* docs(#16222): add documentation for changes in PR hashicorp/vault-plugin-secrets-kubernetes#10
* docs(#16222): add changelog entry
* docs(#16222): improve documentation to make the use case of setting both allowed_kubernetes_namespaces and allowed_kubernetes_namespace_selector parameters for role configuration
* Clarification for local mounts in the context of DR
The docs were unclear on this point, so @russparsloe and I looked into it.
Local mounts are indeed replicated to DR secondaries.
This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating
* changelog
* fix changelog syntax for local mount with DR (#16218)
* pki: When a role sets key_type to any ignore key_bits value when signing
- Bypass the validation for the role's key_bits value when signing CSRs
if the key_type is set to any. We still validate the key is at least
2048 for RSA backed CSRs as we did in 1.9.x and lower.
- Make the dev quick start link readily available on the client library documentation page
- Move the full code samples to the top of the dev quickstart page so that they're easily accessible.
- Update the api/readme to have a link to the dev quickstart
I added a small example from the main docs along with some explanation,
and added links to the main docs and the tutorial.
I also took this opportunity to sort the platform left nav bar.
* add func to set level for specific logger
* add endpoints to modify log level
* initialize base logger with IndependentLevels
* test to ensure other loggers remain unchanged
* add DELETE loggers endpoints to revert back to config
* add API docs page
* add changelog entry
* remove extraneous line
* add log level field to Core struct
* add godoc for getLogLevel
* add some loggers to c.allLoggers
* Add signature_bits to sign-intermediate
This endpoint was lacking the signature_bits field like all the other
endpoints. Notably, in #15478, the ability to customize the intermediate
CSR's signature bits was removed without checking for the ability to
customize the final (root-signed) intermediate certificate's value.
This adds in that missing ability, bringing us parity with root
generation and role-based signing.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add signature_bits to sign-verbatim
This endpoint was also lacking the signature_bits field, preventing
other signature hash functions from being utilized here.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
The KMIP backend has four new parameters for the API call to create or update a
role:
- operation_decrypt
- operation_encrypt
- operation_import
- operation_query
The returned chain on the issuer is presented both for signing request
responses and (if the default issuer) on the /ca_chain path. Overriding
the issuers' automatically constructed chain with a manual_chain allows
removal of the root CA if desired.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Update helm standalone TLS doc for k8s 1.22
The `CertificateSigningRequest` for `v1beta1` API is no longer
available, and now requires the `signerName` parameter.
Many thanks to @DavidRBanks for the helpful notes in
https://github.com/hashicorp/vault-helm/issues/243#issuecomment-962551898
I tested this on Kubernetes 1.21 and 1.24. I also adjusted the `tr`
command to work better on macOS (and still works fine on Linux).
- Document Transit and sys random endpoint in 1.11+
- Document PKI and SSH CAs only, no leaves
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add cn_validations PKI Role parameter
This new parameter allows disabling all validations on a common name,
enabled by default on sign-verbatim and issuer generation options.
Presently, the default behavior is to allow either an email address
(denoted with an @ in the name) or a hostname to pass validation.
Operators can restrict roles to just a single option (e.g., for email
certs, limit CNs to have strictly email addresses and not hostnames).
By setting the value to `disabled`, CNs of other formats can be accepted
without validating their contents against our minimal correctness checks
for email/hostname/wildcard that we typically apply even when broad
permissions (allow_any_name=true, enforce_hostnames=false, and
allow_wildcard_certificates=true) are granted on the role.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update PKI tests for cn_validation support
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add PKI API documentation on cn_validations
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use new -mount syntax for all KV subcommands in 1.11 docs
* Use more appropriate heading size for mount flag syntax
* Add the explanatory syntax blurb from the -help text
* Adjust some wording
The injector's `service` annotation is really the vault address to
use, and not just the name of the service.
Also change a couple mentions of "controller" to "injector".
* VAULT-6091 Document duration format
* VAULT-6091 Document duration format
* VAULT-6091 Update wording
* VAULT-6091 Update to duration format string, replace everywhere I've found so far
* VAULT-6091 Add the word 'string' to the nav bar
* VAULT-6091 fix link
* VAULT-6091 fix link
* VAULT-6091 Fix time/string, add another reference
* VAULT-6091 add some misses for references to this format
* Handle func
* Update - check if key_type and key_bits are allowed
* Update - fields
* Generating keys based on provided key_type and key_bits
* Returning signed key
* Refactor
* Refactor update to common logic function
* Descriptions
* Tests added
* Suggested changes and tests added and refactored
* Suggested changes and fmt run
* File refactoring
* Changelog file
* Update changelog/15561.txt
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Suggested changes - consistent returns and additional info to test messages
* ssh issue key pair documentation
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Overhaul consul docs and api-docs for new 1.11 features
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Update AWS auth docs for SHA-1 deprecation
We now recommend `/rsa2048` as the preferred AWS signature moving
foward, as `/pkcs7` and `/signature` will stop working by default in
Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment
due to the move to Go 1.18.
I also took this oppoturnity to try to make the docs less confusing
and more consistent with all of the usages of signature, PKCS#7, DSA,
and RSA terminology.
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Add support notes, Entropy Augmentation notes, RH repo
This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Wording changes per Scott
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Match listing_visibility in system/auth with system/mounts
See also: #15209
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix path-help for listing_visibility
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add missing key_ref parameter to gen root docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add API docs section on key generation
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about managed key access
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update fips1402.mdx
Added Link to new Compliance letter and details on what makes this different from Seal Wrap
* Update website/content/docs/enterprise/fips/fips1402.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/enterprise/fips/fips1402.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/enterprise/fips/fips1402.mdx
* Update website/content/docs/enterprise/fips/fips1402.mdx
* Update website/content/docs/enterprise/fips/fips1402.mdx
* Update website/content/docs/enterprise/fips/fips1402.mdx
* Update website/content/docs/enterprise/fips/fips1402.mdx
Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
* Add integration tests for aliased PKI paths (root/rotate, root/replace)
- Add tests for the two api endpoints
- Also return the issuer_name field within the generate root api response
* Add key_name to generate root api endpoint response and doc updates
- Since we are now returning issuer_name, we should also return key_name
- Update the api-docs for the generate root endpoint responses and add
missing arguments that we accept.
* Add a little more information about PKI and replicated data sets.
- Add a TOC to the PKI considerations page
- Merge in the existing certificate storage into a new Replicated DataSets
section
- Move the existing Cluster Scalability section from the api-docs into the
considerations page.
* Add recommendations on key types and PKI performance
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update website/content/docs/secrets/pki/considerations.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* fix plugin reload mounts
* do not require sys/ prefix
* update plugin reload docs with examples
* fix unit test credential read path
* update docs to reflect correct cli usage
* allow sys/auth/foo or auth/foo
* append trailing slash if it doesn't exist in request
* add changelog
* use correct changelog number
* Add API docs for Kubernetes secret engine
* alphabetical ordering for K-items in docs sidebar
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>
Add deprecation note about X.509/SHA-1
In preparation for moving to Go 1.18 in Vault 1.12.
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Updated documentation to describe the behavior when supplying `VAULT_HTTP_PROXY`. Also added support for `VAULT_PROXY_ADDR` as a 'better name' for `VAULT_HTTP_PROXY`.
* Add note about cross-cluster CRL URIs
As suggested by Ricardo Oliveira, thanks!
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note that short TTLs are relative to quantity
As suggested by Ricardo Oliveira, thanks!
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note to make sure default is configured
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about automating certificate renewal
As suggested by Ricardo Oliveira, thanks!
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* initial updates for license FAQs for 1.11
* add links, tense fixes
* Update deprecation doc link
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* fix links
* fix a couple missed version-specific links
* change 1 to one
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Add tests for role patching
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Prevent bad issuer names on update
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add documentation on PATCH operations
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* PKI - Add not_before_duration API parameter to:
- Root CA generation
- Intermediate CA generation
- Intermediate CA signing
* Move not_before_duration to addCACommonFields
This gets applied on both root generation and intermediate signing,
which is the correct place to apply this.
Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Resolves: #10631
Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add test case for root/generate, sign-intermediate
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update path role description
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add new not_before_duration to relevant docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: guysv <sviryguy@gmail.com>
* Add leaf not after best practice
Also suggest concrete recommendations for lifetimes of various issuers.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add advice to use a proper CA hierarchy
Also mention name constraints and HSM backing.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add section on safer usage of Roles
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add initial RBAC example for PKI
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
* Protect against key and issuer name re-use
- While importing keys and issuers verify that the provided name if any has not been used by another key that we did not match against.
- Validate an assumption within the key import api, that we were provided a single key
- Add additional tests on the new key generation and key import handlers.
* Protect key import api end-users from using "default" as a name
- Do not allow end-users to provide the value of default as a name for key imports
as that would lead to weird and wonderful behaviors to the end-user.
* Add missing api-docs for PKI key import
* Begin restructuring FIPS documentation
This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.
We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add initial FIPS 140-2 inside documentation
This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add notes about FIPS algorithm restrictions
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Use "not_before_duration" fiueld from role if above 0
* 'test' and update docs
* changelog file
* Requested changes - improved test and better description to changelog
* changelog description:
* update to ttl and not_before_duration API docs
* Rename pki.mdx -> pki/index.mdx
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Split off quick-start document
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Split off considerations document
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Split off intermediate CA setup document
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Split off setup and usage document
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Consistent quick-start doc naming
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add table of contents to index
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
The Parameter `cidr_list` is not support for Key_Type CA, customer was confused on this, so I feel we should specifically call this out to ensure there is no confusion
* POC of Okta Auth Number Challenge verification
* switch from callbacks to operations, forward validate to primary
* cleanup and nonce description update
* add changelog
* error on empty nonce, no forwarding, return correct_answer instead
* properly clean up verify goroutine
* add docs on new endpoint and parameters
* change polling frequency when WAITING to 1s
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
* Update API docs for multiple issuer functionality
This substantially restructures the PKI secret engine's docs for two
purposes:
1. To provide an explicit grouping of APIs by user usage and roles,
2. To add all of the new APIs, hopefully with as minimal duplication
as possible.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add section on vault cli with DER/PEM response formats
- Add [1] links next to the DER/PEM format entries within various PKI
response tables. These link to a new section explaining that the vault
cli does not support DER/PEM response formats
- Remove repetition of vault cli blurb in various description fields.
- Fix up some typos
* Restructure API docs and add missing sections
Also addresses minor nits in the content.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify some language in the API docs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update website/content/api-docs/secret/pki.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
* Add server information as well as ability to collect metrics from DR secondary
* Update debug docs
Adding additional information around ability to gather metrics from DR secondary
* Fix broken link in updated doc
* Create 15316.txt
Create changelog entry
* Fix Formatting
* Update website/content/docs/commands/debug.mdx
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update changelog/15316.txt
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Trigger Build
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Allow callers to choose the entropy source for the random endpoints
* Put source in the URL for sys as well
* changelog
* docs
* Fix unit tests, and add coverage
* refactor to use a single common implementation
* Update documentation
* one more tweak
* more cleanup
* Readd lost test expected code
* fmt
* Add command help info
* Explain CLI and API correlation
* Update the heading level
* Updated the command example with more description
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/index.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Incorporate review feedback
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* website: rm content moved to learn
* fix: delete intro page file and data
* fix: restore page file so build works, need to make change in dev-dot
* fix: avoid empty sidebar data error
* fix: proper rm now that hashicorp/dev-portal#287 has landed
* VAULT-5422: Add rate limit for TOTP passcode attempts
* fixing the docs
* CL
* feedback
* Additional info in doc
* rate limit is done per entity per methodID
* refactoring a test
* rate limit OSS work for policy MFA
* adding max_validation_attempts to TOTP config
* feedback
* checking for non-nil reference
When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.
Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add explanation to help text and flag usage text
* KV get with new mount flag
* Clearer naming
* KV Put, Patch, Metadata Get + corresponding tests
* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut
* Update KV-v2 docs to use mount flag syntax
* Add changelog
* Run make fmt
* Clarify deprecation message in help string
* Address style comments
* docs/multiplexing: overhaul plugin documentation
* update nav data
* remove dupe nav data
* add external plugin section to index
* move custom plugin backends under internals/plugins
* remove ref to moved page
* revert moving custom plugin backends
* add building plugins from source section to plug dev
* add mux section to plugin arch
* add mux section to custom plugin page
* reorder custom database page
* use 'external plugin' where appropriate
* add link to plugin multiplexing
* fix example serve multiplex func call
* address review comments
* address review comments
* Minor format updates (#14590)
* mv Plugins to top-level; update upgrading plugins
* update links after changing paths
* add section on external plugin scaling characteristics
* add updates on plugin registration in plugin management page
* add plugin learn resource
* be more explicit about mux upgrade steps; add notes on when to avoid db muxing
* add plugin upgrade built-in section
* add caveats to built-in plugin upgrade
* improvements to built-in plugin override
* formatting, add redirects, correct multiplexing use case
* fix go-plugin link
* Apply suggestions from code review
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* remove single item list; add link to Database interface
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* create release notes file
* added content for Tranform FPE
* fixed spelling errors
* modified content for scaling db plugins
* updated based on feedback
* more feedback
* removed integrated storage enhancements per feedback
* removed extra wording
* fixed broken link
* updated verbage for db2 support based on feedback
* added link to readme for caching
* fixed broken link
* fixed out of place text
* added another known issue
* modified text
* changed forward statement
* added note
This syncs the deletion text from one of Josh's PRs into OSS to be
visible on the website. Suggested by Nick.
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* update sample request in create managed keys
* Update documentation for curve param
* Add period at end of sentence
* Update key_bits documentation for aws and azure
* Update description of certificate fetch API
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify /config/crl and /config/url PKI are empty
GET-ing these URLs will return 404 until such time as a config is posted
to them, even though (in the case of CRL), default values will be used.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify usage of /pki/crl/rotate
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update documentation around PKI key_bits
This unifies the description of key_bits to match the API description
(which is consistent across all usages).
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix indented field descriptions in PKI paths
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify documentation around serial_number
Note that this field has no impact on the actual Serial Number field and
only an attribute in the requested certificate's Subject.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix spelling of localdomain
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* add tip for how to force a secrets engine disable
* add warning to force disable secrets instructions
* clean up wording
* add force secrets engine disable info to api doc
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/api-docs/system/mounts.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/secrets/disable.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/commands/secrets/disable.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* feedback updates
* impl taoism feedback
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* remove mount accessor from MFA config
* Update login_mfa_duo_test.go
* DUO test with entity templating
* using identitytpl.PopulateString to perform templating
* minor refactoring
* fixing fmt failures in CI
* change username format to username template
* fixing username_template example
* Add documentation for Managed Keys
- Add concept, sys/api and pki updates related to managed keys
* Review feedback
- Reworked quite a bit of the existing documentation based on feedback
and a re-reading
- Moved the managed keys out of the concepts section and into the
enterprise section
* Address broken links and a few grammar tweaks
* add documentation for AWS KMS managed keys
* a couple small fixes
* # Conflicts:
# website/content/api-docs/secret/pki.mdx
# website/content/api-docs/system/managed-keys.mdx
# website/content/docs/enterprise/managed-keys.mdx
* docs updates
* # Conflicts:
# sdk/version/version_base.go
# vault/seal_autoseal_test.go
# website/content/api-docs/system/managed-keys.mdx
# website/content/docs/enterprise/managed-keys.mdx
* remove endpoint env var
* Document Azure Key Vault parameters for managed keys.
* docs changes for aws kms managed keys
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
* add mount move docs
* add missed word
* Update website/content/api-docs/system/remount.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* one clarification
* docs changes from feedback
* couple things i missed
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Loann Le