
title: "API",
url: "/api"
},
{
title: "Community",
url: "/community"
}
],
product: dato.vault_product_page.subnav.product.to_hash
}
}
end
end

153
website/data/api-navigation.js Normal file
View File

@ -0,0 +1,153 @@
// The root folder for this documentation category is `pages/api-docs`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
'index',
'libraries',
'relatedtools',
'------------',
{
category: 'secret',
content: [
{ category: 'ad' },
{ category: 'alicloud' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'consul' },
{ category: 'cubbyhole' },
{
category: 'databases',
content: [
'cassandra',
'elasticdb',
'influxdb',
'hanadb',
'mongodb',
'mssql',
'mysql-maria',
'postgresql',
'oracle'
]
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
content: ['kv-v1', 'kv-v2']
},
{
category: 'identity',
content: [
'entity',
'entity-alias',
'group',
'group-alias',
'tokens',
'lookup'
]
},
{ category: 'nomad' },
{ category: 'pki' },
{ category: 'rabbitmq' },
{ category: 'ssh' },
{ category: 'totp' },
{ category: 'transit' },
'-----------------------',
{ category: 'cassandra' },
{ category: 'mongodb' },
{ category: 'mssql' },
{ category: 'mysql' },
{ category: 'postgresql' }
]
},
{
category: 'auth',
content: [
{ category: 'alicloud' },
{ category: 'approle' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'cf' },
{ category: 'github' },
{ category: 'gcp' },
{ category: 'jwt' },
{ category: 'kerberos' },
{ category: 'kubernetes' },
{ category: 'ldap' },
{ category: 'oci' },
{ category: 'okta' },
{ category: 'radius' },
{ category: 'cert' },
{ category: 'token' },
{ category: 'userpass' },
{ category: 'app-id' }
]
},
{
category: 'system',
content: [
'audit',
'audit-hash',
'auth',
'capabilities',
'capabilities-accessor',
'capabilities-self',
'config-auditing',
'config-control-group',
'config-cors',
'config-state',
'config-ui',
'control-group',
'generate-root',
'health',
'host-info',
'init',
'internal-specs-openapi',
'internal-ui-mounts',
'key-status',
'leader',
'leases',
'license',
'metrics',
{
category: 'mfa',
content: ['duo', 'okta', 'pingid', 'totp']
},
'mounts',
'namespaces',
'plugins-reload-backend',
'plugins-catalog',
'policy',
'policies',
'pprof',
'raw',
'rekey',
'rekey-recovery-key',
'remount',
{
category: 'replication',
content: ['replication-performance', 'replication-dr']
},
'rotate',
'seal',
'seal-status',
'sealwrap-rewrap',
'step-down',
{
category: 'storage',
content: ['raft']
},
'tools',
'unseal',
'wrapping-lookup',
'wrapping-rewrap',
'wrapping-unwrap',
'wrapping-wrap'
]
}
]

16
website/data/api_basic_categories.yml
View File

@ -1,16 +0,0 @@
-
title: "Overview"
description: "Topics related to developing applications with the Vault API, including client libraries and related tools."
link: "/api/overview"
-
title: "Secrets Engines"
description: "Functions related to managing secrets and secrets engines."
link: "/api/secret"
-
title: "Auth Methods"
description: "Functions related to configuring how users and applications authenticate into Vault."
link: "/api/auth"
-
title: "System Backends"
description: "Functions related to managing Vault's configuration, including replication, storage, and managing Vault's unseal processes."
link: "/api/system"

92
website/data/api_detailed_categories.yml
View File

@ -1,92 +0,0 @@
-
title: "Auth Methods"
docs:
- api/auth/index.html
- api/auth/approle/index.html
- api/auth/alicloud/index.html
- api/auth/aws/index.html
- api/auth/azure/index.html
- api/auth/github/index.html
- api/auth/gcp/index.html
- api/auth/jwt/index.html
- api/auth/kubernetes/index.html
- api/auth/ldap/index.html
- api/auth/okta/index.html
- api/auth/cf/index.html
- api/auth/oci/index.html
- api/auth/radius/index.html
- api/auth/cert/index.html
- api/auth/token/index.html
- api/auth/userpass/index.html
-
title: "Secret Engines"
docs:
- api/secret/index.html
- api/secret/ad/index.html
- api/secret/alicloud/index.html
- api/secret/aws/index.html
- api/secret/azure/index.html
- api/secret/consul/index.html
- api/secret/cubbyhole/index.html
- api/secret/databases/index.html
- api/secret/gcp/index.html
- api/secret/gcpkms/index.html
- api/secret/kmip/index.html
- api/secret/kv/index.html
- api/secret/identity/index.html
- api/secret/nomad/index.html
- api/secret/pki/index.html
- api/secret/rabbitmq/index.html
- api/secret/ssh/index.html
- api/secret/totp/index.html
- api/secret/transit/index.html
-
title: "System Backends"
docs:
- api/system/index.html
- api/system/audit.html
- api/system/audit-hash.html
- api/system/auth.html
- api/system/capabilities.html
- api/system/capabilities-accessor.html
- api/system/capabilities-self.html
- api/system/config-auditing.html
- api/system/config-control-group.html
- api/system/config-cors.html
- api/system/config-state.html
- api/system/config-ui.html
- api/system/control-group.html
- api/system/generate-recovery-token.html
- api/system/generate-root.html
- api/system/health.html
- api/system/host-info.html
- api/system/init.html
- api/system/internal-specs-openapi.html
- api/system/internal-ui-mounts.html
- api/system/key-status.html
- api/system/leader.html
- api/system/leases.html
- api/system/license.html
- api/system/namespaces.html
- api/system/mfa/index.html
- api/system/mounts.html
- api/system/plugins-reload-backend.html
- api/system/plugins-catalog.html
- api/system/policy.html
- api/system/policies.html
- api/system/pprof.html
- api/system/raw.html
- api/system/rekey.html
- api/system/rekey-recovery-key.html
- api/system/remount.html
- api/system/replication/index.html
- api/system/rotate.html
- api/system/seal.html
- api/system/seal-status.html
- api/system/step-down.html
- api/system/tools.html
- api/system/unseal.html
- api/system/wrapping-lookup.html
- api/system/wrapping-rewrap.html
- api/system/wrapping-unwrap.html
- api/system/wrapping-wrap.html

391
website/data/docs-navigation.js Normal file
View File

@ -0,0 +1,391 @@
// The root folder for this documentation category is `pages/docs`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
{
category: 'install'
},
{
category: 'internals',
content: [
'architecture',
'high-availability',
'security',
'telemetry',
'token',
'rotation',
'replication',
'plugins'
]
},
{
category: 'concepts',
content: [
'dev-server',
'seal',
'lease',
'auth',
'tokens',
'response-wrapping',
'policies',
'ha',
'pgp-gpg-keybase',
'recovery-mode'
]
},
{
category: 'configuration',
content: [
{
category: 'listener',
content: ['tcp']
},
{
category: 'seal',
content: [
'alicloudkms',
'awskms',
'azurekeyvault',
'gcpckms',
'ocikms',
'pkcs11',
'transit'
]
},
{
category: 'storage',
content: [
'azure',
'cassandra',
'cockroachdb',
'consul',
'couchdb',
'dynamodb',
'etcd',
'filesystem',
'foundationdb',
'google-cloud-spanner',
'google-cloud-storage',
'in-memory',
'manta',
'mssql',
'mysql',
'oci-object-storage',
'postgresql',
'raft',
's3',
'swift',
'zookeeper'
]
},
{
category: 'service-registration',
content: ['consul']
},
'telemetry',
{ category: 'ui' },
{ category: 'entropy-augmentation' }
]
},
{
category: 'commands',
content: [
'agent',
{
category: 'audit',
content: ['disable', 'enable', 'list']
},
{
category: 'auth',
content: ['disable', 'enable', 'help', 'list', 'tune']
},
'debug',
'delete',
{
category: 'kv',
content: [
'delete',
'destroy',
'enable-versioning',
'get',
'list',
'metadata',
'patch',
'put',
'rollback',
'undelete'
]
},
{
category: 'lease',
content: ['renew', 'revoke']
},
'list',
'login',
'namespace',
{
category: 'operator',
content: [
'generate-root',
'init',
'key-status',
'migrate',
'rekey',
'rotate',
'seal',
'step-down',
'unseal'
]
},
'path-help',
{
category: 'plugin',
content: ['deregister', 'info', 'list', 'register']
},
{
category: 'policy',
content: ['delete', 'fmt', 'list', 'read', 'write']
},
'read',
{
category: 'secrets',
content: ['disable', 'enable', 'list', 'move', 'tune']
},
'server',
'ssh',
'status',
{
category: 'token',
content: ['capabilities', 'create', 'lookup', 'renew', 'revoke']
},
'unwrap',
'version',
'write',
'token-helper'
]
},
{
category: 'agent',
content: [
{
category: 'autoauth',
content: [
{
category: 'methods',
content: [
'alicloud',
'approle',
'aws',
'azure',
'cert',
'cf',
'gcp',
'jwt',
'kubernetes'
]
},
{
category: 'sinks',
content: ['file']
}
]
},
{ category: 'caching' },
{ category: 'template' }
]
},
'----------------',
{
category: 'secrets',
content: [
{ category: 'ad' },
{ category: 'alicloud' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'consul' },
{ category: 'cubbyhole' },
{
category: 'databases',
content: [
'cassandra',
'elasticdb',
'influxdb',
'hanadb',
'mongodb',
'mssql',
'mysql-maria',
'postgresql',
'oracle',
'custom'
]
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
content: ['kv-v1', 'kv-v2']
},
{ category: 'identity' },
{ category: 'nomad' },
{ category: 'pki' },
{ category: 'rabbitmq' },
{
category: 'ssh',
content: [
'signed-ssh-certificates',
'one-time-ssh-passwords',
'dynamic-ssh-keys'
]
},
{ category: 'totp' },
{ category: 'transit' },
'------------------------',
{ category: 'cassandra' },
{ category: 'mongodb' },
{ category: 'mssql' },
{ category: 'mysql' },
{ category: 'postgresql' }
]
},
{
category: 'auth',
content: [
'approle',
'alicloud',
'aws',
'azure',
'cf',
'gcp',
'jwt',
'kerberos',
'kubernetes',
'github',
'ldap',
'oci',
'okta',
'radius',
'cert',
'token',
'userpass',
'---------',
'app-id',
'mfa'
]
},
{
category: 'audit',
content: ['file', 'syslog', 'socket']
},
{
category: 'plugin'
},
'----------------',
{
category: 'what-is-vault'
},
{
category: 'use-cases'
},
{
category: 'partnerships'
},
{
category: 'vs',
content: [
'chef-puppet-etc',
'hsm',
'dropbox',
'consul',
'kms',
'keywhiz',
'custom'
]
},
'----------------',
{
category: 'platform',
content: [
{
category: 'k8s',
content: [
{
category: 'helm',
content: ['run', 'configuration', 'examples']
},
{
category: 'injector',
content: ['installation', 'examples']
}
]
},
{
category: 'aws-mp',
content: ['run']
}
]
},
'----------------',
{
category: 'upgrading',
content: [
'plugins',
'upgrade-to-0.5.0',
'upgrade-to-0.5.1',
'upgrade-to-0.6.0',
'upgrade-to-0.6.1',
'upgrade-to-0.6.2',
'upgrade-to-0.6.3',
'upgrade-to-0.6.4',
'upgrade-to-0.7.0',
'upgrade-to-0.8.0',
'upgrade-to-0.9.0',
'upgrade-to-0.9.1',
'upgrade-to-0.9.2',
'upgrade-to-0.9.3',
'upgrade-to-0.9.6',
'upgrade-to-0.10.0',
'upgrade-to-0.10.2',
'upgrade-to-0.10.4',
'upgrade-to-0.11.0',
'upgrade-to-0.11.2',
'upgrade-to-0.11.6',
'upgrade-to-1.0.0',
'upgrade-to-1.1.0',
'upgrade-to-1.1.1',
'upgrade-to-1.1.2',
'upgrade-to-1.2.0',
'upgrade-to-1.2.1',
'upgrade-to-1.2.4',
'upgrade-to-1.3.0'
]
},
'----------------',
{
category: 'enterprise',
content: [
{ category: 'replication' },
{
category: 'hsm',
content: ['behavior', 'security']
},
{ category: 'entropy-augmentation' },
{ category: 'sealwrap' },
{ category: 'namespaces' },
{ category: 'performance-standby' },
{ category: 'control-groups' },
{
category: 'mfa',
content: ['mfa-duo', 'mfa-okta', 'mfa-pingid', 'mfa-totp']
},
{
category: 'sentinel',
content: ['examples', 'properties']
}
]
}
]

48
website/data/docs_basic_categories.yml
View File

@ -1,48 +0,0 @@
-
description: "Installing Vault and Vault Enterprise."
link: "/docs/install"
title: "Installing Vault"
-
description: "Technical details about Vault's architecture, cryptographic components, and security model."
link: "/docs/internals"
title: Internals
-
description: "Foundational concepts critical to understanding how Vault operates."
link: "/docs/concepts"
title: "Concepts"
-
description: "Managing Vault via its Command Line Interface (CLI)."
link: "/docs/commands"
title: "Commands (CLI)"
-
description: "Deploying Vault systems and configuring components such as storage and unseal interfaces."
link: "/docs/configuration"
title: Configuration
-
description: "Configuring the Vault binary as a client daemon for performing security operations."
link: "/docs/agent"
title: "Vault Agent"
-
description: "Engines for performing security operations using secrets stored within Vault."
link: "/docs/secrets"
title: "Secret Engines"
-
description: "Methods for configuring how users and applications authenticate into Vault."
link: "/docs/auth"
title: "Auth Methods"
-
description: "Devices for capturing audit logs monitoring activity within Vault."
link: "/docs/audit"
title: "Audit Devices"
-
description: "Configuring how Vault operates with external systems and applications via plugins."
link: "/docs/plugin"
title: "Plugin Backends"
-
description: "Topics related to running Vault on specific platforms (such as Kubernetes)."
link: "/docs/platform"
title: "Platforms"
-
description: "Topics related to Vault Enterprise, Vault's premium varient for professional teams and organizations."
link: "/docs/enterprise"
title: "Vault Enterprise"

146
website/data/docs_detailed_categories.yml
View File

@ -1,146 +0,0 @@
-
title: "Installing Vault"
docs:
- docs/install/index.html
-
title: Internals
docs:
- docs/internals/index.html
- docs/internals/architecture.html
- docs/internals/high-availability.html
- docs/internals/security.html
- docs/internals/telemetry.html
- docs/internals/token.html
- docs/internals/rotation.html
- docs/internals/replication.html
- docs/internals/plugins.html
-
title: "Concepts"
docs:
- docs/concepts/index.html
- docs/concepts/dev-server.html
- docs/concepts/seal.html
- docs/concepts/lease.html
- docs/concepts/auth.html
- docs/concepts/tokens.html
- docs/concepts/response-wrapping.html
- docs/concepts/policies.html
- docs/concepts/ha.html
- docs/concepts/pgp-gpg-keybase.html
- docs/concepts/recovery-mode.html
-
title: Configuration
docs:
- docs/configuration/index.html
- docs/configuration/telemetry.html
- docs/configuration/seal/index.html
- docs/configuration/listener/index.html
- docs/configuration/ui/index.html
-
title: "CLI Commands"
docs:
- docs/commands/index.html
- docs/commands/agent.html
- docs/commands/audit/index.html
- docs/commands/auth/index.html
- docs/commands/debug.html
- docs/commands/delete.html
- docs/commands/lease/index.html
- docs/commands/list.html
- docs/commands/login.html
- docs/commands/namespace.html
- docs/commands/operator/index.html
- docs/commands/path-help.html
- docs/commands/plugin/index.html
- docs/commands/policy/index.html
- docs/commands/read.html
- docs/commands/secrets/index.html
- docs/commands/server.html
- docs/commands/ssh.html
- docs/commands/status.html
- docs/commands/token/index.html
- docs/commands/unwrap.html
- docs/commands/write.html
- docs/commands/token-helper.html
-
title: "Vault Agent"
docs:
- docs/agent/index.html
- docs/agent/autoauth/index.html
- docs/agent/caching/index.html
-
title: "Secret Engines"
docs:
- docs/secrets/index.html
- docs/secrets/ad/index.html
- docs/secrets/alicloud/index.html
- docs/secrets/aws/index.html
- docs/secrets/azure/index.html
- docs/secrets/consul/index.html
- docs/secrets/cubbyhole/index.html
- docs/secrets/databases/index.html
- docs/secrets/gcp/index.html
- docs/secrets/gcpkms/index.html
- docs/secrets/kmip/index.html
- docs/secrets/kv/index.html
- docs/secrets/identity/index.html
- docs/secrets/nomad/index.html
- docs/secrets/pki/index.html
- docs/secrets/rabbitmq/index.html
- docs/secrets/ssh/index.html
- docs/secrets/totp/index.html
- docs/secrets/transit/index.html
- docs/secrets/cassandra/index.html
- docs/secrets/mongodb/index.html
- docs/secrets/mssql/index.html
- docs/secrets/mysql/index.html
- docs/secrets/postgresql/index.html
-
title: "Auth Methods"
docs:
- docs/auth/index.html
- docs/auth/approle.html
- docs/auth/alicloud.html
- docs/auth/aws.html
- docs/auth/azure.html
- docs/auth/gcp.html
- docs/auth/jwt.html
- docs/auth/kubernetes.html
- docs/auth/github.html
- docs/auth/ldap.html
- docs/auth/oci.html
- docs/auth/okta.html
- docs/auth/cf.html
- docs/auth/radius.html
- docs/auth/cert.html
- docs/auth/token.html
- docs/auth/userpass.html
- docs/auth/app-id.html
- docs/auth/mfa.html
-
title: "Audit Devices"
docs:
- docs/audit/index.html
- docs/audit/file.html
- docs/audit/syslog.html
- docs/audit/socket.html
-
title: "Plugin Backends"
docs:
- docs/plugin/index.html
-
title: "Platforms"
docs:
- docs/platform/k8s/index.html
- docs/platform/aws-mp/index.html
-
title: "Vault Enterprise"
docs:
- docs/enterprise/replication/index.html
- docs/enterprise/hsm/index.html
- docs/enterprise/sealwrap/index.html
- docs/enterprise/namespaces/index.html
- docs/enterprise/performance-standby/index.html
- docs/enterprise/control-groups/index.html
- docs/enterprise/mfa/index.html
- docs/enterprise/sentinel/index.html

55
website/data/guides-navigation.js Normal file
View File

@ -0,0 +1,55 @@
export default [
{
category: 'getting-started'
},
{
category: 'operations',
content: [
'reference-architecture',
'vault-ha-consul',
'production',
'generate-root',
'rekeying-and-rotating',
'plugin-backends',
'--------------',
'replication',
'disaster-recovery',
'mount-filter',
'multi-tenant',
'autounseal-aws-kms',
'seal-wrap',
'monitoring'
]
},
{
category: 'identity',
content: [
'secure-intro',
'policies',
'authentication',
'approle-trusted-entities',
'lease',
'identity',
'--------------',
'sentinel',
'control-groups'
]
},
{
category: 'secret-mgmt',
content: [
'static-secrets',
'versioned-kv',
'dynamic-secrets',
'db-root-rotation',
'cubbyhole',
'ssh-otp',
'pki-engine',
'app-integration'
]
},
{
category: 'encryption',
content: ['transit', 'spring-demo', 'transit-rewrap']
}
]

24
website/data/intro-navigation.js Normal file
View File

@ -0,0 +1,24 @@
// The root folder for this documentation category is `pages/intro`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
{
category: 'getting-started',
content: [
'dev-server',
'first-secret',
'secrets-engines',
'dynamic-secrets',
'help',
'authentication',
'policies',
'deploy',
'apis',
'next-steps'
]
}
]

28
website/data/subnav.js Normal file
View File

@ -0,0 +1,28 @@
export default [
{ title: 'Overview', url: '/intro/getting-started' },
{
title: 'Use Cases',
links: [
{ title: 'Secrets Management', url: '/use-cases/secrets-management' },
{ title: 'Data Encryption', url: '/use-cases/data-encryption' },
{
title: 'Identity-based Access',
url: '/use-cases/identity-based-access'
}
]
},
{
title: 'Enterprise',
url: 'https://www.hashicorp.com/products/vault/enterprise'
},
{
title: 'Whitepaper',
url:
'https://www.hashicorp.com/resources/unlocking-the-cloud-operating-model-security?utm_source=vaultsubnav'
},
{ title: '|' },
{ title: 'Learn', url: 'https://learn.hashicorp.com/vault' },
{ title: 'Docs', url: '/docs' },
{ title: 'API', url: '/api-docs' },
{ title: 'Community', url: '/community' }
]

1
website/data/version.js Normal file
View File

@ -0,0 +1 @@
export const VERSION = '1.3.1'

66
website/deploy/main.tf
View File

@ -1,66 +0,0 @@
locals {
github_parts = ["${split("/", var.github_repo)}"]
github_full = "${var.github_repo}"
github_org = "${local.github_parts[0]}"
github_repo = "${local.github_parts[1]}"
}
/*
-------------------------------------------------------------------
GitHub Resources
-------------------------------------------------------------------
*/
provider "github" {
organization = "${local.github_org}"
version = "~>2.0.0"
}
// Configure the repository with the dynamically created Netlify key.
resource "github_repository_deploy_key" "key" {
title = "Netlify"
repository = "${local.github_repo}"
key = "${netlify_deploy_key.key.public_key}"
read_only = false
}
// Create a webhook that triggers Netlify builds on push.
resource "github_repository_webhook" "main" {
repository = "${local.github_repo}"
events = ["delete", "push", "pull_request"]
configuration {
content_type = "json"
url = "https://api.netlify.com/hooks/github"
insecure_ssl = false
}
depends_on = ["netlify_site.main"]
}
/*
-------------------------------------------------------------------
Netlify Resources
-------------------------------------------------------------------
*/
provider "netlify" {
version = "~> 0.1.0"
}
// A new, unique deploy key for this specific website
resource "netlify_deploy_key" "key" {}
resource "netlify_site" "main" {
name = "${var.name}"
custom_domain = "${var.custom_site_domain}"
repo {
repo_branch = "${var.github_branch}"
command = "cd website && bundle && cd assets && npm i && cd .. && middleman build --verbose"
deploy_key_id = "${netlify_deploy_key.key.id}"
dir = "website/build"
provider = "github"
repo_path = "${local.github_full}"
}
}

19
website/deploy/variables.tf
View File

@ -1,19 +0,0 @@
variable "name" {
default = "vault-www"
description = "Name of the website in slug format."
}
variable "github_repo" {
default = "hashicorp/vault"
description = "GitHub repository of the provider in 'org/name' format."
}
variable "github_branch" {
default = "stable-website"
description = "GitHub branch which netlify will continuously deploy."
}
variable "custom_site_domain" {
default = "www.vaultproject.io"
description = "The custom domain to use for the Netlify site."
}

23
website/layouts/api.jsx Normal file
View File

@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/api-navigation.js'
import { frontMatter } from '../pages/api-docs/**/*.mdx'
function ApiLayoutWrapper(pageMeta) {
function ApiLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="api-docs"
pageMeta={pageMeta}
/>
)
}
ApiLayout.getInitialProps = getInitialProps
return ApiLayout
}
export default ApiLayoutWrapper

23
website/layouts/docs.jsx Normal file
View File

@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/docs-navigation.js'
import { frontMatter } from '../pages/docs/**/*.mdx'
function DocsLayoutWrapper(pageMeta) {
function DocsLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="docs"
pageMeta={pageMeta}
/>
)
}
DocsLayout.getInitialProps = getInitialProps
return DocsLayout
}
export default DocsLayoutWrapper

23
website/layouts/guides.jsx Normal file
View File

@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/guides-navigation.js'
import { frontMatter } from '../pages/guides/**/*.mdx'
function GuidesLayoutWrapper(pageMeta) {
function GuidesLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="guides"
pageMeta={pageMeta}
/>
)
}
GuidesLayout.getInitialProps = getInitialProps
return GuidesLayout
}
export default GuidesLayoutWrapper

23
website/layouts/intro.jsx Normal file
View File

@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/intro-navigation.js'
import { frontMatter } from '../pages/intro/**/*.mdx'
function IntroLayoutWrapper(pageMeta) {
function IntroLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="intro"
pageMeta={pageMeta}
/>
)
}
IntroLayout.getInitialProps = getInitialProps
return IntroLayout
}
export default IntroLayoutWrapper

17
website/lib/bugsnag.js Normal file
View File

@ -0,0 +1,17 @@
import React from 'react'
import bugsnag from '@bugsnag/js'
import bugsnagReact from '@bugsnag/plugin-react'
const apiKey =
typeof window === 'undefined'
? 'fb2dc40bb48b17140628754eac6c1b11'
: '07ff2d76ce27aded8833bf4804b73350'
const bugsnagClient = bugsnag({
apiKey,
releaseStage: process.env.NODE_ENV || 'development'
})
bugsnagClient.use(bugsnagReact, React)
export default bugsnagClient

47
website/assets/js/consent-manager.js → website/lib/consent-manager-config.js
View File

@ -1,9 +1,21 @@
import { open, init } from '@hashicorp/hashi-consent-manager'
const isProd = process.env.NODE_ENV === 'production'
window.openConsentManager = () => open()
const segmentWriteKey = isProd
? 'OdSFDq9PfujQpmkZf03dFpcUlywme4sC'
: '0EXTgkNx0Ydje2PGXVbRhpKKoe5wtzcE'
init({
version: 1,
// TODO: refactor into web components
let utilityServerRoot = isProd
? 'https://util.hashicorp.com'
: 'https://hashicorp-web-util-staging.herokuapp.com'
if (process.env.UTIL_SERVER) {
utilityServerRoot = process.env.UTIL_SERVER.replace(/\/$/, '')
}
// Consent manager configuration
export default {
version: 3,
container: '#consent-manager',
companyName: 'HashiCorp',
privacyPolicyLink: '/privacy',
@ -17,23 +29,22 @@ init({
'Google Analytics is a popular service for tracking web traffic. We use this data to determine what content our users find important so that we can dedicate more resources toward it.',
category: 'Analytics'
},
{
name: 'Marketo V2',
description:
'Marketo is a marketing automation tool that allows us to segment users into different categories based off of their behaviors. We use this information to provide tailored information to users in our email campaigns.',
category: 'Email Marketing'
},
{
name: 'Hull',
description:
'Hull is a tool that we use to clean up analytics data and send it between different services. It does not add any javascript tracking code to this site.',
category: 'Analytics'
},
{
name: 'Hotjar',
description:
'Hotjar is a service that generates heatmaps of where users click on our sites. We use this information to ensure that our site is not confusing, and simple to use and navigate.',
category: 'Analytics'
},
{
name: 'LinkedIn Insight Tag',
description:
'This small script allows us to see how effective our linkedin campaigns are by showing which users have clicked through to our site.',
category: 'Analytics'
},
{
name: 'Marketo V2',
description:
'Marketo is a marketing automation tool that allows us to segment users into different categories based off of their behaviors. We use this information to provide tailored information to users in our email campaigns.'
}
],
categories: [
@ -59,7 +70,7 @@ init({
description:
"OptinMonster is a service that we use to show a prompt to sign up for our newsletter if it's perceived that you are interested in our content.",
category: 'Functional',
body: `var om597a24292a958,om597a24292a958_poll=function(){var e=0;return function(t,a){clearInterval(e),e=setInterval(t,a)}}();!function(e,t,a){if(e.getElementById(a))om597a24292a958_poll(function(){if(window.om_loaded&&!om597a24292a958)return(om597a24292a958=new OptinMonsterApp).init({s:"35109.597a24292a958",staging:0,dev:0,beta:0})},25);else{var n=!1,o=e.createElement("script");o.id=a,o.src="//a.optnmstr.com/app/js/api.min.js",o.async=!0,o.onload=o.onreadystatechange=function(){if(!(n||this.readyState&&"loaded"!==this.readyState&&"complete"!==this.readyState))try{n=om_loaded=!0,(om597a24292a958=new OptinMonsterApp).init({s:"35109.597a24292a958",staging:0,dev:0,beta:0}),o.onload=o.onreadystatechange=null}catch(e){}},(document.getElementsByTagName("head")[0]||document.documentElement).appendChild(o)}}(document,0,"omapi-script");`
body: `var om598c8e3a6e43d,om598c8e3a6e43d_poll=function(){var r=0;return function(n,l){clearInterval(r),r=setInterval(n,l)}}();!function(e,t,n){if(e.getElementById(n)){om598c8e3a6e43d_poll(function(){if(window['om_loaded']){if(!om598c8e3a6e43d){om598c8e3a6e43d=new OptinMonsterApp();return om598c8e3a6e43d.init({"s":"35109.598c8e3a6e43d","staging":0,"dev":0,"beta":0});}}},25);return;}var d=false,o=e.createElement(t);o.id=n,o.src="https://a.optnmstr.com/app/js/api.min.js",o.async=true,o.onload=o.onreadystatechange=function(){if(!d){if(!this.readyState||this.readyState==="loaded"||this.readyState==="complete"){try{d=om_loaded=true;om598c8e3a6e43d=new OptinMonsterApp();om598c8e3a6e43d.init({"s":"35109.598c8e3a6e43d","staging":0,"dev":0,"beta":0});o.onload=o.onreadystatechange=null;}catch(t){}}}};(document.getElementsByTagName("head")[0]||document.documentElement).appendChild(o)}(document,"script","omapi-script");`
}
]
})
}

10
website/lib/polyfills.js Normal file
View File

@ -0,0 +1,10 @@
// If you run into issues with features missing in IE11, you likely need to
// make additions to this file for those features.
// See https://github.com/zloirock/core-js
import 'core-js/fn/array'
import 'core-js/fn/object/assign'
import 'core-js/fn/string/ends-with'
import 'core-js/fn/string/includes'
import 'core-js/fn/string/repeat'
import 'core-js/fn/string/starts-with'
import 'core-js/fn/symbol'

13
website/netlify.toml Normal file
View File

@ -0,0 +1,13 @@
# This file sets configuration for Netlify
# ref: https://www.netlify.com/docs/netlify-toml-reference/
[build]
publish = "out"
command = "npm run static"
[context.production]
environment = { HASHI_ENV = "production", NODE_ENV = "production"}
[context.deploy-preview]
environment = { HASHI_ENV = "staging" }

43
website/next.config.js Normal file
View File

@ -0,0 +1,43 @@
const withHashicorp = require('@hashicorp/nextjs-scripts')
const path = require('path')
module.exports = withHashicorp({
defaultLayout: true,
transpileModules: ['is-absolute-url', '@hashicorp/react-mega-nav'],
mdx: { resolveIncludes: path.join(__dirname, 'pages') }
})({
experimental: {
css: true,
granularChunks: true,
rewrites: () => [
{
source: '/api/:path*',
destination: '/api-docs/:path*'
}
],
redirects: () => [
{ source: '/intro', destination: '/intro/getting-started' }
]
},
exportTrailingSlash: true,
webpack(config) {
// Add polyfills
const originalEntry = config.entry
config.entry = async () => {
const entries = await originalEntry()
let polyEntry = entries['static/runtime/polyfills.js']
if (polyEntry && !polyEntry.includes('./lib/polyfills.js')) {
if (!Array.isArray(polyEntry)) {
entries['static/runtime/polyfills.js'] = [polyEntry]
}
entries['static/runtime/polyfills.js'].unshift('./lib/polyfills.js')
}
return entries
}
return config
},
env: {
HASHI_ENV: process.env.HASHI_ENV
}
})

17314
website/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

65
website/package.json Normal file
View File

@ -0,0 +1,65 @@
{
"name": "vault-docs-platform",
"description": "Description of your website",
"version": "0.0.1",
"author": "HashiCorp",
"dependencies": {
"@bugsnag/js": "^6.5.0",
"@bugsnag/plugin-react": "^6.5.0",
"@hashicorp/nextjs-scripts": "^6.0.0-1",
"@hashicorp/react-button": "^2.1.2",
"@hashicorp/react-case-study-slider": "^2.0.4",
"@hashicorp/react-consent-manager": "^2.0.3",
"@hashicorp/react-content": "^2.1.1",
"@hashicorp/react-docs-sidenav": "^2.2.2",
"@hashicorp/react-docs-sitemap": "^1.0.0",
"@hashicorp/react-footer": "3.1.6",
"@hashicorp/react-global-styles": "^4.0.7",
"@hashicorp/react-hero": "3.0.0",
"@hashicorp/react-image": "^2.0.1",
"@hashicorp/react-inline-svg": "^1.0.0",
"@hashicorp/react-mega-nav": "^4.0.0-0",
"@hashicorp/react-product-downloader": "^2.0.1",
"@hashicorp/react-section-header": "^2.0.0",
"@hashicorp/react-text-and-content": "^3.0.9",
"@hashicorp/react-use-cases": "^1.0.2",
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
"babel-plugin-import-glob-array": "^0.2.0",
"highlight.js": "^9.17.1",
"ie11-custom-properties": "^2.6.0",
"imagemin-mozjpeg": "^8.0.0",
"imagemin-optipng": "^7.1.0",
"imagemin-svgo": "^7.0.0",
"isomorphic-unfetch": "^3.0.0",
"marked": "^0.7.0",
"next": "^9.1.8-canary.8",
"nprogress": "^0.2.0",
"react": "^16.12.0",
"react-dom": "^16.12.0",
"slugify": "^1.3.6",
"stringify-object": "^3.3.0"
},
"devDependencies": {
"glob": "^7.1.6",
"husky": "^4.0.1",
"inquirer": "^7.0.3",
"prettier": "^1.19.1"
},
"husky": {
"hooks": {
"pre-commit": "next-hashicorp precommit"
}
},
"main": "index.js",
"scripts": {
"build": "node --max-old-space-size=2048 ./node_modules/.bin/next build",
"dynamic": "NODE_ENV=production next build && next start",
"export": "node --max-old-space-size=2048 ./node_modules/.bin/next export",
"format": "next-hashicorp format",
"generate:component": "next-hashicorp generate component",
"lint": "next-hashicorp lint",
"start": "npm run clear_babel_cache && next dev",
"static": "npm run clear_babel_cache && npm run build && npm run export && cp _redirects out/.",
"clear_babel_cache": "rm -rf .next/cache/next-babel-loader"
}
}

62
website/pages/_app.js Normal file
View File

@ -0,0 +1,62 @@
import './style.css'
import App from 'next/app'
import NProgress from 'nprogress'
import Router from 'next/router'
import DefaultHeadTags from '../components/default-head-tags'
import ProductSubnav from '../components/subnav'
import MegaNav from '@hashicorp/react-mega-nav'
import Footer from '@hashicorp/react-footer'
import { ConsentManager, open } from '@hashicorp/react-consent-manager'
import consentManagerConfig from '../lib/consent-manager-config'
import bugsnagClient from '../lib/bugsnag'
import Error from './_error'
import subnavLinks from '../data/subnav'
Router.events.on('routeChangeStart', NProgress.start)
Router.events.on('routeChangeError', NProgress.done)
Router.events.on('routeChangeComplete', url => {
setTimeout(() => window.analytics.page(url), 0)
NProgress.done()
})
// Bugsnag
const ErrorBoundary = bugsnagClient.getPlugin('react')
class NextApp extends App {
static async getInitialProps({ Component, ctx }) {
let pageProps = {}
if (Component.getInitialProps) {
pageProps = await Component.getInitialProps(ctx)
} else if (Component.isMDXComponent) {
// fix for https://github.com/mdx-js/mdx/issues/382
const mdxLayoutComponent = Component({}).props.originalType
if (mdxLayoutComponent.getInitialProps) {
pageProps = await mdxLayoutComponent.getInitialProps(ctx)
}
}
return { pageProps, path: ctx.asPath }
}
render() {
const { Component, pageProps, path } = this.props
return (
<ErrorBoundary FallbackComponent={Error}>
<DefaultHeadTags />
<MegaNav product="Vault" />
<ProductSubnav
links={subnavLinks}
currentPath={path}
rootUrl="vaultproject.io"
/>
<Component {...pageProps} />
<Footer openConsentManager={open} />
<ConsentManager {...consentManagerConfig} />
</ErrorBoundary>
)
}
}
export default NextApp

28
website/pages/_document.js Normal file
View File

@ -0,0 +1,28 @@
import Document, { Head, Main, NextScript } from 'next/document'
export default class MyDocument extends Document {
static async getInitialProps(ctx) {
const initialProps = await Document.getInitialProps(ctx)
return { ...initialProps }
}
render() {
return (
<html>
<Head>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" type="text/css" href="/css/nprogress.css" />
</Head>
<body>
<Main />
<NextScript />
<script
dangerouslySetInnerHTML={{
__html: `window.MSInputMethodContext && document.documentMode && document.write('<script src="/ie-custom-properties.js"><\\x2fscript>');`
}}
/>
</body>
</html>
)
}
}

13
website/pages/_error.jsx Normal file
View File

@ -0,0 +1,13 @@
import React from 'react'
import ErrorPage from 'next/error'
import bugsnagClient from '../lib/bugsnag'
export default class Page extends React.Component {
static async getInitialProps(ctx) {
if (ctx.err) bugsnagClient.notify(ctx.err)
return ErrorPage.getInitialProps(ctx)
}
render() {
return <ErrorPage statusCode={this.props.statusCode || '¯\\_(ツ)_/¯'} />
}
}

82
website/source/api/auth/alicloud/index.html.md.erb → website/pages/api-docs/auth/alicloud/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AliCloud - Auth Methods - HTTP API"
sidebar_title: "AliCloud"
sidebar_current: "api-http-auth-alicloud"
description: |-
This is the API documentation for the Vault AliCloud auth method.
layout: api
page_title: AliCloud - Auth Methods - HTTP API
sidebar_title: AliCloud
description: This is the API documentation for the Vault AliCloud auth method.
---
# AliCloud Auth Method (API)
@ -19,29 +17,26 @@ please update your API calls accordingly.
## Create Role
Registers a role. Only entities using the role registered using this endpoint
Registers a role. Only entities using the role registered using this endpoint
will be able to perform the login operation.
| Method | Path |
| :------------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/role/:role` |
| Method | Path |
| :----- | :-------------------------- |
| `POST` | `/auth/alicloud/role/:role` |
### Parameters
- `role` `(string: <required>)` - Name of the role. Must correspond with the name of the role reflected in the arn.
- `arn` `(string: <required>)` - The role's arn.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"arn": "acs:ram::5138828231865461:role/dev-role",
"policies": [
"dev",
"prod"
]
"policies": ["dev", "prod"]
}
```
@ -59,9 +54,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/alicloud/role/:role` |
| Method | Path |
| :----- | :-------------------------- |
| `GET` | `/auth/alicloud/role/:role` |
### Parameters
@ -81,11 +76,7 @@ $ curl \
{
"data": {
"arn": "acs:ram::5138828231865461:role/dev-role",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"ttl": 1800000,
"max_ttl": 1800000,
"period": 0
@ -97,9 +88,9 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/alicloud/roles` |
| Method | Path |
| :----- | :--------------------- |
| `LIST` | `/auth/alicloud/roles` |
### Sample Request
@ -115,10 +106,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@ -127,9 +115,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :------------------------------- | :--------------------- |
| `DELETE` | `/auth/alicloud/role/:role` |
| Method | Path |
| :------- | :-------------------------- |
| `DELETE` | `/auth/alicloud/role/:role` |
### Parameters
@ -146,12 +134,12 @@ $ curl \
## Login
Fetch a token. This endpoint verifies the signature of the signed
Fetch a token. This endpoint verifies the signature of the signed
GetCallerIdentity request.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/alicloud/login` |
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/alicloud/login` |
### Parameters
@ -164,7 +152,6 @@ GetCallerIdentity request.
string value or an array of string values (though the length of that array
will probably only be one).
### Sample Payload
```json
@ -197,19 +184,16 @@ $ curl \
"ami_id": "ami-fce36983",
"role": "dev-role",
"auth_type": "ec2",
"account_id": "5138828231865461",
"user_id": "216959339000654321",
"role_id": "4657-abcd",
"arn": "acs:ram::5138828231865461:assumed-role/dev-role/vm-ram-i-rj978rorvlg76urhqh7q",
"account_id": "5138828231865461",
"user_id": "216959339000654321",
"role_id": "4657-abcd",
"arn": "acs:ram::5138828231865461:assumed-role/dev-role/vm-ram-i-rj978rorvlg76urhqh7q",
"identity_type": "assumed-role",
"principal_id": "vm-ram-i-rj978rorvlg76urhqh7q",
"request_id": "D6E46F10-F26C-4AA0-BB69-FE2743D9AE62",
"role_name": "dev-role"
"principal_id": "vm-ram-i-rj978rorvlg76urhqh7q",
"request_id": "D6E46F10-F26C-4AA0-BB69-FE2743D9AE62",
"role_name": "dev-role"
},
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}

10
website/source/api/auth/app-id/index.html.md → website/pages/api-docs/auth/app-id/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AppID - Auth Methods - HTTP API"
sidebar_title: "App ID <sup>DEPRECATED</sup>"
sidebar_current: "api-http-auth-appid"
description: |-
This is the API documentation for the Vault App ID auth method.
layout: api
page_title: AppID - Auth Methods - HTTP API
sidebar_title: App ID <sup>DEPRECATED</sup>
description: This is the API documentation for the Vault App ID auth method.
---
# AppID Auth Method (API)

162
website/source/api/auth/approle/index.html.md.erb → website/pages/api-docs/auth/approle/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AppRole - Auth Methods - HTTP API"
sidebar_title: "AppRole"
sidebar_current: "api-http-auth-approle"
description: |-
This is the API documentation for the Vault AppRole auth method.
layout: api
page_title: AppRole - Auth Methods - HTTP API
sidebar_title: AppRole
description: This is the API documentation for the Vault AppRole auth method.
---
# AppRole Auth Method (API)
@ -21,9 +19,9 @@ please update your API calls accordingly.
This endpoint returns a list the existing AppRoles in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role` |
| Method | Path |
| :----- | :------------------- |
| `LIST` | `/auth/approle/role` |
### Sample Request
@ -42,11 +40,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"dev",
"prod",
"test"
]
"keys": ["dev", "prod", "test"]
},
"lease_duration": 0,
"renewable": false,
@ -61,9 +55,9 @@ supports both `create` and `update` capabilities. There can be one or more
constraints enabled on the role. It is required to have at least one of them
enabled while creating or updating a role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name` |
| Method | Path |
| :----- | :------------------------------ |
| `POST` | `/auth/approle/role/:role_name` |
### Parameters
@ -75,7 +69,7 @@ enabled while creating or updating a role.
operation.
- `secret_id_num_uses` `(integer: 0)` - Number of times any particular SecretID
can be used to fetch a token from this AppRole, after which the SecretID will
expire. A value of zero will allow unlimited uses.
expire. A value of zero will allow unlimited uses.
- `secret_id_ttl` `(string: "")` - Duration in either an integer number of
seconds (`3600`) or an integer time unit (`60m`) after which any SecretID
expires.
@ -83,7 +77,7 @@ enabled while creating or updating a role.
using this role will be cluster local. This can only be set during role
creation and once set, it can't be reset later.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -91,9 +85,7 @@ enabled while creating or updating a role.
{
"token_ttl": "10m",
"token_max_ttl": "15m",
"token_policies": [
"default"
],
"token_policies": ["default"],
"period": 0,
"bind_secret_id": true
}
@ -113,9 +105,9 @@ $ curl \
Reads the properties of an existing AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name` |
| Method | Path |
| :----- | :------------------------------ |
| `GET` | `/auth/approle/role/:role_name` |
### Parameters
@ -141,9 +133,7 @@ $ curl \
"token_max_ttl": 1800,
"secret_id_ttl": 600,
"secret_id_num_uses": 40,
"token_policies": [
"default"
],
"token_policies": ["default"],
"period": 0,
"bind_secret_id": true,
"bound_cidr_list": []
@ -158,9 +148,9 @@ $ curl \
Deletes an existing AppRole from the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/approle/role/:role_name` |
| Method | Path |
| :------- | :------------------------------ |
| `DELETE` | `/auth/approle/role/:role_name` |
### Parameters
@ -179,9 +169,9 @@ $ curl \
Reads the RoleID of an existing AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/approle/role/:role_name/role-id` |
| Method | Path |
| :----- | :-------------------------------------- |
| `GET` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@ -215,9 +205,9 @@ $ curl \
Updates the RoleID of an existing AppRole to a custom value.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/role-id` |
| Method | Path |
| :----- | :-------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@ -265,18 +255,18 @@ tokens, the response will also contain a `secret_id_accessor` value which can
be used to read the properties of the SecretID without divulging the SecretID
itself, and also to delete the SecretID from the AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id` |
| Method | Path |
| :----- | :---------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `metadata` `(string: "")` - Metadata to be tied to the SecretID. This should be
- `metadata` `(string: "")` - Metadata to be tied to the SecretID. This should be
a JSON-formatted string containing the metadata in key-value pairs. This
metadata will be set on tokens issued with this SecretID, and is logged in
audit logs _in plaintext_.
- `cidr_list` `(array: [])` - Comma separated string or list of CIDR blocks
- `cidr_list` `(array: [])` - Comma separated string or list of CIDR blocks
enforcing secret IDs to be used from specific set of IP addresses. If
`bound_cidr_list` is set on the role, then the list of CIDR blocks listed
here should be a subset of the CIDR blocks listed on the role.
@ -324,9 +314,9 @@ $ curl \
Lists the accessors of all the SecretIDs issued against the AppRole.
This includes the accessors for "custom" SecretIDs as well.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/approle/role/:role_name/secret-id` |
| Method | Path |
| :----- | :---------------------------------------- |
| `LIST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
@ -367,14 +357,14 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/lookup` |
| Method | Path |
| :----- | :----------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/lookup` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `secret_id` `(string: <required>)` - Secret ID attached to the role.
- `secret_id` `(string: <required>)` - Secret ID attached to the role.
### Sample Payload
@ -398,14 +388,14 @@ $ curl \
Destroy an AppRole secret ID.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/destroy` |
| Method | Path |
| :----- | :------------------------------------------------ |
| `POST` | `/auth/approle/role/:role_name/secret-id/destroy` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `secret_id` `(string: <required>)` - Secret ID attached to the role.
- `secret_id` `(string: <required>)` - Secret ID attached to the role.
### Sample Payload
@ -429,14 +419,14 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/lookup` |
| Method | Path |
| :----- | :-------------------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/lookup` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `secret_id_accessor` `(string: <required>)` - Secret ID accessor attached to the role.
- `secret_id_accessor` `(string: <required>)` - Secret ID accessor attached to the role.
### Sample Payload
@ -460,14 +450,14 @@ $ curl \
Destroy an AppRole secret ID by its accessor.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/destroy` |
| Method | Path |
| :----- | :--------------------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/destroy` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `secret_id_accessor` `(string: <required>)` - Secret ID accessor attached to the role.
- `secret_id_accessor` `(string: <required>)` - Secret ID accessor attached to the role.
### Sample Payload
@ -492,15 +482,15 @@ $ curl \
Assigns a "custom" SecretID against an existing AppRole. This is used in the
"Push" model of operation.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/role/:role_name/custom-secret-id` |
| Method | Path |
| :----- | :----------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/custom-secret-id` |
### Parameters
- `role_name` `(string: <required>)` - Name of the AppRole.
- `secret_id` `(string: <required>)` - SecretID to be attached to the Role.
- `metadata` `(string: "")` - Metadata to be tied to the SecretID. This should be
- `secret_id` `(string: <required>)` - SecretID to be attached to the Role.
- `metadata` `(string: "")` - Metadata to be tied to the SecretID. This should be
a JSON-formatted string containing the metadata in key-value pairs. This
metadata will be set on tokens issued with this SecretID, and is logged in
audit logs _in plaintext_.
@ -554,14 +544,14 @@ required; if `bind_secret_id` is enabled (the default) on the AppRole,
`secret_id` is required too. Any other bound authentication values on the
AppRole (such as client IP CIDR) are also evaluated.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/approle/login` |
| Method | Path |
| :----- | :-------------------- |
| `POST` | `/auth/approle/login` |
### Parameters
- `role_id` `(string: <required>)` - RoleID of the AppRole.
- `secret_id` `(string: <required>)` - SecretID belonging to AppRole.
- `secret_id` `(string: <required>)` - SecretID belonging to AppRole.
### Sample Payload
@ -589,9 +579,7 @@ $ curl \
"renewable": true,
"lease_duration": 1200,
"metadata": null,
"token_policies": [
"default"
],
"token_policies": ["default"],
"accessor": "fd6c9a00-d2dc-3b11-0be5-af7ae0e1d374",
"client_token": "5b1a0318-679c-9c45-e5c6-d1b9a9035d49"
},
@ -611,17 +599,17 @@ parameters of the AppRole can be updated using the `/auth/approle/role/:role_nam
endpoint directly. The endpoints for each field is provided separately
to be able to delegate specific endpoints using Vault's ACL system.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/policies` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-num-uses` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-max-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/bind-secret-id` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-bound-cidrs` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-bound-cidrs` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/period` | `200/204` |
| Method | Path |
| :---------------- | :---------------------------------------------------- |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/policies` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-num-uses` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-max-ttl` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/bind-secret-id` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-bound-cidrs` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/token-bound-cidrs` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/period` | `200/204` |
Refer to `/auth/approle/role/:role_name` endpoint.
@ -632,9 +620,9 @@ in the token store. Generally, running this is not needed unless upgrade
notes or support personnel suggest it. This may perform a lot of I/O to the
storage method so should be used sparingly.
| Method | Path |
| :------------------------------ | :--------------------- |
| `POST` | `/auth/approle/tidy/secret-id` |
| Method | Path |
| :----- | :----------------------------- |
| `POST` | `/auth/approle/tidy/secret-id` |
### Sample Request

288
website/source/api/auth/aws/index.html.md.erb → website/pages/api-docs/auth/aws/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AWS - Auth Methods - HTTP API"
sidebar_title: "AWS"
sidebar_current: "api-http-auth-aws"
description: |-
This is the API documentation for the Vault AWS auth method.
layout: api
page_title: AWS - Auth Methods - HTTP API
sidebar_title: AWS
description: This is the API documentation for the Vault AWS auth method.
---
# AWS Auth Method (API)
@ -30,9 +28,9 @@ the environment variables `AWS_ACCESS_KEY`, `AWS_SECRET_KEY` and
method is configured on an EC2 instance with metadata querying
capabilities, the credentials are fetched automatically.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/client` |
| Method | Path |
| :----- | :------------------------ |
| `POST` | `/auth/aws/config/client` |
### Parameters
@ -92,9 +90,9 @@ $ curl \
Returns the previously configured AWS access credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/client` |
| Method | Path |
| :----- | :------------------------ |
| `GET` | `/auth/aws/config/client` |
### Sample Request
@ -123,9 +121,9 @@ $ curl \
Deletes the previously configured AWS access credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/client` |
| Method | Path |
| :------- | :------------------------ |
| `DELETE` | `/auth/aws/config/client` |
### Sample Request
@ -142,15 +140,15 @@ This configures the way that Vault interacts with the
[Identity](/docs/secrets/identity/index.html) store. The default (as of Vault
1.0.3) is `role_id` for both values.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/identity` |
| Method | Path |
| :----- | :-------------------------- |
| `POST` | `/auth/aws/config/identity` |
### Parameters
- `iam_alias` `(string: "role_id")` - How to generate the identity alias when
using the `iam` auth method. Valid choices are `role_id`, `unique_id`, and
`full_arn` When `role_id` is selected, the randomly generated ID of the role
`full_arn` When `role_id` is selected, the randomly generated ID of the role
is used. When `unique_id` is selected, the [IAM Unique
ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
of the IAM principal (either the user or role) is used as the identity alias
@ -191,10 +189,9 @@ $ curl \
Returns the previously configured Identity integration configuration
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/identity` |
| Method | Path |
| :----- | :-------------------------- |
| `GET` | `/auth/aws/config/identity` |
### Sample Request
@ -222,9 +219,9 @@ digest, the identity signature will have RSA digest, and hence the public
keys for each type varies respectively. Indicate the type of the public key
using the "type" parameter.
| Method | Path |
| :------------------------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/certificate/:cert_name` |
| Method | Path |
| :----- | :---------------------------------------- |
| `POST` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@ -259,9 +256,9 @@ $ curl \
Returns the previously configured AWS public key.
| Method | Path |
| :--------------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/certificate/:cert_name` |
| Method | Path |
| :----- | :---------------------------------------- |
| `GET` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@ -279,10 +276,10 @@ $ curl \
```json
{
"data": {
"aws_public_cert": "-----BEGIN CERTIFICATE-----\nMIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw\nFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD\nVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z\nODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u\nIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl\ncnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e\nih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3\nVyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P\nhviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j\nk+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U\nhhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF\nlRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf\nMNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW\nMXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw\nvSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw\n7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K\n-----END CERTIFICATE-----\n",
"type": "pkcs7"
}
"data": {
"aws_public_cert": "-----BEGIN CERTIFICATE-----\nMIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw\nFwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD\nVQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z\nODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u\nIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl\ncnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e\nih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3\nVyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P\nhviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j\nk+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U\nhhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF\nlRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf\nMNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW\nMXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw\nvSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw\n7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K\n-----END CERTIFICATE-----\n",
"type": "pkcs7"
}
}
```
@ -291,7 +288,7 @@ $ curl \
Removes the previously configured AWS public key.
| Method | Path |
| :---------------------------------------- | :--------------------- |
| :------- | :---------------------------------------- |
| `DELETE` | `/auth/aws/config/certificate/:cert_name` |
### Sample Request
@ -307,9 +304,9 @@ $ curl \
Lists all the AWS public certificates that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/certificates` |
| Method | Path |
| :----- | :------------------------------ |
| `LIST` | `/auth/aws/config/certificates` |
### Sample Request
@ -325,9 +322,7 @@ $ curl \
```json
{
"data": {
"keys": [
"cert1"
]
"keys": ["cert1"]
}
}
```
@ -339,9 +334,9 @@ Allows the explicit association of STS roles to satellite AWS accounts
running.) Vault will use credentials obtained by assuming these STS roles
when validating IAM principals or EC2 instances in the particular AWS account.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/sts/:account_id` |
| Method | Path |
| :----- | :--------------------------------- |
| `POST` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -349,7 +344,7 @@ when validating IAM principals or EC2 instances in the particular AWS account.
STS role. If set, Vault will use assumed credentials to verify any login
attempts from EC2 instances in this account.
- `sts_role` `(string: <required>)` - AWS ARN for STS role to be assumed when
interacting with the account specified. The Vault server must have
interacting with the account specified. The Vault server must have
permissions to assume this role.
### Sample Payload
@ -374,9 +369,9 @@ $ curl \
Returns the previously configured STS role.
| Method | Path |
| :--------------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/sts/:account_id` |
| Method | Path |
| :----- | :--------------------------------- |
| `GET` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -405,9 +400,9 @@ $ curl \
Lists all the AWS Account IDs for which an STS role is registered.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/config/sts` |
| Method | Path |
| :----- | :--------------------- |
| `LIST` | `/auth/aws/config/sts` |
### Sample Request
@ -423,10 +418,7 @@ $ curl \
```json
{
"data": {
"keys": [
"111122223333",
"999988887777"
]
"keys": ["111122223333", "999988887777"]
}
}
```
@ -436,7 +428,7 @@ $ curl \
Deletes a previously configured AWS account/STS role association.
| Method | Path |
| :--------------------------------- | :------------------|
| :------- | :--------------------------------- |
| `DELETE` | `/auth/aws/config/sts/:account_id` |
### Parameters
@ -457,9 +449,9 @@ $ curl \
Configures the periodic tidying operation of the whitelisted identity entries.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/identity-whitelist` |
| Method | Path |
| :----- | :----------------------------------------- |
| `POST` | `/auth/aws/config/tidy/identity-whitelist` |
### Parameters
@ -491,9 +483,9 @@ $ curl \
Returns the previously configured periodic whitelist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/identity-whitelist` |
| Method | Path |
| :----- | :----------------------------------------- |
| `GET` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@ -518,9 +510,9 @@ $ curl \
Deletes the previously configured periodic whitelist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/identity-whitelist` |
| Method | Path |
| :------- | :----------------------------------------- |
| `DELETE` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@ -535,9 +527,9 @@ $ curl \
Configures the periodic tidying operation of the blacklisted role tag entries.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/config/tidy/roletag-blacklist` |
| Method | Path |
| :----- | :---------------------------------------- |
| `POST` | `/auth/aws/config/tidy/roletag-blacklist` |
### Parameters
@ -569,9 +561,9 @@ $ curl \
Returns the previously configured periodic blacklist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/config/tidy/roletag-blacklist` |
| Method | Path |
| :----- | :---------------------------------------- |
| `GET` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@ -596,9 +588,9 @@ $ curl \
Deletes the previously configured periodic blacklist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/config/tidy/roletag-blacklist` |
| Method | Path |
| :------- | :---------------------------------------- |
| `DELETE` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@ -623,9 +615,9 @@ inferencing configuration of that role. For the constraints which accept a list
of values, the authenticating instance/principal must match any one value in the
list in order to satisfy that constraint.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role` |
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/aws/role/:role` |
### Parameters
@ -636,7 +628,7 @@ list in order to satisfy that constraint.
Vault can be provided the role in any casing, and it will internally handle
sending it to lower case and seeking it inside its storage engine.
- `auth_type` `(string: "iam")` - The auth type permitted for this role. Valid
choices are "ec2" or "iam". If no value is specified, then it will default to
choices are "ec2" or "iam". If no value is specified, then it will default to
"iam" (except for legacy `aws-ec2` auth types, for which it will default to
"ec2"). Only those bindings applicable to the auth type chosen will be allowed
to be configured on the role.
@ -667,7 +659,7 @@ list in order to satisfy that constraint.
comma-separated string or a JSON array.
- `bound_iam_role_arn` `(list: [])` - If set, defines a constraint on the
authenticating EC2 instance that it must match one of the IAM role ARNs specified by
this parameter. Wildcards are supported at the end of the ARN to allow for
this parameter. Wildcards are supported at the end of the ARN to allow for
prefix matching. The configured IAM user or EC2 instance role must be allowed to
execute the `iam:GetInstanceProfile` action if this is specified. This
constraint is checked by the ec2 auth method as well as the iam auth method
@ -702,8 +694,8 @@ list in order to satisfy that constraint.
the iam auth method. Wildcards are supported at the end of the ARN, e.g.,
"arn:aws:iam::123456789012:role/\*" will match all roles in the AWS account.
This is a comma-separated string or JSON array.
- `inferred_entity_type` `(string: "")` - When set, instructs Vault to turn on
inferencing. The only current valid value is "ec2\_instance" instructing Vault
- `inferred_entity_type` `(string: "")` - When set, instructs Vault to turn on
inferencing. The only current valid value is "ec2_instance" instructing Vault
to infer that the role comes from an EC2 instance in an IAM instance profile.
This only applies to the iam auth method. If you set this on an existing role
where it had not previously been set, tokens that had been created prior will
@ -725,7 +717,7 @@ list in order to satisfy that constraint.
while the default value for roles that existed prior to this option existing
is false (you can check the value for a given role using the GET method on the
role). Any authentication tokens created prior to this being supported won't
verify the unique ID upon token renewal. When this is changed from false to
verify the unique ID upon token renewal. When this is changed from false to
true on an existing role, Vault will attempt to resolve the role's bound IAM
ARN to the unique ID and, if unable to do so, will fail to enable this option.
Changing this from `true` to `false` is not supported; if absolutely
@ -760,7 +752,7 @@ list in order to satisfy that constraint.
This only applies to authentications via the ec2 auth method. This is mutually
exclusive with `allow_instance_migration`.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -769,11 +761,7 @@ list in order to satisfy that constraint.
"bound_ami_id": ["ami-fce36987"],
"bound_ec2_instance_id": ["i-12345678901234567"],
"role_tag": "",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"disallow_reauthentication": false,
"allow_instance_migration": false
@ -794,9 +782,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/role/:role` |
| Method | Path |
| :----- | :--------------------- |
| `GET` | `/auth/aws/role/:role` |
### Parameters
@ -817,11 +805,7 @@ $ curl \
"data": {
"bound_ami_id": ["ami-fce36987"],
"role_tag": "",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"disallow_reauthentication": false,
"allow_instance_migration": false
@ -833,9 +817,9 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roles` |
| Method | Path |
| :----- | :---------------- |
| `LIST` | `/auth/aws/roles` |
### Sample Request
@ -851,10 +835,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@ -863,9 +844,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/role/:role` |
| Method | Path |
| :------- | :--------------------- |
| `DELETE` | `/auth/aws/role/:role` |
### Parameters
@ -888,18 +869,18 @@ instance unless specified explicitly using the `instance_id` parameter. By
default, role tags are designed to be used across all instances that
satisfies the constraints on the role. Regardless of which instances have
role tags on them, capabilities defined in a role tag must be a strict
subset of the given role's capabilities. Note that, since adding and
subset of the given role's capabilities. Note that, since adding and
removing a tag is often a widely distributed privilege, care needs to be
taken to ensure that the instances are attached with correct tags to not
let them gain more privileges than what were intended. If a role tag is
let them gain more privileges than what were intended. If a role tag is
changed, the capabilities inherited by the instance will be those defined
on the new role tag. Since those must be a subset of the role
capabilities, the role should never provide more capabilities than any
given instance can be allowed to gain in a worst-case scenario.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/role/:role/tag` |
| Method | Path |
| :----- | :------------------------- |
| `POST` | `/auth/aws/role/:role/tag` |
### Parameters
@ -956,19 +937,19 @@ $ curl \
Fetch a token. This endpoint verifies the pkcs7 signature of the instance
identity document or the signature of the signed GetCallerIdentity request.
With the ec2 auth method, or when inferring an EC2 instance, verifies that
the instance is actually in a running state. Cross checks the constraints
the instance is actually in a running state. Cross checks the constraints
defined on the role with which the login is being performed. With the ec2
auth method, as an alternative to pkcs7 signature, the identity document
along with its RSA digest can be supplied to this endpoint.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/login` |
| Method | Path |
| :----- | :---------------- |
| `POST` | `/auth/aws/login` |
### Sample Payload
- `role` `(string: "")` - Name of the role against which the login is being
attempted. If `role` is not specified, then the login endpoint looks for a
attempted. If `role` is not specified, then the login endpoint looks for a
role bearing the name of the AMI ID of the EC2 instance that is trying to
login if using the ec2 auth method, or the "friendly name" (i.e., role name or
username) of the IAM principal authenticated. If a matching role is not found,
@ -981,7 +962,7 @@ along with its RSA digest can be supplied to this endpoint.
the instance identity document. This needs to be supplied along with
`identity` parameter when using the ec2 auth method.
- `pkcs7` `(string: <required-ec2>)` - PKCS7 signature of the identity document with
all `\n` characters removed. Either this needs to be set *OR* both `identity`
all `\n` characters removed. Either this needs to be set _OR_ both `identity`
and `signature` need to be set when using the ec2 auth method.
- `nonce` `(string: "")` - The nonce to be used for subsequent login requests.
If this parameter is not specified at all and if reauthentication is allowed,
@ -989,7 +970,7 @@ along with its RSA digest can be supplied to this endpoint.
identity-whitelist entry and returns the nonce back as part of auth metadata.
This value should be used with further login requests, to establish client
authenticity. Clients can choose to set a custom nonce if preferred, in which
case, it is recommended that clients provide a strong nonce. If a nonce is
case, it is recommended that clients provide a strong nonce. If a nonce is
provided but with an empty value, it indicates intent to disable
reauthentication. Note that, when `disallow_reauthentication` option is
enabled on either the role or the role tag, the `nonce` holds no significance.
@ -1015,8 +996,7 @@ along with its RSA digest can be supplied to this endpoint.
one). If the `iam_server_id_header_value` is configured in Vault for the aws
auth mount, then the headers must include the X-Vault-AWS-IAM-Server-ID header,
its value must match the value configured, and the header must be included in
the signed headers. This is required when using the iam auth method.
the signed headers. This is required when using the iam auth method.
### Sample Payload
@ -1047,10 +1027,7 @@ $ curl \
"role": "dev-role",
"auth_type": "ec2"
},
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}
@ -1060,14 +1037,14 @@ $ curl \
## Place Role Tags in Blacklist
Places a valid role tag in a blacklist. This ensures that the role tag
cannot be used by any instance to perform a login operation again. Note
cannot be used by any instance to perform a login operation again. Note
that if the role tag was previously used to perform a successful login,
placing the tag in the blacklist does not invalidate the already issued
token.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/roletag-blacklist/:role_tag` |
| Method | Path |
| :----- | :-------------------------------------- |
| `POST` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1088,9 +1065,9 @@ $ curl \
Returns the blacklist entry of a previously blacklisted role tag.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/roletag-blacklist/:role_tag` |
| Method | Path |
| :----- | :-------------------------------------- |
| `GET` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1106,7 +1083,6 @@ $ curl \
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
```
### Sample Response
```json
@ -1122,9 +1098,9 @@ $ curl \
Lists all the role tags that are blacklisted.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/roletag-blacklist` |
| Method | Path |
| :----- | :---------------------------- |
| `LIST` | `/auth/aws/roletag-blacklist` |
### Sample Request
@ -1151,9 +1127,9 @@ $ curl \
Deletes a blacklisted role tag.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/roletag-blacklist/:role_tag` |
| Method | Path |
| :------- | :-------------------------------------- |
| `DELETE` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@ -1161,7 +1137,6 @@ Deletes a blacklisted role tag.
supplied as-is. In order to avoid any encoding problems, it can be base64
encoded.
### Sample Request
```
@ -1176,9 +1151,9 @@ $ curl \
Cleans up the entries in the blacklist based on expiration time on the entry and
`safety_buffer`.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/roletag-blacklist` |
| Method | Path |
| :----- | :--------------------------------- |
| `POST` | `/auth/aws/tidy/roletag-blacklist` |
### Parameters
@ -1200,9 +1175,9 @@ $ curl \
Returns an entry in the whitelist. An entry will be created/updated by every
successful login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/aws/identity-whitelist/:instance_id` |
| Method | Path |
| :----- | :------------------------------------------ |
| `GET` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@ -1218,7 +1193,6 @@ $ curl \
http://127.0.0.1:8200/v1/auth/aws/identity-whitelist/i-aab47d37
```
### Sample Response
```json
@ -1235,11 +1209,11 @@ $ curl \
## List Identity Whitelist Entries
Lists all the instance IDs that are in the whitelist of successful logins.
Lists all the instance IDs that are in the whitelist of successful logins.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/aws/identity-whitelist` |
| Method | Path |
| :----- | :----------------------------- |
| `LIST` | `/auth/aws/identity-whitelist` |
### Sample Request
@ -1255,9 +1229,7 @@ $ curl \
```json
{
"data": {
"keys": [
"i-aab47d37"
]
"keys": ["i-aab47d37"]
}
}
```
@ -1266,9 +1238,9 @@ $ curl \
Deletes a cache of the successful login from an instance.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/aws/identity-whitelist/:instance_id` |
| Method | Path |
| :------- | :------------------------------------------ |
| `DELETE` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@ -1290,9 +1262,9 @@ $ curl \
Cleans up the entries in the whitelist based on expiration time and
`safety_buffer`.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/aws/tidy/identity-whitelist` |
| Method | Path |
| :----- | :---------------------------------- |
| `POST` | `/auth/aws/tidy/identity-whitelist` |
### Parameters

104
website/source/api/auth/azure/index.html.md.erb → website/pages/api-docs/auth/azure/index.mdx
View File

@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Azure - Auth Methods - HTTP API"
sidebar_title: "Azure"
sidebar_current: "api-http-auth-azure"
layout: api
page_title: Azure - Auth Methods - HTTP API
sidebar_title: Azure
description: |-
This is the API documentation for the Vault Azure authentication
method plugin.
@ -24,17 +23,17 @@ Configures the credentials required for the plugin to perform API calls
to Azure. These credentials will be used to query the metadata about the
virtual machine.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/config` |
| Method | Path |
| :----- | :------------------- |
| `POST` | `/auth/azure/config` |
### Parameters
- `tenant_id` `(string: <required>)` - The tenant id for the Azure Active Directory organization.
- `resource` `(string: <required>)` - The configured URL for the application registered in Azure Active Directory.
- `environment` `(string: 'AzurePublicCloud')` - The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.
- `client_id` `(string: '')` - The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.
- `client_secret` `(string: '')` - The client secret for credentials to query the Azure APIs.
- `client_id` `(string: '')` - The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.
- `client_secret` `(string: '')` - The client secret for credentials to query the Azure APIs.
### Sample Payload
@ -61,9 +60,9 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/config` |
| Method | Path |
| :----- | :------------------- |
| `GET` | `/auth/azure/config` |
### Sample Request
@ -92,9 +91,9 @@ $ curl \
Deletes the previously configured Azure config and credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/config` |
| Method | Path |
| :------- | :------------------- |
| `DELETE` | `/auth/azure/config` |
### Sample Request
@ -112,42 +111,35 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/role/:name` |
| Method | Path |
| :----- | :----------------------- |
| `POST` | `/auth/azure/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `bound_service_principal_ids` `(array: [])` - The list of Service Principal IDs
- `bound_service_principal_ids` `(array: [])` - The list of Service Principal IDs
that login is restricted to.
- `bound_group_ids` `(array: [])` - The list of group ids that login is restricted
- `bound_group_ids` `(array: [])` - The list of group ids that login is restricted
to.
- `bound_locations` `(array: [])` - The list of locations that login is restricted to.
- `bound_subscription_ids` `(array: [])` - The list of subscription IDs that login
- `bound_subscription_ids` `(array: [])` - The list of subscription IDs that login
is restricted to.
- `bound_resource_groups` `(array: [])` - The list of resource groups that
login is restricted to.
- `bound_scale_sets` `(array: [])` - The list of scale set names that the
login is restricted to.
login is restricted to.
- `bound_scale_sets` `(array: [])` - The list of scale set names that the
login is restricted to.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"token_policies": [
"default",
"dev",
"prod"
],
"token_policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"max_jwt_exp": 10000,
"bound_resource_groups": [
"vault-dev",
"vault-staging",
"vault-prod"
]
"bound_resource_groups": ["vault-dev", "vault-staging", "vault-prod"]
}
```
@ -165,9 +157,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/azure/role/:name` |
| Method | Path |
| :----- | :----------------------- |
| `GET` | `/auth/azure/role/:name` |
### Parameters
@ -208,9 +200,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/azure/role` |
| Method | Path |
| :----- | :----------------- |
| `LIST` | `/auth/azure/role` |
### Sample Request
@ -223,7 +215,7 @@ $ curl \
### Sample Response
```json
```json
{
"data": {
"keys": [
@ -239,9 +231,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/azure/role/:name` |
| Method | Path |
| :------- | :----------------------- |
| `DELETE` | `/auth/azure/role/:name` |
### Parameters
@ -262,9 +254,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/azure/login` |
| Method | Path |
| :----- | :------------------ |
| `POST` | `/auth/azure/login` |
### Sample Payload
@ -272,24 +264,24 @@ entity and then authorizes the entity for the given role.
attempted.
- `jwt` `(string: <required>)` - Signed [JSON Web Token](https://tools.ietf.org/html/rfc7519) (JWT) from Azure MSI.
- `subscription_id` `(string: "")` - The subscription ID for the machine that
generated the MSI token. This information can be obtained through instance
generated the MSI token. This information can be obtained through instance
metadata.
- `resource_group_name` `(string: "")` - The resource group for the machine that
generated the MSI token. This information can be obtained through instance
generated the MSI token. This information can be obtained through instance
metadata.
- `vm_name` `(string: "")` - The virtual machine name for the machine that
generated the MSI token. This information can be obtained through instance
metadata. If vmss_name is provided, this value is ignored.
- `vmss_name` `(string: "")` - The virtual machine scale set name for the machine
that generated the MSI token. This information can be obtained through instance
generated the MSI token. This information can be obtained through instance
metadata. If vmss_name is provided, this value is ignored.
- `vmss_name` `(string: "")` - The virtual machine scale set name for the machine
that generated the MSI token. This information can be obtained through instance
metadata.
### Sample Payload
```json
{
"role": "dev-role",
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
"role": "dev-role",
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

96
website/source/api/auth/cert/index.html.md.erb → website/pages/api-docs/auth/cert/index.mdx
View File

@ -1,8 +1,7 @@
---
layout: "api"
page_title: "TLS Certificate - Auth Methods - HTTP API"
sidebar_title: "TLS Certificates"
sidebar_current: "api-http-auth-cert"
layout: api
page_title: TLS Certificate - Auth Methods - HTTP API
sidebar_title: TLS Certificates
description: |-
This is the API documentation for the Vault TLS Certificate authentication
method.
@ -22,9 +21,9 @@ location, please update your API calls accordingly.
Sets a CA cert and associated parameters in a role name.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/certs/:name` |
| Method | Path |
| :----- | :----------------------- |
| `POST` | `/auth/cert/certs/:name` |
### Parameters
@ -32,34 +31,28 @@ Sets a CA cert and associated parameters in a role name.
- `certificate` `(string: <required>)` - The PEM-format CA certificate.
- `allowed_names` `(string: "")` - DEPRECATED: Please use the individual
`allowed_X_sans` parameters instead. Constrain the Common and Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one Name
matching at least one pattern. If not set, defaults to allowing all names.
- `allowed_common_names` `(string: "" or array: [])` - Constrain the Common
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one Name
matching at least one pattern. If not set, defaults to allowing all names.
- `allowed_dns_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one DNS
matching at least one pattern. If not set, defaults to allowing all dns.
- `allowed_email_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one
Email matching at least one pattern. If not set, defaults to allowing all
emails.
- `allowed_uri_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of URI patterns. Authentication requires at least one
URI matching at least one pattern. If not set, defaults to allowing all URIs.
- `allowed_organizational_units` `(string: "" or array: [])` - Constrain the
Organizational Units (OU) in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Organizational Units (OU) in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of OU patterns. Authentication requires at least one
OU matching at least one pattern. If not set, defaults to allowing all OUs.
- `required_extensions` `(string: "" or array: [])` - Require specific Custom
@ -71,7 +64,7 @@ Sets a CA cert and associated parameters in a role name.
when authenticating against this CA certificate. If not set, defaults to the
name of the role.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -97,9 +90,9 @@ $ curl \
Gets information associated with the named role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/certs/:name` |
| Method | Path |
| :----- | :----------------------- |
| `GET` | `/auth/cert/certs/:name` |
### Parameters
@ -139,9 +132,9 @@ $ curl \
Lists configured certificate names.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/cert/certs` |
| Method | Path |
| :----- | :----------------- |
| `LIST` | `/auth/cert/certs` |
### Sample Request
@ -160,10 +153,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"cert1",
"cert2"
]
"keys": ["cert1", "cert2"]
},
"lease_duration": 0,
"renewable": false,
@ -175,9 +165,9 @@ $ curl \
Deletes the named role and CA cert from the method mount.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/certs/:name` |
| Method | Path |
| :------- | :----------------------- |
| `DELETE` | `/auth/cert/certs/:name` |
### Parameters
@ -196,10 +186,9 @@ $ curl \
Sets a named CRL.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/crls/:name` |
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/auth/cert/crls/:name` |
### Parameters
@ -227,12 +216,12 @@ $ curl \
## Read CRL
Gets information associated with the named CRL (currently, the serial
numbers contained within). As the serials can be integers up to an
numbers contained within). As the serials can be integers up to an
arbitrary size, these are returned as strings.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/cert/crls/:name` |
| Method | Path |
| :----- | :---------------------- |
| `GET` | `/auth/cert/crls/:name` |
### Parameters
@ -267,9 +256,9 @@ $ curl \
Deletes the named CRL from the auth method mount.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/cert/crls/:name` |
| Method | Path |
| :------- | :---------------------- |
| `DELETE` | `/auth/cert/crls/:name` |
### Parameters
@ -288,9 +277,9 @@ $ curl \
Configuration options for the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/config` |
| Method | Path |
| :----- | :------------------ |
| `POST` | `/auth/cert/config` |
### Parameters
@ -325,9 +314,9 @@ is required to be verified, then it should be a fully qualified DNS domain name
and must be duplicated as a DNS SAN (see
https://tools.ietf.org/html/rfc6125#section-2.3)
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/cert/login` |
| Method | Path |
| :----- | :----------------- |
| `POST` | `/auth/cert/login` |
### Parameters
@ -360,12 +349,9 @@ $ curl \
{
"auth": {
"client_token": "cf95f87d-f95b-47ff-b1f5-ba7bff850425",
"policies": [
"web",
"stage"
],
"policies": ["web", "stage"],
"lease_duration": 3600,
"renewable": true,
"renewable": true
}
}
```

152
website/source/api/auth/cf/index.html.md.erb → website/pages/api-docs/auth/cf/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Cloud Foundry - Auth Methods - HTTP API"
sidebar_title: "Cloud Foundry"
sidebar_current: "api-http-auth-cf"
description: |-
This is the API documentation for the Vault Cloud Foundry auth method.
layout: api
page_title: Cloud Foundry - Auth Methods - HTTP API
sidebar_title: Cloud Foundry
description: This is the API documentation for the Vault Cloud Foundry auth method.
---
# Pivotal Cloud Foundry (CF) Auth Method (API)
@ -24,39 +22,43 @@ certificates, and configure access to the CF API. For detailed instructions
on how to obtain these values, please see the [Vault CF method
documentation](/docs/auth/cf.html).
| Method | Path |
| :--------|---------------------- |
| `POST` | `/auth/cf/config` |
| Method | Path |
| :----- | ----------------- |
| `POST` | `/auth/cf/config` |
### Parameters
- `identity_ca_certificates` `(array: [], required)` - The root CA certificate(s)
to be used for verifying that the `CF_INSTANCE_CERT` presented for logging in was
issued by the proper authority.
- `identity_ca_certificates` `(array: [], required)` - The root CA certificate(s)
to be used for verifying that the `CF_INSTANCE_CERT` presented for logging in was
issued by the proper authority.
- `cf_api_addr` `(string: required)`: CF's full API address, to be used for verifying
that a given `CF_INSTANCE_CERT` shows an application ID, space ID, and organization ID
that presently exist.
that a given `CF_INSTANCE_CERT` shows an application ID, space ID, and organization ID
that presently exist.
- `cf_username` `(string: required)`: The username for authenticating to the CF API.
- `cf_password` `(string: required)`: The password for authenticating to the CF API.
- `cf_api_trusted_certificates` `(array: [])`: The certificate that's presented by the
CF API. This configures Vault to trust this certificate when making API calls, resolving
`x509: certificate signed by unknown authority` errors.
CF API. This configures Vault to trust this certificate when making API calls, resolving
`x509: certificate signed by unknown authority` errors.
- `login_max_seconds_not_before` `(int: 300)`: The maximum number of seconds in the past when a
signature could have been created. The lower the value, the lower the risk of replay
attacks.
signature could have been created. The lower the value, the lower the risk of replay
attacks.
- `login_max_seconds_not_after` `(int: 60)`: In case of clock drift, the maximum number of
seconds in the future when a signature could have been created. The lower the value,
the lower the risk of replay attacks.
seconds in the future when a signature could have been created. The lower the value,
the lower the risk of replay attacks.
### Sample Payload
```json
{
"identity_ca_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"identity_ca_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"cf_api_addr": "https://api.sys.somewhere.cf-app.com",
"cf_username": "vault",
"cf_password": "pa55w0rd",
"cf_api_trusted_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"cf_api_trusted_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"login_max_seconds_not_before": 5,
"login_max_seconds_not_after": 1
}
@ -76,9 +78,9 @@ $ curl \
Returns the present CF configuration.
| Method | Path |
| :--------|---------------------- |
| `GET` | `/auth/cf/config` |
| Method | Path |
| :----- | ----------------- |
| `GET` | `/auth/cf/config` |
### Sample Request
@ -92,10 +94,14 @@ $ curl \
```json
{
"identity_ca_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"identity_ca_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"cf_api_addr": "https://api.sys.somewhere.cf-app.com",
"cf_username": "vault",
"cf_api_trusted_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"cf_api_trusted_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"login_max_seconds_not_before": 5,
"login_max_seconds_not_after": 1
}
@ -105,9 +111,9 @@ $ curl \
Deletes the present CF configuration.
| Method | Path |
| :--------|---------------------- |
| `DELETE` | `/auth/cf/config` |
| Method | Path |
| :------- | ----------------- |
| `DELETE` | `/auth/cf/config` |
### Sample Request
@ -122,36 +128,36 @@ $ curl \
Create a role in Vault granting a particular level of access to a particular group
of CF instances. We recommend using the CF API or the CF CLI to gain the IDs you
wish to target.
wish to target.
If you list no `bound` parameters, then any entity with a valid
If you list no `bound` parameters, then any entity with a valid
`CF_INSTANCE_CERT` that's been issued by any configured `identity_ca_certificates`
will be able to authenticate against this role.
| Method | Path |
| :--------|----------------------- |
| `POST` | `/auth/cf/roles/:role`|
| Method | Path |
| :----- | ---------------------- |
| `POST` | `/auth/cf/roles/:role` |
### Parameters
- `role` `(string: required)` - The name of the role.
- `bound_application_ids` `(array: [])` - An optional list of application IDs
an instance must be a member of to qualify as a member of this role.
- `bound_space_ids` `(array: [])` - An optional list of space IDs
an instance must be a member of to qualify as a member of this role.
- `bound_organization_ids` `(array: [])` - An optional list of organization IDs
an instance must be a member of to qualify as a member of this role.
- `bound_instance_ids` `(array: [])` - An optional list of instance IDs
an instance must be a member of to qualify as a member of this role. Please note that
every time you use `cf push` on an app, its instance ID changes. Also, instance IDs
are not verifiable as being presently alive using the CF API. Thus, we recommend against
using this setting for most use cases.
- `disable_ip_matching` `(bool: false)` - If set to true, disables the default behavior
that logging in must be performed from an acceptable IP address described by the
certificate presented. Should only be set to true if required, generally when a proxy
is used to perform logins.
- `bound_application_ids` `(array: [])` - An optional list of application IDs
an instance must be a member of to qualify as a member of this role.
- `bound_space_ids` `(array: [])` - An optional list of space IDs
an instance must be a member of to qualify as a member of this role.
- `bound_organization_ids` `(array: [])` - An optional list of organization IDs
an instance must be a member of to qualify as a member of this role.
- `bound_instance_ids` `(array: [])` - An optional list of instance IDs
an instance must be a member of to qualify as a member of this role. Please note that
every time you use `cf push` on an app, its instance ID changes. Also, instance IDs
are not verifiable as being presently alive using the CF API. Thus, we recommend against
using this setting for most use cases.
- `disable_ip_matching` `(bool: false)` - If set to true, disables the default behavior
that logging in must be performed from an acceptable IP address described by the
certificate presented. Should only be set to true if required, generally when a proxy
is used to perform logins.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -183,9 +189,9 @@ $ curl \
Returns a CF role.
| Method | Path |
| :--------|----------------------- |
| `GET` | `/auth/cf/roles/:role`|
| Method | Path |
| :----- | ---------------------- |
| `GET` | `/auth/cf/roles/:role` |
### Sample Request
@ -216,8 +222,8 @@ $ curl \
Deletes a CF role.
| Method | Path |
| :--------|----------------------- |
| `DELETE` | `/auth/cf/roles/:role`|
| :------- | ---------------------- |
| `DELETE` | `/auth/cf/roles/:role` |
### Sample Request
@ -232,9 +238,9 @@ $ curl \
Returns a CF role.
| Method | Path |
| :--------|----------------------- |
| `LIST` | `/auth/cf/roles` |
| Method | Path |
| :----- | ---------------- |
| `LIST` | `/auth/cf/roles` |
### Sample Request
@ -250,10 +256,7 @@ $ curl \
```json
{
"data": {
"keys": [
"role1",
"role2"
]
"keys": ["role1", "role2"]
}
}
```
@ -263,37 +266,40 @@ $ curl \
Log in to CF.
Vault provides both an agent and a CLI tool for logging in that
eliminates the need to build a signature yourself. However, if you do wish to
eliminates the need to build a signature yourself. However, if you do wish to
build the signature, its signing algorithm is viewable [here](https://github.com/hashicorp/vault-plugin-auth-cf/tree/master/signatures).
The [plugin repo](https://github.com/hashicorp/vault-plugin-auth-cf) also contains
a command-line tool (`generate-signature`) that can be compiled as a binary for generating a signature,
and a test that outputs steps in generating the signature so they can be duplicated.
However, at a high level, these are the steps for generating a signature:
- Get and format the current time, ex. `2006-01-02T15:04:05Z`.
- Get the full body of the file located at `CF_INSTANCE_CERT`.
- Get the name of the role.
- Concatenate them together in the above order, with no extra string used for joining them.
- Create a SHA256 checksum of the resulting string (`checksum` below).
- Sign the string using the key located at `CF_INSTANCE_KEY`. In Go, this is performed using
the following line of code which you can more deeply inspect:
the following line of code which you can more deeply inspect:
```
rsa.SignPSS(rand.Reader, rsaPrivateKey, crypto.SHA256, checksum, nil)
```
- Convert the signature to a string.
| Method | Path |
| :--------|----------------------- |
| `POST` | `/auth/cf/login` |
| Method | Path |
| :----- | ---------------- |
| `POST` | `/auth/cf/login` |
### Parameters
- `role` `(string: required)` - The name of the role.
- `cf_instance_cert` `(string: required)` - The full body of the file available at
the path denoted by `CF_INSTANCE_CERT`.
the path denoted by `CF_INSTANCE_CERT`.
- `signing_time` `(string: required)` - The date and time used to construct the signature.
- `signature` `(string: required)` - The signature generated by the algorithm described
above using the `CF_INSTANCE_KEY`.
above using the `CF_INSTANCE_KEY`.
### Sample Payload
@ -317,15 +323,13 @@ $ curl \
```
### Sample Response
```json
{
"auth": {
"renewable": true,
"lease_duration": 1800000,
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}

164
website/source/api/auth/gcp/index.html.md.erb → website/pages/api-docs/auth/gcp/index.mdx
View File

@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Google Cloud - Auth Methods - HTTP API"
sidebar_title: "Google Cloud"
sidebar_current: "api-http-auth-gcp"
layout: api
page_title: Google Cloud - Auth Methods - HTTP API
sidebar_title: Google Cloud
description: |-
This is the API documentation for the Vault Google Cloud authentication
method.
@ -25,9 +24,9 @@ to Google Cloud. These credentials will be used to query the status of IAM
entities and get service account or other Google public certificates
to confirm signed JWTs passed in during login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/config` |
| Method | Path |
| :----- | :----------------- |
| `POST` | `/auth/gcp/config` |
### Parameters
@ -35,15 +34,15 @@ to confirm signed JWTs passed in during login.
of a GCP credentials file. The credentials file must have the following
[permissions](https://cloud.google.com/compute/docs/access/iam):
```
iam.serviceAccounts.get
iam.serviceAccountKeys.get
```
```
iam.serviceAccounts.get
iam.serviceAccountKeys.get
```
If this value is empty, Vault will try to use [Application Default
Credentials][gcp-adc] from the machine on which the Vault server is running.
The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
If this value is empty, Vault will try to use [Application Default
Credentials][gcp-adc] from the machine on which the Vault server is running.
The project must have the `iam.googleapis.com` API [enabled](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com).
### Sample Payload
@ -67,9 +66,9 @@ $ curl \
Returns the configuration, if any, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/config` |
| Method | Path |
| :----- | :----------------- |
| `GET` | `/auth/gcp/config` |
### Sample Request
@ -88,7 +87,7 @@ $ curl \
"client_id": "123456789101112131415",
"private_key_id": "97fd7ba59a96e1f3830296aedb4f50879e4d5382",
"project_id": "project-123456"
},
}
}
```
@ -99,9 +98,9 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/role/:name` |
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/gcp/role/:name` |
### Parameters
@ -111,23 +110,23 @@ entities attempting to login.
correspond to specific roles and will be rejected otherwise. Please see below
for more information.
- `bound_service_accounts` `(array: <required for iam>)` - An array of
service account emails or IDs that login is restricted to,
either directly or through an associated instance. If set to
- `bound_service_accounts` `(array: <required for iam>)` - An array of
service account emails or IDs that login is restricted to,
either directly or through an associated instance. If set to
`*`, all service accounts are allowed (you can bind this further using
`bound_projects`.)
- `bound_projects` `(array: [])` - An array of GCP project IDs. Only entities
belonging to this project can authenticate under the role.
- `bound_projects` `(array: [])` - An array of GCP project IDs. Only entities
belonging to this project can authenticate under the role.
- `add_group_aliases` `(bool: false)` - If true, any auth token
generated under this token will have associated group aliases, namely
`project-$PROJECT_ID`, `folder-$PROJECT_ID`, and `organization-$ORG_ID`
for the entities project and all its folder or organization ancestors. This
requires Vault to have IAM permission `resourcemanager.projects.get`.
generated under this token will have associated group aliases, namely
`project-$PROJECT_ID`, `folder-$PROJECT_ID`, and `organization-$ORG_ID`
for the entities project and all its folder or organization ancestors. This
requires Vault to have IAM permission `resourcemanager.projects.get`.
@include 'partials/tokenfields.mdx'
<%= partial "partials/tokenfields" %>
#### `iam`-only Parameters
The following parameters are only valid when the role is of type `"iam"`:
@ -140,8 +139,8 @@ The following parameters are only valid when the role is of type `"iam"`:
allow the `exp` claim to be customized.
- `allow_gce_inference` `(bool: true)` - A flag to determine if this role should
allow GCE instances to authenticate by inferring service accounts from the
GCE identity metadata token.
allow GCE instances to authenticate by inferring service accounts from the
GCE identity metadata token.
#### `gce`-only Parameters
@ -177,9 +176,7 @@ Example `iam` role:
"ttl": "30m",
"max_ttl": "24h",
"max_jwt_exp": "5m",
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
]
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"]
}
```
@ -193,9 +190,7 @@ Example `gce` role:
"bound_zones": ["us-east1-b", "eu-west2-a"],
"ttl": "30m",
"max_ttl": "24h",
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
]
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"]
}
```
@ -215,9 +210,9 @@ Edit service accounts for an existing IAM role in the method.
This allows you to add or remove service accounts from the list of
service accounts on the role.
| Method | Path |
| :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/service-accounts` |
| Method | Path |
| :----- | :-------------------------------------- |
| `POST` | `/auth/gcp/role/:name/service-accounts` |
### Parameters
@ -234,13 +229,8 @@ service accounts on the role.
```json
{
"add": [
"dev-1@project-123456.iam.gserviceaccount.com",
"123456789"
],
"remove": [
"dev-2@project-123456.iam.gserviceaccount.com"
]
"add": ["dev-1@project-123456.iam.gserviceaccount.com", "123456789"],
"remove": ["dev-2@project-123456.iam.gserviceaccount.com"]
}
```
@ -259,9 +249,9 @@ $ curl \
Edit labels for an existing GCE role in the backend. This allows you to add or
remove labels (keys, values, or both) from the list of keys on the role.
| Method | Path |
| :---------------------------------------| :------------------|
| `POST` | `/auth/gcp/role/:name/labels` |
| Method | Path |
| :----- | :---------------------------- |
| `POST` | `/auth/gcp/role/:name/labels` |
### Parameters
@ -279,15 +269,8 @@ remove labels (keys, values, or both) from the list of keys on the role.
```json
{
"add": [
"foo:bar",
"env:dev",
"key:value"
],
"remove": [
"key1",
"key2"
]
"add": ["foo:bar", "env:dev", "key:value"],
"remove": ["key1", "key2"]
}
```
@ -305,9 +288,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/gcp/role/:name` |
| Method | Path |
| :----- | :--------------------- |
| `GET` | `/auth/gcp/role/:name` |
### Parameters
@ -331,17 +314,10 @@ $ curl \
"foo": "bar",
"key": "value"
},
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
],
"bound_zones": [
"eu-west2-a",
"us-east1-b"
],
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"],
"bound_zones": ["eu-west2-a", "us-east1-b"],
"max_ttl": 86400,
"policies": [
"prod"
],
"policies": ["prod"],
"project_id": "project-123456",
"type": "gce",
"ttl": 1800
@ -353,9 +329,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/gcp/roles` |
| Method | Path |
| :----- | :---------------- |
| `LIST` | `/auth/gcp/roles` |
### Sample Request
@ -368,13 +344,10 @@ $ curl \
### Sample Response
```json
```json
{
"data": {
"keys": [
"my-role",
"my-other-role"
]
"keys": ["my-role", "my-other-role"]
}
}
```
@ -383,9 +356,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/gcp/role/:role` |
| Method | Path |
| :------- | :--------------------- |
| `DELETE` | `/auth/gcp/role/:role` |
### Parameters
@ -407,9 +380,9 @@ Login to retrieve a Vault token. This endpoint takes a signed JSON Web Token
Cloud to authenticate that entity and then authorizes the entity for the given
role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/gcp/login` |
| Method | Path |
| :----- | :---------------- |
| `POST` | `/auth/gcp/login` |
### Sample Payload
@ -419,11 +392,10 @@ role.
- `jwt` `(string: <required>)` - A Signed [JSON Web Token][jwt].
- For `iam` type roles, this is a JWT signed with the
[`signJwt` method][signjwt-method] or a self-signed JWT.
[`signJwt` method][signjwt-method] or a self-signed JWT.
- For `gce` type roles, this is an [identity metadata token][instance-token].
### Sample Payload
```json
@ -449,11 +421,7 @@ $ curl \
"auth": {
"client_token": "f33f8c72-924e-11f8-cb43-ac59d697597c",
"accessor": "0e9e354a-520f-df04-6867-ee81cae3d42d",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"metadata": {
"project_id": "my-project",
"role": "my-role",

58
website/source/api/auth/github/index.html.md.erb → website/pages/api-docs/auth/github/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "GitHub - Auth Methods - HTTP API"
sidebar_title: "GitHub"
sidebar_current: "api-http-auth-github"
description: |-
This is the API documentation for the Vault GitHub auth method.
layout: api
page_title: GitHub - Auth Methods - HTTP API
sidebar_title: GitHub
description: This is the API documentation for the Vault GitHub auth method.
---
# GitHub Auth Method (API)
@ -22,9 +20,9 @@ please update your API calls accordingly.
Configures the connection parameters for GitHub. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/config` |
| Method | Path |
| :----- | :-------------------- |
| `POST` | `/auth/github/config` |
### Parameters
@ -33,7 +31,7 @@ distinction between the `create` and `update` capabilities inside ACL policies.
- `base_url` `(string: "")` - The API endpoint to use. Useful if you are running
GitHub Enterprise or an API-compatible authentication server.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -57,9 +55,9 @@ $ curl \
Reads the GitHub configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/config` |
| Method | Path |
| :----- | :-------------------- |
| `GET` | `/auth/github/config` |
### Sample Request
@ -91,9 +89,9 @@ $ curl \
Map a list of policies to a team that exists in the configured GitHub organization.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/teams/:team_name` |
| Method | Path |
| :----- | :---------------------------------- |
| `POST` | `/auth/github/map/teams/:team_name` |
### Parameters
@ -118,14 +116,13 @@ $ curl \
http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```
## Read Team Mapping
Reads the GitHub team policy mapping.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/teams/:team_name` |
| Method | Path |
| :----- | :---------------------------------- |
| `GET` | `/auth/github/map/teams/:team_name` |
### Sample Request
@ -158,9 +155,9 @@ $ curl \
Map a list of policies to a specific GitHub user exists in the configured
organization.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/users/:user_name` |
| Method | Path |
| :----- | :---------------------------------- |
| `POST` | `/auth/github/map/users/:user_name` |
### Parameters
@ -192,9 +189,9 @@ policy **in addition to** any team policies.
Reads the GitHub user policy mapping.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/users/:user_name` |
| Method | Path |
| :----- | :---------------------------------- |
| `GET` | `/auth/github/map/users/:user_name` |
### Sample Request
@ -222,14 +219,13 @@ $ curl \
}
```
## Login
Login using GitHub access token.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/github/login` |
| Method | Path |
| :----- | :------------------- |
| `POST` | `/auth/github/login` |
### Parameters
@ -272,4 +268,4 @@ $ curl \
"lease_duration": 7200,
"renewable": true
}
```
```

7
website/source/api/auth/index.html.md → website/pages/api-docs/auth/index.mdx
View File

@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Auth Methods - HTTP API"
sidebar_title: "Auth Methods"
sidebar_current: "api-http-auth"
layout: api
page_title: Auth Methods - HTTP API
sidebar_title: Auth Methods
description: |-
Each auth method publishes its own set of API paths and methods.
These endpoints are documented in this section.

92
website/source/api/auth/jwt/index.html.md.erb → website/pages/api-docs/auth/jwt/index.mdx
View File

@ -1,8 +1,7 @@
---
layout: "api"
page_title: "JWT/OIDC - Auth Methods - HTTP API"
sidebar_title: "JWT/OIDC"
sidebar_current: "api-http-auth-jwt-oidc"
layout: api
page_title: JWT/OIDC - Auth Methods - HTTP API
sidebar_title: JWT/OIDC
description: |-
This is the API documentation for the Vault JWT/OIDC authentication
method plugin.
@ -24,9 +23,9 @@ Configures the validation information to be used globally across all roles. One
(and only one) of `oidc_discovery_url` and `jwt_validation_pubkeys` must be
set.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/config` |
| Method | Path |
| :----- | :----------------- |
| `POST` | `/auth/jwt/config` |
### Parameters
@ -64,9 +63,9 @@ $ curl \
Returns the previously configured config.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/config` |
| Method | Path |
| :----- | :----------------- |
| `GET` | `/auth/jwt/config` |
### Sample Request
@ -97,27 +96,28 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login. At least one of the bound values must be set.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/role/:name` |
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/jwt/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `role_type` `(string: <optional>)` - Type of role, either "oidc" (default) or "jwt".
- `bound_audiences` `(array: <optional>)` - List of `aud` claims to match against.
Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles.
Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles.
- `user_claim` `(string: <required>)` - The claim to use to uniquely identify
the user; this will be used as the name for the Identity entity alias created
due to a successful login. The claim value must be a string.
- `clock_skew_leeway` `(int: <optional>)` - The amount of leeway to add to all claims to
account for clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled
- `clock_skew_leeway` `(int: <optional>)` - The amount of leeway to add to all claims to
account for clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled
if set to `-1`. Only applicable with "jwt" roles.
- `expiration_leeway` `(int: <optional>)` - The amount of leeway to add to expiration (`exp`) claims to
- `expiration_leeway` `(int: <optional>)` - The amount of leeway to add to expiration (`exp`) claims to
account for clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled
if set to `-1`. Only applicable with "jwt" roles.
- `not_before_leeway` `(int: <optional>)` - The amount of leeway to add to not before (`nbf`) claims to
if set to `-1`. Only applicable with "jwt" roles.
- `not_before_leeway` `(int: <optional>)` - The amount of leeway to add to not before (`nbf`) claims to
account for clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled
if set to `-1`. Only applicable with "jwt" roles.
if set to `-1`. Only applicable with "jwt" roles.
- `bound_subject` `(string: <optional>)` - If set, requires that the `sub`
claim matches this value.
- `bound_claims` `(map: <optional>)` - If set, a map of claims/values to match against.
@ -136,16 +136,13 @@ entities attempting to login. At least one of the bound values must be set.
logging is active. Not recommended in production since sensitive information may be present
in OIDC responses.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"policies": [
"dev",
"prod"
],
"policies": ["dev", "prod"],
"bound_subject": "sl29dlldsfj3uECzsU3Sbmh0F29Fios1@clients",
"bound_audiences": "https://myco.test",
"user_claim": "https://vault/user",
@ -175,9 +172,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/role/:name` |
| Method | Path |
| :----- | :--------------------- |
| `GET` | `/auth/jwt/role/:name` |
### Parameters
@ -221,9 +218,9 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/jwt/role` |
| Method | Path |
| :----- | :--------------- |
| `LIST` | `/auth/jwt/role` |
### Sample Request
@ -252,9 +249,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/jwt/role/:name` |
| Method | Path |
| :------- | :--------------------- |
| `DELETE` | `/auth/jwt/role/:name` |
### Parameters
@ -273,9 +270,9 @@ $ curl \
Obtain an authorization URL from Vault to start an OIDC login flow.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/oidc/auth_url` |
| Method | Path |
| :----- | :------------------------ |
| `POST` | `/auth/jwt/oidc/auth_url` |
### Parameters
@ -290,8 +287,8 @@ Obtain an authorization URL from Vault to start an OIDC login flow.
```json
{
"role": "dev-role",
"redirect_uri": "https://vault.myco.com:8200/ui/vault/auth/jwt/oidc/callback"
"role": "dev-role",
"redirect_uri": "https://vault.myco.com:8200/ui/vault/auth/jwt/oidc/callback"
}
```
@ -317,12 +314,13 @@ $ curl \
```
## OIDC Callback
Exchange an authorization code for an OIDC ID Token. The ID token will be further validated
against any bound claims, and if valid a Vault token will be returned.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/jwt/oidc/callback` |
| Method | Path |
| :----- | :------------------------ |
| `GET` | `/auth/jwt/oidc/callback` |
### Parameters
@ -365,9 +363,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/jwt/login` |
| Method | Path |
| :----- | :---------------- |
| `POST` | `/auth/jwt/login` |
### Parameters
@ -379,8 +377,8 @@ entity and then authorizes the entity for the given role.
```json
{
"role": "dev-role",
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
"role": "dev-role",
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

90
website/source/api/auth/kerberos/index.html.md.erb → website/pages/api-docs/auth/kerberos/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Kerberos - Auth Methods - HTTP API"
sidebar_title: "Kerberos"
sidebar_current: "api-http-auth-kerberos"
description: |-
This is the API documentation for the Vault Kerberos auth method plugin.
layout: api
page_title: Kerberos - Auth Methods - HTTP API
sidebar_title: Kerberos
description: This is the API documentation for the Vault Kerberos auth method plugin.
---
# Kerberos Auth Method (API)
@ -25,17 +23,17 @@ so both configurations are required.
This endpoint configures the keytab and service account to be used by Vault
for verifying inbound SPNEGO tokens.
| Method | Path |
| :------- | :--------------------------- |
| `POST` | `/auth/kerberos/config` |
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/auth/kerberos/config` |
- `keytab` `(string: <required>)` A base 64 representation of the contents
of the Kerberos keytab that will be used for verifying inbound SPNEGO tokens.
It should contain an entry matching the service account given. This can be
created through the following command: `$ base64 vault.keytab > vault.keytab.base64`.
of the Kerberos keytab that will be used for verifying inbound SPNEGO tokens.
It should contain an entry matching the service account given. This can be
created through the following command: `$ base64 vault.keytab > vault.keytab.base64`.
- `service_account` `(string: <required>)` The service account associated
with both the keytab entry and an LDAP service account created for Vault. Ex.:
`"vault_svc"`.
with both the keytab entry and an LDAP service account created for Vault. Ex.:
`"vault_svc"`.
### Sample Request
@ -61,9 +59,9 @@ $ curl \
This endpoint retrieves the service account for the Kerberos auth method.
The keytab is not returned because it is sensitive information.
| Method | Path |
| :------- | :--------------------------- |
| `GET` | `/auth/kerberos/config` |
| Method | Path |
| :----- | :---------------------- |
| `GET` | `/auth/kerberos/config` |
### Sample Request
@ -93,9 +91,9 @@ $ curl \
This endpoint configures LDAP in the Kerberos auth method.
| Method | Path |
| :------- | :--------------------------- |
| `POST` | `/auth/kerberos/config/ldap` |
| Method | Path |
| :----- | :--------------------------- |
| `POST` | `/auth/kerberos/config/ldap` |
### Parameters
@ -119,7 +117,7 @@ This endpoint configures LDAP in the Kerberos auth method.
- `certificate` `(string: "")` CA certificate to use when verifying LDAP server
certificate, must be x509 PEM encoded.
- `binddn` `(string: "")` Distinguished name of object to bind when performing
user search. Example: `cn=vault,ou=Users,dc=example,dc=com`
user search. Example: `cn=vault,ou=Users,dc=example,dc=com`
- `bindpass` `(string: "")` Password to use along with `binddn` when performing
user search.
- `userdn` `(string: "")` Base DN under which to perform user search. Example:
@ -142,14 +140,14 @@ This endpoint configures LDAP in the Kerberos auth method.
nested group resolution for Active Directory, instead use the following
query: `(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))`.
- `groupdn` `(string: "")` LDAP search base to use for group membership
search. This can be the root containing either groups or users. Example:
search. This can be the root containing either groups or users. Example:
`ou=Groups,dc=example,dc=com`
- `groupattr` `(string: "")` LDAP attribute to follow on objects returned by
`groupfilter` in order to enumerate user group membership. Examples: for
groupfilter queries returning _group_ objects, use: `cn`. For queries
returning _user_ objects, use: `memberOf`. The default is `cn`.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Request
@ -185,9 +183,9 @@ $ curl \
This endpoint retrieves the LDAP configuration for the Kerberos auth method.
| Method | Path |
| :------- | :--------------------------- |
| `GET` | `/auth/kerberos/config/ldap` |
| Method | Path |
| :----- | :--------------------------- |
| `GET` | `/auth/kerberos/config/ldap` |
### Sample Request
@ -232,9 +230,9 @@ $ curl \
This endpoint returns a list of existing LDAP groups in the Kerberos auth method.
| Method | Path |
| :------- | :---------------------- |
| `LIST` | `/auth/kerberos/groups` |
| Method | Path |
| :----- | :---------------------- |
| `LIST` | `/auth/kerberos/groups` |
### Sample Request
@ -253,10 +251,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"scientists",
"engineers"
]
"keys": ["scientists", "engineers"]
},
"lease_duration": 0,
"renewable": false,
@ -268,9 +263,9 @@ $ curl \
This endpoint returns the policies associated with a Kerberos LDAP group.
| Method | Path |
| :------- | :----------------------------- |
| `GET` | `/auth/kerberos/groups/:name` |
| Method | Path |
| :----- | :---------------------------- |
| `GET` | `/auth/kerberos/groups/:name` |
### Parameters
@ -289,10 +284,7 @@ $ curl \
```json
{
"data": {
"policies": [
"admin",
"default"
]
"policies": ["admin", "default"]
},
"renewable": false,
"lease_id": "",
@ -305,9 +297,9 @@ $ curl \
This endpoint creates or updates LDAP group policies.
| Method | Path |
| :-------- | :----------------------------- |
| `POST` | `/auth/kerberos/groups/:name` |
| Method | Path |
| :----- | :---------------------------- |
| `POST` | `/auth/kerberos/groups/:name` |
### Parameters
@ -337,9 +329,9 @@ $ curl \
This endpoint deletes the LDAP group and policy association.
| Method | Path |
| :------- | :----------------------------- |
| `DELETE` | `/auth/kerberos/groups/:name` |
| Method | Path |
| :------- | :---------------------------- |
| `DELETE` | `/auth/kerberos/groups/:name` |
### Parameters
@ -393,9 +385,9 @@ U5dsmUsj3+qrN9JruEADqw99t/EWnN3iTsHh1rOQOd9jIJ1wCIkgvnLB8Rad+q5jguG
sWw
```
| Method | Path |
| :------- | :--------------------------- |
| `POST` | `/auth/kerberos/login` |
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/kerberos/login` |
### Sample Request

108
website/source/api/auth/kubernetes/index.html.md.erb → website/pages/api-docs/auth/kubernetes/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Kubernetes - Auth Methods - HTTP API"
sidebar_title: "Kubernetes"
sidebar_current: "api-http-auth-kubernetes"
description: |-
This is the API documentation for the Vault Kubernetes auth method plugin.
layout: api
page_title: Kubernetes - Auth Methods - HTTP API
sidebar_title: Kubernetes
description: This is the API documentation for the Vault Kubernetes auth method plugin.
---
# Kubernetes Auth Method (API)
@ -24,23 +22,24 @@ existence with the Kubernetes TokenReview API. This endpoint configures the
public key used to validate the JWT signature and the necessary information to
access the Kubernetes API.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/config` |
| Method | Path |
| :----- | :------------------------ |
| `POST` | `/auth/kubernetes/config` |
### Parameters
- `kubernetes_host` `(string: <required>)` - Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
- `kubernetes_ca_cert` `(string: "")` - PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
- `token_reviewer_jwt` `(string: "")` - A service account JWT used to access the TokenReview
API to validate other JWTs during login. If not set
the JWT used for login will be used to access the API.
- `pem_keys` `(array: [])` - Optional list of PEM-formatted public keys or certificates
used to verify the signatures of Kubernetes service account
JWTs. If a certificate is given, its public key will be
extracted. Not every installation of Kubernetes exposes these
keys.
- `issuer` `(string: "")` - Optional JWT issuer. If no issuer is specified, then this plugin will
use `kubernetes.io/serviceaccount` as the default issuer.
- `kubernetes_host` `(string: <required>)` - Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
- `kubernetes_ca_cert` `(string: "")` - PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
- `token_reviewer_jwt` `(string: "")` - A service account JWT used to access the TokenReview
API to validate other JWTs during login. If not set
the JWT used for login will be used to access the API.
- `pem_keys` `(array: [])` - Optional list of PEM-formatted public keys or certificates
used to verify the signatures of Kubernetes service account
JWTs. If a certificate is given, its public key will be
extracted. Not every installation of Kubernetes exposes these
keys.
- `issuer` `(string: "")` - Optional JWT issuer. If no issuer is specified, then this plugin will
use `kubernetes.io/serviceaccount` as the default issuer.
### Sample Payload
@ -66,9 +65,9 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/config` |
| Method | Path |
| :----- | :------------------------ |
| `GET` | `/auth/kubernetes/config` |
### Sample Request
@ -97,11 +96,12 @@ that can perform login operations against this endpoint. Constraints specific
to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/role/:name`|
| Method | Path |
| :----- | :---------------------------- |
| `POST` | `/auth/kubernetes/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `bound_service_account_names` `(array: <required>)` - List of service account
names able to access this role. If set to "\*" all names are allowed, both this
@ -111,7 +111,7 @@ entities attempting to login.
this and bound_service_account_names can not be set to "\*".
- `audience` `(string: "")` - Optional Audience claim to verify in the JWT.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@ -119,11 +119,8 @@ entities attempting to login.
{
"bound_service_account_names": "vault-auth",
"bound_service_account_namespaces": "default",
"policies": [
"dev",
"prod"
],
"max_ttl": 1800000,
"policies": ["dev", "prod"],
"max_ttl": 1800000
}
```
@ -136,13 +133,14 @@ $ curl \
--data @payload.json \
http://127.0.0.1:8200/v1/auth/kubernetes/role/dev-role
```
## Read Role
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/kubernetes/role/:name` |
| Method | Path |
| :----- | :---------------------------- |
| `GET` | `/auth/kubernetes/role/:name` |
### Parameters
@ -160,16 +158,13 @@ $ curl \
```json
{
"data":{
"data": {
"bound_service_account_names": "vault-auth",
"bound_service_account_namespaces": "default",
"max_ttl": 1800000,
"ttl":0,
"ttl": 0,
"period": 0,
"policies":[
"dev",
"prod"
]
"policies": ["dev", "prod"]
}
}
```
@ -178,10 +173,10 @@ $ curl \
Lists all the roles that are registered with the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/kubernetes/role` |
| `GET` | `/auth/kubernetes/role?list=true` |
| Method | Path |
| :----- | :-------------------------------- |
| `LIST` | `/auth/kubernetes/role` |
| `GET` | `/auth/kubernetes/role?list=true` |
### Sample Request
@ -197,10 +192,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@ -209,9 +201,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/kubernetes/role/:role`|
| Method | Path |
| :------- | :---------------------------- |
| `DELETE` | `/auth/kubernetes/role/:role` |
### Parameters
@ -232,9 +224,9 @@ Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and
a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/login` |
| Method | Path |
| :----- | :----------------------- |
| `POST` | `/auth/kubernetes/login` |
### Sample Payload
@ -269,9 +261,7 @@ $ curl \
"auth": {
"client_token": "62b858f9-529c-6b26-e0b8-0457b6aacdb4",
"accessor": "afa306d0-be3d-c8d2-b0d7-2676e1c0d9b4",
"policies": [
"default"
],
"policies": ["default"],
"metadata": {
"role": "test",
"service_account_name": "vault-auth",

93
website/source/api/auth/ldap/index.html.md.erb → website/pages/api-docs/auth/ldap/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "LDAP - Auth Methods - HTTP API"
sidebar_title: "LDAP"
sidebar_current: "api-http-auth-ldap"
description: |-
This is the API documentation for the Vault LDAP auth method.
layout: api
page_title: LDAP - Auth Methods - HTTP API
sidebar_title: LDAP
description: This is the API documentation for the Vault LDAP auth method.
---
# LDAP Auth Method (API)
@ -21,9 +19,9 @@ please update your API calls accordingly.
This endpoint configures the LDAP auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/config` |
| Method | Path |
| :----- | :------------------ |
| `POST` | `/auth/ldap/config` |
### Parameters
@ -50,7 +48,7 @@ This endpoint configures the LDAP auth method.
- `certificate` `(string: "")` CA certificate to use when verifying LDAP server
certificate, must be x509 PEM encoded.
- `binddn` `(string: "")` Distinguished name of object to bind when performing
user search. Example: `cn=vault,ou=Users,dc=example,dc=com`
user search. Example: `cn=vault,ou=Users,dc=example,dc=com`
- `bindpass` `(string: "")` Password to use along with `binddn` when performing
user search.
- `userdn` `(string: "")` Base DN under which to perform user search. Example:
@ -73,14 +71,14 @@ This endpoint configures the LDAP auth method.
nested group resolution for Active Directory, instead use the following
query: `(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))`.
- `groupdn` `(string: "")` LDAP search base to use for group membership
search. This can be the root containing either groups or users. Example:
search. This can be the root containing either groups or users. Example:
`ou=Groups,dc=example,dc=com`
- `groupattr` `(string: "")` LDAP attribute to follow on objects returned by
`groupfilter` in order to enumerate user group membership. Examples: for
groupfilter queries returning _group_ objects, use: `cn`. For queries
returning _user_ objects, use: `memberOf`. The default is `cn`.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Request
@ -116,9 +114,9 @@ $ curl \
This endpoint retrieves the LDAP configuration for the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/config` |
| Method | Path |
| :----- | :------------------ |
| `GET` | `/auth/ldap/config` |
### Sample Request
@ -163,9 +161,9 @@ $ curl \
This endpoint returns a list of existing groups in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/groups` |
| Method | Path |
| :----- | :------------------ |
| `LIST` | `/auth/ldap/groups` |
### Sample Request
@ -184,10 +182,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"scientists",
"engineers"
]
"keys": ["scientists", "engineers"]
},
"lease_duration": 0,
"renewable": false,
@ -199,9 +194,9 @@ $ curl \
This endpoint returns the policies associated with a LDAP group.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/groups/:name` |
| Method | Path |
| :----- | :------------------------ |
| `GET` | `/auth/ldap/groups/:name` |
### Parameters
@ -236,9 +231,9 @@ $ curl \
This endpoint creates or updates LDAP group policies.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/groups/:name` |
| Method | Path |
| :----- | :------------------------ |
| `POST` | `/auth/ldap/groups/:name` |
### Parameters
@ -268,9 +263,9 @@ $ curl \
This endpoint deletes the LDAP group and policy association.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/ldap/groups/:name` |
| Method | Path |
| :------- | :------------------------ |
| `DELETE` | `/auth/ldap/groups/:name` |
### Parameters
@ -289,9 +284,9 @@ $ curl \
This endpoint returns a list of existing users in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/ldap/users` |
| Method | Path |
| :----- | :----------------- |
| `LIST` | `/auth/ldap/users` |
### Sample Request
@ -310,10 +305,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"mitchellh",
"armon"
]
"keys": ["mitchellh", "armon"]
},
"lease_duration": 0,
"renewable": false,
@ -325,9 +317,9 @@ $ curl \
This endpoint returns the policies associated with a LDAP user.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/ldap/users/:username` |
| Method | Path |
| :----- | :--------------------------- |
| `GET` | `/auth/ldap/users/:username` |
### Parameters
@ -363,9 +355,9 @@ $ curl \
This endpoint creates or updates LDAP users policies and group associations.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/users/:username` |
| Method | Path |
| :----- | :--------------------------- |
| `POST` | `/auth/ldap/users/:username` |
### Parameters
@ -398,7 +390,7 @@ $ curl \
This endpoint deletes the LDAP user and policy association.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :--------------------------- |
| `DELETE` | `/auth/ldap/users/:username` |
### Parameters
@ -418,9 +410,9 @@ $ curl \
This endpoint allows you to log in with LDAP credentials
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/ldap/login/:username` |
| Method | Path |
| :----- | :--------------------------- |
| `POST` | `/auth/ldap/login/:username` |
### Parameters
@ -454,10 +446,7 @@ $ curl \
"data": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": [
"admins",
"default"
],
"policies": ["admins", "default"],
"metadata": {
"username": "mitchellh"
},

104
website/source/api/auth/oci/index.html.md.erb → website/pages/api-docs/auth/oci/index.mdx
View File

@ -1,10 +1,8 @@
---
layout: "api"
page_title: "OCI - Auth Methods - HTTP API"
sidebar_title: "OCI"
sidebar_current: "api-http-auth-oci"
description: |-
This is the API documentation for the Vault OCI auth method plugin.
layout: api
page_title: OCI - Auth Methods - HTTP API
sidebar_title: OCI
description: This is the API documentation for the Vault OCI auth method plugin.
---
# OCI Auth Method (API)
@ -21,12 +19,13 @@ any location, please update your API calls accordingly.
Configure your home tenancy in the Vault, so that only users or instances from your tenancy will be allowed to log into Vault, through the OCI Auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/oci/config` |
| Method | Path |
| :----- | :----------------- |
| `POST` | `/auth/oci/config` |
### Parameters
- `home_tenancy_id` `(string: <required>)` - The Tenancy OCID of your OCI account.
- `home_tenancy_id` `(string: <required>)` - The Tenancy OCID of your OCI account.
### Sample Payload
@ -50,9 +49,9 @@ $ curl \
Returns the previously configured config.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/oci/config` |
| Method | Path |
| :----- | :----------------- |
| `GET` | `/auth/oci/config` |
### Sample Request
@ -66,7 +65,7 @@ $ curl \
```json
{
"data":{
"data": {
"home_tenancy_id": "ocid1.tenancy.oc1..aaaaaaaah7zkvaffv26pzyauoe2zbnionqvhvsexamplee557wakiofi4ysgqq"
}
}
@ -76,25 +75,23 @@ $ curl \
Create a Vault administrator role in the OCI Auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/oci/role/:name`|
| Method | Path |
| :----- | :--------------------- |
| `POST` | `/auth/oci/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `ocid_list` `(string: <required>)` - A comma separated list of Group or Dynamic Group OCIDs that can take this role.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"ocid_list": "ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq,ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea",
"token_policies": [
"dev",
"prod"
],
"token_policies": ["dev", "prod"],
"token_ttl": 1800
}
```
@ -113,9 +110,9 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/auth/oci/role/:name` |
| Method | Path |
| :----- | :--------------------- |
| `GET` | `/auth/oci/role/:name` |
### Parameters
@ -133,13 +130,13 @@ $ curl \
```json
{
"data":{
"ocid_list": ["ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq","ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea"],
"data": {
"ocid_list": [
"ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq",
"ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea"
],
"token_ttl": 1800,
"token_policies":[
"dev",
"prod"
]
"token_policies": ["dev", "prod"]
}
}
```
@ -148,10 +145,10 @@ $ curl \
Lists all the roles that are registered with the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `LIST` | `/auth/oci/role` |
| `GET` | `/auth/oci/role?list=true` |
| Method | Path |
| :----- | :------------------------- |
| `LIST` | `/auth/oci/role` |
| `GET` | `/auth/oci/role?list=true` |
### Sample Request
@ -167,10 +164,7 @@ $ curl \
```json
{
"data": {
"keys": [
"devrole",
"prodrole"
]
"keys": ["devrole", "prodrole"]
}
}
```
@ -179,9 +173,9 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/oci/role/:role`|
| Method | Path |
| :------- | :--------------------- |
| `DELETE` | `/auth/oci/role/:role` |
### Parameters
@ -202,9 +196,9 @@ Fetch a token. This endpoint takes signed request headers and
a role name for some entity. It verifies the signed request headers to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/oci/login/:role` |
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/auth/oci/login/:role` |
### Parameters
@ -215,13 +209,15 @@ entity and then authorizes the entity for the given role.
```json
{
"request_headers": {
"date": ["Fri, 22 Aug 2019 21:02:19 GMT"],
"(request-target)": ["get /v1/auth/oci/login/devrole"],
"host": ["127.0.0.1"],
"content-type": ["application/json"],
"authorization": ["Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7\",signature=\"GBas7grhyrhSKHP6AVIj/h5/Vp8bd/peM79H9Wv8kjoaCivujVXlpbKLjMPeDUhxkFIWtTtLBj3sUzaFj34XE6YZAHc9r2DmE4pMwOAy/kiITcZxa1oHPOeRheC0jP2dqbTll8fmTZVwKZOKHYPtrLJIJQHJjNvxFWeHQjMaR7M=\",version=\"1\""]
}
"request_headers": {
"date": ["Fri, 22 Aug 2019 21:02:19 GMT"],
"(request-target)": ["get /v1/auth/oci/login/devrole"],
"host": ["127.0.0.1"],
"content-type": ["application/json"],
"authorization": [
"Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7\",signature=\"GBas7grhyrhSKHP6AVIj/h5/Vp8bd/peM79H9Wv8kjoaCivujVXlpbKLjMPeDUhxkFIWtTtLBj3sUzaFj34XE6YZAHc9r2DmE4pMwOAy/kiITcZxa1oHPOeRheC0jP2dqbTll8fmTZVwKZOKHYPtrLJIJQHJjNvxFWeHQjMaR7M=\",version=\"1\""
]
}
}
```
@ -241,9 +237,7 @@ $ curl \
"auth": {
"token": "62b8ssf9-529c-6b26-e0b8-045fcdb4",
"token_accessor": "afaff6d0-be3d-c8d2-b0d7-2676sss0d9b4",
"token_policies": [
"dev"
],
"token_policies": ["dev"],
"token_duration": 1800
}
}

Some files were not shown because too many files have changed in this diff Show More