This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
* Removed red spellcheck underline for sensitive and secret KV values
* Added changelog file
* Moved spellcheck change into masked-input component file so that spellcheck does not apply for all sensitive fields
* Add integration tests for aliased PKI paths (root/rotate, root/replace)
- Add tests for the two api endpoints
- Also return the issuer_name field within the generate root api response
* Add key_name to generate root api endpoint response and doc updates
- Since we are now returning issuer_name, we should also return key_name
- Update the api-docs for the generate root endpoint responses and add
missing arguments that we accept.
* VAULT-6131 OpenAPI schema now includes /auth/token endpoints when explicit permission has been granted
* VAULT-6131 add changelog
* VAULT-6131 Update changelog and fix related bug
* Add a little more information about PKI and replicated data sets.
- Add a TOC to the PKI considerations page
- Merge in the existing certificate storage into a new Replicated DataSets
section
- Move the existing Cluster Scalability section from the api-docs into the
considerations page.
* Add recommendations on key types and PKI performance
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Update website/content/docs/secrets/pki/considerations.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update to ttl component
- Allow the ttl component to work without displaying toggle
- Used in mfa method totp form
* Added tooltip if toggle is not present
- Fixed MFA delete message
* fix plugin reload mounts
* do not require sys/ prefix
* update plugin reload docs with examples
* fix unit test credential read path
* update docs to reflect correct cli usage
* allow sys/auth/foo or auth/foo
* append trailing slash if it doesn't exist in request
* add changelog
* use correct changelog number
* Add Read methods for KVClient
* KV write helper
* Add changelog
* Add Delete method
* Use extractVersionMetadata inside extractDataAndVersionMetadata
* Return nil, nil for v1 writes
* Add test for extracting version metadata
* Split kv client into v1 and v2-specific clients
* Add ability to set options on Put
* Add test for KV helpers
* Add custom metadata to top level and allow for getting versions as sorted slice
* Update tests
* Separate KV v1 and v2 into different files
* Add test for GetVersionsAsList, rename Metadata key to VersionMetadata for clarity
* Move structs and godoc comments to more appropriate files
* Add more tests for extract methods
* Rework custom metadata helper to be more consistent with other helpers
* Remove KVSecret from custom metadata test now that we don't append to it as part of helper method
* Return early for readability and make test value name less confusing
