scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

New Website! (#8154)

Browse Source 
* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes
This commit is contained in:
Jeff Escalante
2020-01-17 19:18:09 -05:00
committed by Calvin Leung Huang
parent 50437ab88b
commit 0c9affe582
883 changed files with 32458 additions and 35611 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
.circleci/config.yml generated
View File

@@ -305,6 +305,29 @@ jobs:
- GO_VERSION: 1.12.14
- GO111MODULE: 'off'
- GOTESTSUM_VERSION: 0.3.3
website-docker-image:
docker:
- image: circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
command: |
echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
name: Diff package-lock.json
- run:
command: |
if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
cd website/
docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker push hashicorp/vault-website
else
echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
fi
name: Build Docker Image if Necessary
workflows:
ci:
jobs:
@@ -332,6 +355,7 @@ workflows:
- test-go-race:
requires:
- build-go-dev
- website-docker-image
version: 2
# Original config.yml file:
@@ -574,6 +598,29 @@ workflows:
# export PATH=\"${PWD}\"/bin:${PATH}
# make test-ui-browserstack
# name: Run Browserstack Tests
# website-docker-image:
# docker:
# - image: circleci/buildpack-deps
# shell: /usr/bin/env bash -euo pipefail -c
# steps:
# - checkout
# - setup_remote_docker
# - run:
# command: |
# echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
# name: Diff package-lock.json
# - run:
# command: |
# if [ \"$CIRCLE_BRANCH\" = \"master\" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
# cd website/
# docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
# docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
# docker login -u $DOCKER_USER -p $DOCKER_PASS
# docker push hashicorp/vault-website
# else
# echo \"Not building a new website docker image - branch is not master and/or dependencies have not changed.\"
# fi
# name: Build Docker Image if Necessary
# references:
# cache:
# go-sum: go-sum-v1-{{ checksum \"go.sum\" }}
@@ -608,3 +655,4 @@ workflows:
# - test-go-race:
# requires:
# - build-go-dev
# - website-docker-image

22
.circleci/config/jobs/website-docker-image.yml Normal file
View File

@@ -0,0 +1,22 @@
docker:
- image: circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
name: Diff package-lock.json
command: |
echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
- run:
name: Build Docker Image if Necessary
command: |
if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
cd website/
docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker push hashicorp/vault-website
else
echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
fi

1
.circleci/config/workflows/ci.yml
View File

@@ -24,3 +24,4 @@ jobs:
- test-go-race:
requires:
- build-go-dev
- website-docker-image

18
website/.editorconfig Normal file
View File

@@ -0,0 +1,18 @@
# This file is for unifying the coding style for different editors and IDEs
# editorconfig.org
root = true
[*]
end_of_line = lf
charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 2
[Makefile]
indent_style = tab
[{*.md,*.json}]
max_line_length = null

5
website/.eslintrc.js Normal file
View File

@@ -0,0 +1,5 @@
module.exports = {
...require('@hashicorp/nextjs-scripts/.eslintrc.js'),
/* Specify overrides here */
ignorePatterns: ['public/']
}

5
website/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
node_modules
.DS_Store
.next
out
.mdx-data

1
website/.node-version
View File

@@ -1 +0,0 @@
10.15.3

8
website/.npm-upgrade.json Normal file
View File

@@ -0,0 +1,8 @@
{
"ignore": {
"marked": {
"versions": "0.8.0",
"reason": "breaks IE"
}
}
}

4
website/.prettierrc
View File

@@ -1,4 +0,0 @@
{
"semi": false,
"singleQuote": true
}

7
website/Dockerfile Normal file
View File

@@ -0,0 +1,7 @@
FROM node:10.16.3-alpine
RUN apk add --update --no-cache git make g++ automake autoconf libtool nasm libpng-dev
COPY ./package.json /website/package.json
COPY ./package-lock.json /website/package-lock.json
WORKDIR /website
RUN npm install

9
website/Gemfile
View File

@@ -1,9 +0,0 @@
source "https://rubygems.org"
gem 'middleman', '~> 4.2'
gem 'middleman-hashicorp', git: 'https://github.com/carrot/middleman-hashicorp'
# gem 'middleman-hashicorp', path: '/Users/jeff/Sites/middleman-hashicorp-carrot'
gem 'builder'
gem 'tzinfo-data', platforms: [:mswin, :mingw, :jruby]
gem 'wdm', '~> 0.1', platforms: [:mswin, :mingw]
gem 'middleman-dato'

175
website/Gemfile.lock
View File

@@ -1,175 +0,0 @@
GIT
remote: https://github.com/carrot/middleman-hashicorp
revision: a1e3615e8f7d1c3c798d1ec7d7040ff1ba565c0f
specs:
middleman-hashicorp (0.3.28)
activesupport (~> 5.0)
middleman (~> 4.2)
middleman-dato
middleman-livereload (~> 3.4)
middleman-syntax (~> 3.0)
nokogiri (~> 1.8)
redcarpet (~> 3.3)
GEM
remote: https://rubygems.org/
specs:
activesupport (5.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
backports (3.15.0)
builder (3.2.3)
cacert (0.5.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.12.2)
concurrent-ruby (1.1.5)
contracts (0.13.0)
dato (0.7.7)
activesupport (>= 4.2.7)
addressable
cacert
dato_json_schema
dotenv
faraday (>= 0.9.0)
faraday_middleware (>= 0.9.0)
imgix (>= 0.3.1)
listen
mime-types
pusher-client
thor
toml
dato_json_schema (0.20.8)
dotenv (2.1.0)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
erubis (2.7.0)
eventmachine (1.2.7)
execjs (2.7.0)
faraday (0.17.0)
multipart-post (>= 1.2, < 3)
faraday_middleware (0.13.1)
faraday (>= 0.7.4, < 1.0)
fast_blank (1.0.0)
fastimage (2.1.7)
ffi (1.11.1)
haml (5.1.2)
temple (>= 0.8.0)
tilt
hamster (3.0.0)
concurrent-ruby (~> 1.0)
hashie (3.6.0)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
imgix (3.1.1)
addressable
json (2.2.0)
kramdown (1.17.0)
listen (3.0.8)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
memoist (0.16.0)
middleman (4.3.5)
coffee-script (~> 2.2)
haml (>= 4.0.5)
kramdown (~> 1.2)
middleman-cli (= 4.3.5)
middleman-core (= 4.3.5)
middleman-cli (4.3.5)
thor (>= 0.17.0, < 2.0)
middleman-core (4.3.5)
activesupport (>= 4.2, < 5.1)
addressable (~> 2.3)
backports (~> 3.6)
bundler
contracts (~> 0.13.0)
dotenv
erubis
execjs (~> 2.0)
fast_blank
fastimage (~> 2.0)
hamster (~> 3.0)
hashie (~> 3.4)
i18n (~> 0.9.0)
listen (~> 3.0.0)
memoist (~> 0.14)
padrino-helpers (~> 0.13.0)
parallel
rack (>= 1.4.5, < 3)
sassc (~> 2.0)
servolux
tilt (~> 2.0.9)
uglifier (~> 3.0)
middleman-dato (0.9.0)
activesupport
dato (>= 0.7.0)
dotenv (<= 2.1)
middleman-core (>= 4.1.10)
middleman-livereload (3.4.6)
em-websocket (~> 0.5.1)
middleman-core (>= 3.3)
rack-livereload (~> 0.3.15)
middleman-syntax (3.2.0)
middleman-core (>= 3.2)
rouge (~> 3.2)
mime-types (3.3)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.1009)
mini_portile2 (2.4.0)
minitest (5.12.2)
multipart-post (2.1.1)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
padrino-helpers (0.13.3.4)
i18n (~> 0.6, >= 0.6.7)
padrino-support (= 0.13.3.4)
tilt (>= 1.4.1, < 3)
padrino-support (0.13.3.4)
activesupport (>= 3.1)
parallel (1.18.0)
parslet (1.8.2)
public_suffix (4.0.1)
pusher-client (0.6.2)
json
websocket (~> 1.0)
rack (2.0.7)
rack-livereload (0.3.17)
rack
rb-fsevent (0.10.3)
rb-inotify (0.10.0)
ffi (~> 1.0)
redcarpet (3.5.0)
rouge (3.12.0)
sassc (2.2.1)
ffi (~> 1.9)
servolux (0.13.0)
temple (0.8.2)
thor (0.20.3)
thread_safe (0.3.6)
tilt (2.0.10)
toml (0.2.0)
parslet (~> 1.8.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
uglifier (3.2.0)
execjs (>= 0.3.0, < 3)
websocket (1.2.8)
PLATFORMS
ruby
DEPENDENCIES
builder
bundler (= 2.0.1)
middleman (~> 4.2)
middleman-dato
middleman-hashicorp!
tzinfo-data
wdm (~> 0.1)

10
website/LICENSE.md
View File

@@ -1,10 +0,0 @@
# Proprietary License
This license is temporary while a more official one is drafted. However,
this should make it clear:
The text contents of this website are MPL 2.0 licensed.
The design contents of this website are proprietary and may not be reproduced
or reused in any way other than to run the website locally. The license for
the design is owned solely by HashiCorp, Inc.

76
website/Makefile
View File

@@ -1,32 +1,56 @@
configure-cache:
@mkdir -p tmp/cache .bundle
build: configure-cache
@echo "==> Starting build in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--volume "$(shell pwd):/opt/buildhome/repo" \
--volume "$(shell pwd)/tmp/cache:/opt/buildhome/cache" \
--user buildbot:$(shell id -g) \
--env "ENV=production" \
netlify/build \
build "sh bootstrap.sh && middleman build --verbose"
website: configure-cache
# Default: run this if working on the website locally to run in watch mode.
website:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting website in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--volume "$(shell pwd):/opt/buildhome/repo" \
--volume "$(shell pwd)/tmp/cache:/opt/buildhome/cache" \
--user buildbot:$(shell id -g) \
--publish "4567:4567" \
--publish "35729:35729" \
--env "ENV=production" \
netlify/build \
build "sh bootstrap.sh && middleman"
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
--publish "3000:3000" \
hashicorp/vault-website \
npm start
.PHONY: configure-cache build website
# This command will generate a static version of the website to the "out" folder.
build:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting build in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
hashicorp/vault-website \
npm run static
# If you are changing node dependencies locally, run this to generate a new
# local Docker image with the dependency changes included.
build-image:
@echo "==> Building Docker image..."
@docker build -t hashicorp-vault-website-local .
# Use this if you have run `build-image` to use the locally built image
# rather than our CI-generated image to test dependency changes.
website-local:
@echo "==> Downloading latest Docker image..."
@docker pull hashicorp/vault-website
@echo "==> Starting website in Docker..."
@docker run \
--interactive \
--rm \
--tty \
--workdir "/website" \
--volume "$(shell pwd):/website" \
--volume "/website/node_modules" \
--publish "3000:3000" \
hashicorp-vault-website-local \
npm start
.DEFAULT_GOAL := website
.PHONY: build build-image website website-local

87
website/README.md
View File

@@ -1,48 +1,73 @@
# Vault Website
This subdirectory contains the entire source for the [Vault Website][vault].
This is a [Middleman][middleman] project, which builds a static site from these
source files.
[![Netlify Status](https://img.shields.io/netlify/f7fa8963-0022-4a0e-9ccf-f5385355906b?style=flat-square)](https://app.netlify.com/sites/vault-docs-platform/deploys)
## Updating Navigation
There are a couple different places on the website that present navigation interfaces with differing levels of detail.
On the homepage, docs index page, and api docs index page, there are grids of major categories [that look like this](https://cl.ly/73df9722848d/Screen%20Shot%202018-11-09%20at%2011.40.56%20AM.png). These major category grids can be updated through [`data/docs_basic_categories.yml`](data/docs_basic_categories.yml) and [`data/api_basic_categories.yml`](data/api_basic_categories.yml).
On the docs and api index pages, there are more detailed breakdowns of top-level documentation pages within each category [that look like this](https://cl.ly/b05cf42402eb/Screen%20Shot%202018-11-09%20at%2011.43.25%20AM.png). These more detailed category listings can be updated through [`data/docs_detailed_categories.yml`](data/docs_detailed_categories.yml) and [`data/api_detailed_categories.yml`](data/api_detailed_categories.yml).
Finally, within a given docs page, there is a sidebar which displays a fully nested version of all docs pages. This sidebar navigation can be updated through via middleman's layouts, found at [`source/layouts/docs.erb`](source/layouts/docs.erb) and [`source/layouts/api.erb`](source/layouts/api.erb). You will see within these files that it is no longer necessary to type out full nested html list item and link tags, you can simply add the documentation page's slug, defined as `sidebar_current` within the frontmatter of any docs markdown file. The sidebar nav component will go find the page by slug and render out its human-readable title and a link for you. This component does not allow broken links or nesting mistakes, so if you make a typo on the slug or put a page in the wrong category, the build will fail.
This subdirectory contains the entire source for the [Vault Website](https://vaultproject.io/). This is a [NextJS](https://nextjs.org/) project, which builds a static site from these source files.
## Contributions Welcome!
If you find a typo or you feel like you can improve the HTML, CSS, or
JavaScript, we welcome contributions. Feel free to open issues or pull requests
like any normal GitHub project, and we'll merge it in.
If you find a typo or you feel like you can improve the HTML, CSS, or JavaScript, we welcome contributions. Feel free to open issues or pull requests like any normal GitHub project, and we'll merge it in 🚀
## Running the Site Locally
When running the site locally, you can choose between running it directly on your machine, or running it through Docker. Docker has the advantage of requiring only Docker to be installed - no other dependencies are needed on your machine. However, Docker's overhead makes the site's compilation perform much slower than running it directly on your machine. If you are a frequent contributor, are bothered by the performance in Docker, or have no issues with installing ruby and node / already have them installed, it might be an advantage to try running the site directly on your machine. Instructions for both approaches are included below.
The website can be run locally through node.js or Docker. If you choose to run through Docker, everything will be a little bit slower due to the additional overhead, so for frequent contributors it may be worth it to use node. Also if you are a vim user, it's also worth noting that vim's swapfile usage can cause issues for the live reload functionality. In order to avoid these issues, make sure you have run `:set backupcopy=yes` within vim.
### Running the Site with Docker
### With Docker
First, make sure that [docker](docker) is installed. It can be installed in many ways, [the desktop app](docker-desktop) is the simplest. To run the site, clone this repo down, `cd` into the `website` directory, and run `make website`. If it is your first time running the site, the build will take a little longer as it needs to download a docker image and a bunch of dependencies, so maybe go grab a coffee. On subsequent runs, it will be faster as dependencies are cached.
Running the site locally is simple. Provided you have Docker installed, clone this repo, run `make`, and then visit `http://localhost:3000`.
### Running the Site Directly
The docker image is pre-built with all the website dependencies installed, which is what makes it so quick and simple, but also means if you need to change dependencies and test the changes within Docker, you'll need a new image. If this is something you need to do, you can run `make build-image` to generate a local Docker image with updated dependencies, then `make website-local` to use that image and preview.
This site requires a recent version of ruby as well as nodejs to be installed in order to run. There are [many ways to install ruby](https://www.ruby-lang.org/en/documentation/installation/), we recommend [rbenv](rbenv), which has very clear installation instructions in its readme, linked here, and installing ruby version `2.4.3`. Once ruby has been installed, you will need to install `bundler` as well, using `gem install bundler`. Node is quite easy to install [via universal binary](node) or [homebrew](homebrew) if you are a mac user.
### With Node
Once ruby and node have been installed, within this directory, you can run `sh bootstrap.sh` to install all the dependencies needed to run the site, then run `middleman` to start the dev server.
If your local development environment has a supported version (v10.0.0+) of [node installed](https://nodejs.org/en/) you can run:
### Browsing the Site Locally
- `npm install`
- `npm start`
Once you have the local dev server running, head to `http://localhost:4567` in your browser. Note that for some URLs, you may need to append
".html" to make them work (in the navigation).
and then visit `http://localhost:3000`.
[middleman]: https://www.middlemanapp.com
[vault]: https://www.vaultproject.io
[docker]: https://www.docker.com/
[docker-desktop]: https://www.docker.com/products/docker-desktop
[rbenv]: https://github.com/rbenv/rbenv#installation
[node]: https://nodejs.org/en/
[homebrew]: https://brew.sh/
If you pull down new code from github, you should run `npm install` again. Otherwise, there's no need to re-run `npm install` each time the site is run, you can just run `npm start` to get it going.
## Editing Content
Documentation content is written in [Markdown](https://www.markdownguide.org/cheat-sheet/) and you'll find all files listed under the `/pages` directory.
To create a new page with Markdown, create a file ending in `.mdx` in the `pages/` directory. The path in the pages directory will be the URL route. For example, `pages/hello/world.mdx` will be served from the `/hello/world` URL.
This file can be standard Markdown and also supports [YAML frontmatter](https://middlemanapp.com/basics/frontmatter/). YAML frontmatter is optional, there are defaults for all keys.
```yaml
---
title: 'My Title'
description: "A thorough, yet succinct description of the page's contents"
---
```
The significant keys in the YAML frontmatter are:
- `title` `(string)` - This is the title of the page that will be set in the HTML title.
- `description` `(string)` - This is a description of the page that will be set in the HTML description.
> Since `api` is a reserved directory within NextJS, all `/api/**` pages are listed under the `/pages/api-docs` path.
### Editing Sidebars
The structure of the sidebars are controlled by files in the [`/data` directory](data).
- Edit [this file](data/docs-navigation.js) to change the **docs** sidebar
- Edit [this file](data/docs-navigation.js) to change the **api docs** sidebar
To nest sidebar items, you'll want to add a new `category` key/value accompanied by the appropriate embedded `content` values.
- `category` values will be **directory names** within the `pages` directory
- `content` values will be **file names** within their appropriately nested directory.
### Creating New Pages
There is currently a small bug with new page creation - if you create a new page and link it up via subnav data while the server is running, it will report an error saying the page was not found. This can be resolved by restarting the server.
### Deployment
This website is hosted on Netlify and configured to automatically deploy anytime you push code to the `stable-website` branch. Any time a pull request is submitted that changes files within the `website` folder, a deployment preview will appear in the github checks which can be used to validate the way docs changes will look live. Deployments from `stable-website` will look and behave the same way as deployment previews.

28
website/source/netlify-redirects → website/_redirects
View File

@@ -1,11 +1,5 @@
# API landing
/api /api/overview
# Docs landing
/docs /docs/install/index.html
# Intro landing
/intro /intro/getting-started/index.html
/api/* /api-docs/:splat 200
/intro /intro/getting-started
/api/secret/generic/index.html /api/secret/kv
/api/system/renew.html /api/system/leases
@@ -54,7 +48,6 @@
/guides/upgrading/upgrade-to-0.10.4.html /docs/upgrading/upgrade-to-0.10.4
/guides/upgrading/upgrade-to-0.11.0.html /docs/upgrading/upgrade-to-0.11.0
/guides/upgrading/upgrade-to-0.11.2.html /docs/upgrading/upgrade-to-0.11.2
/guides/upgrading/upgrade-to-1.0.html /docs/upgrading/upgrade-to-1.0.0
/docs/http/sys-audit.html /api/system/audit
/docs/http/sys-auth.html /api/system/auth
/docs/http/sys-health.html /api/system/health
@@ -141,7 +134,7 @@
/guides/identity/policy-templating.html https://learn.hashicorp.com/vault/identity-access-management/policy-templating
/guides/identity/authentication.html https://learn.hashicorp.com/vault/identity-access-management/iam-authentication
/guides/identity/approle-trusted-entities.html https://learn.hashicorp.com/vault/identity-access-management/iam-approle-trusted-entities
/guides/identity/lease.html https://learn.hashicorp.com/vault/secrets-management/tokens
/guides/identity/lease.html https://learn.hashicorp.com/vault/secrets-management/sm-lease
/guides/identity/identity.html https://learn.hashicorp.com/vault/identity-access-management/iam-identity
/guides/identity/sentinel.html https://learn.hashicorp.com/vault/identity-access-management/iam-sentinel
/guides/identity/control-groups.html https://learn.hashicorp.com/vault/identity-access-management/iam-control-groups
@@ -176,3 +169,18 @@
/intro/vs/keywhiz.html /docs/vs/keywhiz
/intro/vs/kms.html /docs/vs/kms
/intro/what-is-vault/index.html /docs/what-is-vault
# Intro getting started content -> Learn
/intro/index.html https://learn.hashicorp.com/vault/#getting-started
/intro/getting-started/ https://learn.hashicorp.com/vault/getting-started/install
/intro/getting-started/index.html https://learn.hashicorp.com/vault/getting-started/install
/intro/getting-started/dev-server.html https://learn.hashicorp.com/vault/getting-started/dev-server
/intro/getting-started/first-secret.html https://learn.hashicorp.com/vault/getting-started/first-secret
/intro/getting-started/secrets-engines.html https://learn.hashicorp.com/vault/getting-started/secrets-engines
/intro/getting-started/dynamic-secrets.html https://learn.hashicorp.com/vault/getting-started/dynamic-secrets
/intro/getting-started/help.html https://learn.hashicorp.com/vault/getting-started/help
/intro/getting-started/authentication.html https://learn.hashicorp.com/vault/getting-started/authentication
/intro/getting-started/policies.html https://learn.hashicorp.com/vault/getting-started/policies
/intro/getting-started/deploy.html https://learn.hashicorp.com/vault/getting-started/deploy
/intro/getting-started/apis.html https://learn.hashicorp.com/vault/getting-started/apis
/intro/getting-started/next-steps.html https://learn.hashicorp.com/vault/getting-started/next-steps

57
website/assets/app.js
View File

@@ -1,57 +0,0 @@
const cssStandards = require('spike-css-standards')
const jsStandards = require('spike-js-standards')
const preactPreset = require('babel-preset-preact')
const extendRule = require('postcss-extend-rule')
const webpack = require('webpack')
/* eslint-disable-next-line */
console.log(`Building assets for environment *${process.env.NODE_ENV}*`)
const isProd =
process.env.NODE_ENV === 'production' ||
process.env.NODE_ENV === 'tmp-production'
let utilServerUrl
if (isProd) {
utilServerUrl = 'https://util.hashicorp.com'
} else {
utilServerUrl = 'https://hashicorp-web-util-staging.herokuapp.com'
}
if (process.env.UTIL_SERVER) {
utilServerUrl = process.env.UTIL_SERVER
// remove trailing slash
utilServerUrl = utilServerUrl.replace(/\/$/, '')
/* eslint-disable-next-line */
console.log(`utilServerUrl=${utilServerUrl}`)
}
let segmentWriteKey
if (isProd) {
segmentWriteKey = 'OdSFDq9PfujQpmkZf03dFpcUlywme4sC'
} else {
segmentWriteKey = '0EXTgkNx0Ydje2PGXVbRhpKKoe5wtzcE'
}
module.exports = {
ignore: ['yarn.lock', '**/_*'],
entry: {
'js/main': './js/index.js',
'js/analytics.js': './js/analytics.js',
'js/consent-manager': './js/consent-manager.js'
},
postcss: cssStandards({
appendPlugins: [extendRule()]
}),
plugins: [
new webpack.DefinePlugin({
'process.env.NODE_ENV': JSON.stringify(process.env.NODE_ENV),
utilityServerRoot: JSON.stringify(utilServerUrl),
segmentWriteKey: JSON.stringify(segmentWriteKey)
})
],
babel: jsStandards({ appendPresets: [preactPreset] }),
server: { open: false }
}

83
website/assets/css/_fonts.css
View File

@@ -1,83 +0,0 @@
/* Logo Font (Klavika) */
@font-face {
font-family: 'klavika-web';
src: url('/fonts/klavika/500.woff2') format('woff2'),
url('/fonts/klavika/500.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Display Font (Gilmer) */
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-light.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-light.woff') format('woff');
font-weight: 300;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-regular.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-regular.woff') format('woff');
font-weight: 400;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-medium.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-medium.woff') format('woff');
font-weight: 500;
font-style: normal;
}
@font-face {
font-family: 'gilmer-web';
src: url('/fonts/gilmer/gilmer-bold.woff2') format('woff2'),
url('/fonts/gilmer/gilmer-bold.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Body Font (Metro) */
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-book.woff2') format('woff2'),
url('/fonts/metro/metro-sans-book.woff') format('woff');
font-weight: 300;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-regular.woff2') format('woff2'),
url('/fonts/metro/metro-sans-regular.woff') format('woff');
font-weight: 400;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-semi-bold.woff2') format('woff2'),
url('/fonts/metro/metro-sans-semi-bold.woff') format('woff');
font-weight: 600;
font-style: normal;
}
@font-face {
font-family: 'metro-web';
src: url('/fonts/metro/metro-sans-bold.woff2') format('woff2'),
url('/fonts/metro/metro-sans-bold.woff') format('woff');
font-weight: 700;
font-style: normal;
}
/* Code Font (Deja Vu) */
@font-face {
font-family: "dejavu-sans-mono-web";
src: url("/fonts/dejavu/DejaVuSansMono.woff2") format("woff2"),
url("/fonts/dejavu/DejaVuSansMono.woff") format("woff");
font-style: normal;
font-weight: 400;
}

40
website/assets/css/_inner.css
View File

@@ -1,40 +0,0 @@
.content-wrap {
display: flex;
flex-direction: column;
flex-wrap: wrap;
flex: 1 0 auto;
position: relative;
width: 100%;
@media (min-width: 940px) {
flex-direction: row;
margin-top: 72px;
margin-bottom: 72px;
}
}
#inner {
margin: 64px 0;
overflow: auto;
width: 100%;
@media (min-width: 940px) {
flex: 1;
margin: 0;
}
& .g-content {
@media (max-width: 939px) {
padding-left: 0;
padding-right: 0;
}
& > h1:first-child {
margin-top: 0;
}
}
& .g-section-header {
margin-bottom: 100px;
}
}

133
website/assets/css/_print.css
View File

@@ -1,133 +0,0 @@
@media print {
*,
*:before,
*:after {
background: transparent !important;
box-shadow: none !important;
text-shadow: none !important;
}
/* Hide nav elements from print */
.g-mega-nav,
.g-product-subnav,
.g-footer,
.g-docs-sidenav {
display: none;
}
/* Add border around code blocks */
div.highlight {
border: 1px solid #ddd;
page-break-inside: avoid;
& pre.highlight {
margin: 0;
}
}
/* Hide anchor links */
.anchor {
display: none !important;
}
/* Display link address in brackets */
/* Some overrides here because of the way we handle link hover on screens */
a[href]:after {
content: ' (' attr(href) ')' !important;
font-size: 90%;
position: static !important;
opacity: 1 !important;
text-decoration: none !important;
}
.g-content {
& p code {
/* Restore background grey on inline code */
background: rgba(0, 0, 0, 0.05) !important;
}
& pre code {
color: black !important;
& span {
color: black !important;
}
}
& p {
page-break-inside: avoid !important;
}
/* Let code blocks wrap if needed */
& pre > code {
white-space: normal;
}
}
a,
a:visited {
text-decoration: underline !important;
}
abbr[title]:after {
content: ' (' attr(title) ')';
}
a[href^='#']:after,
a[href^='javascript:']:after {
content: '';
}
pre,
blockquote {
border: 1px solid #999;
page-break-inside: avoid;
}
thead {
display: table-header-group;
}
tr,
img {
page-break-inside: avoid;
}
img {
max-width: 100% !important;
}
p,
h2,
h3 {
orphans: 3;
widows: 3;
page-break-inside: avoid;
}
h2,
h3 {
page-break-after: avoid;
}
.label {
border: 1px solid #000;
}
.table,
#inner table {
border-collapse: collapse !important;
}
.table td,
#inner table td,
.table th,
#inner table th {
background-color: #fff !important;
}
.table-bordered th,
.table-bordered td {
border: 1px solid #ddd !important;
}
}

113
website/assets/css/_secondary-nav.css
View File

@@ -1,113 +0,0 @@
#secondary-nav {
width: 100%;
border-bottom: 1px solid var(--gray-9);
& .g-container {
display: flex;
flex-direction: column;
flex-wrap: nowrap;
justify-content: space-between;
margin: 0 auto;
@media (min-width: 768px) {
flex-direction: row;
align-items: center;
max-width: var(--medium-grid-max-width);
}
@media (min-width: 1120px) {
max-width: var(--site-max-width);
}
}
&.light {
background-color: var(--white);
color: var(--black);
}
&.dark {
background-color: var(--black);
color: var(--white);
}
& ul {
list-style: none;
padding: 0;
margin: 0;
& li {
display: inline-block;
}
}
& .breadcrumbs {
list-style: none;
padding: 0;
margin: 0;
& li {
font-size: 1.25em;
line-height: 1.6;
padding: .625em 0;
& + li:before {
content: "/\00a0";
font-weight: 300;
margin: 0 5px;
}
&:nth-child(odd) {
font-weight: 300;
}
&.active {
font-weight: bold;
}
}
}
& .doc-links {
& li {
font-size: .875em;
line-height: 1.7;
margin: 0 20px;
padding: 0 0 14px;
@media (min-width: 768px) {
padding: 32px 0;
}
&:first-child {
margin-left: 0;
}
&.active {
border-bottom: 3px solid #1563FF;
& a {
opacity: 0.7;
}
}
& a {
color: inherit;
cursor: pointer;
display: block;
text-decoration: none;
transition: opacity .25s ease;
&:hover {
opacity: 0.7s;
}
& svg {
position: relative;
top: 2px;
width: 14px;
height: 14px;
margin-right: 3px;
}
}
}
}
}

351
website/assets/css/_section.css
View File

@@ -1,351 +0,0 @@
@import '@hashicorp/hashi-global-styles/style';
.g-section-block {
padding: 160px 0;
@media (max-width: 1119px) {
padding: 104px 0;
}
@media (max-width: 767px) {
padding: 80px 0;
}
&.theme-white-background-black-text:not(.divider-gray-line)
+ .theme-white-background-black-text {
padding-top: 32px;
}
/* Layout Styles */
&.layout-horizontal {
& > .g-container {
display: flex;
align-items: center;
& > * + * {
margin-left: 96px;
}
}
& .img-container {
flex-shrink: 0;
& img {
align-self: center;
}
}
}
&.layout-vertical {
& > .g-container {
& > * + * {
margin-top: 96px;
@media (max-width: 1119px) {
margin-top: 72px;
}
@media (max-width: 767px) {
margin-top: 56px;
}
}
& > .g-text-and-content + .g-text-and-content {
margin-top: 192px;
@media (max-width: 1119px) {
margin-top: 144px;
}
@media (max-width: 767px) {
margin-top: 112px;
}
}
& > .g-section-header {
& + * {
margin-top: 72px;
@media (max-width: 1119px) {
margin-top: 64px;
}
@media (max-width: 767px) {
margin-top: 40px;
}
}
}
& > * + .btn-container {
margin-top: 40px;
@media (max-width: 767px) {
margin-top: 32px;
}
}
}
}
/* TODO: remove this once new section header is out */
& .g-section-header {
margin: 0 auto;
}
/* Module styles */
& .btn-container {
display: flex;
flex-wrap: wrap;
justify-content: center;
margin: auto -8px -16px;
& > * {
margin: auto 8px 16px;
}
}
& .img-container {
display: flex;
justify-content: center;
& .g-container {
flex-shrink: 0;
width: 100%;
}
& img {
max-width: 100%;
}
& picture {
display: flex;
justify-content: center;
width: 100%;
& img {
object-fit: contain;
font-family: 'object-fit:contain';
flex-shrink: 0;
}
}
}
& .two-col-text-container {
& .g-container {
display: flex;
@media (max-width: 850px) {
flex-direction: column;
}
}
& .left,
& .right {
width: 48%;
flex-shrink: 0;
@media (max-width: 850px) {
width: 100%;
}
& > *:first-child {
margin-top: 0;
}
}
& .left {
margin-right: 4%;
@media (max-width: 850px) {
margin-right: 0;
margin-bottom: 32px;
}
}
& a {
font-weight: 600;
color: inherit;
&:hover {
border-bottom: 1px solid;
opacity: 0.8;
}
}
& h5 {
margin-bottom: 1em;
}
& ul {
list-style: none;
padding-left: 15px;
& li {
display: flex;
align-items: center;
margin-bottom: 5px;
&:before {
content: '';
width: 18px;
height: 18px;
background: url('/img/black-circle-white-check.svg') no-repeat;
background-size: 100%;
margin-right: 10px;
}
}
}
}
& .g-text-and-image {
& .imgwrap {
display: flex;
& picture {
display: flex;
justify-content: center;
width: 100%;
& img {
object-fit: contain;
font-family: 'object-fit:contain';
max-width: 350px;
}
}
}
& .text {
& h2 {
font-size: 1.5rem;
}
& a {
font-weight: 600;
color: white;
padding-bottom: 1px;
&:hover {
border-bottom: 1px solid;
}
}
}
}
& .small-text-tag {
text-align: center;
text-transform: uppercase;
color: #8d9096;
font-size: 0.9rem;
font-weight: 600;
}
& .g-logo-grid.large li {
background-color: white;
}
& .video-container {
max-width: 80%;
margin-left: auto;
margin-right: auto;
}
/* THEMES */
&.theme-terraform-purple-top-gradient {
color: white;
background: linear-gradient(to bottom, #1b212c, #000000);
}
&.theme-dark-blue {
color: white;
background: #1b212d;
}
&.theme-white-background-black-text {
background: white;
color: black;
}
&.theme-black-background-white-text {
background: var(--gray-1);
color: white;
}
&.theme-light-gray {
color: black;
background: #f3f4f6;
}
&.theme-default-blue-gradient {
background: url('/img/backgrounds/partner-cta-bg.svg');
background-position: center center;
background-size: cover;
color: var(--white);
}
&.theme-terraform-purple-gradient {
@extend %gradient-bg;
background: linear-gradient(to right, #695af0, #6b5cf3);
&::before {
background: linear-gradient(to right, #5b48e7, #6b5cf3);
}
}
&.theme-nomad-green-gradient {
@extend %gradient-bg;
background: linear-gradient(to right, #1dbe83, #1ec185);
&::before {
background: linear-gradient(to right, #20c78a, #17c185);
}
}
&.theme-terraform-purple-testimonial-split {
color: white;
position: relative;
overflow: hidden;
&:before {
content: '';
background: linear-gradient(to right, #695af0, #6b5cf3);
width: 100%;
height: 550px;
position: absolute;
top: 0;
left: 0;
}
& .g-container {
position: relative;
}
}
/* DIVIDERS */
&.divider-gray-line {
border-bottom: 1px solid #d9dbdd;
}
&.divider-dark-gray-line {
border-bottom: 1px solid #424242;
}
&.divider-black-down-arrow {
border-bottom: 1px solid #d0d2d5;
position: relative;
&:after {
content: '';
width: 82px;
height: 82px;
background: black url('/img/white-down-chevron.svg') 50% 55% no-repeat;
margin-top: 21px;
border-radius: 50%;
position: absolute;
bottom: -40px;
margin-left: auto;
margin-right: auto;
left: 0;
right: 0;
z-index: 2;
}
}
}

60
website/assets/css/index.css
View File

@@ -1,60 +0,0 @@
@import 'normalize.css';
@import '_fonts';
@import '@hashicorp/hashi-global-styles/style';
/* NPM Preact Components */
@import '@hashicorp/hashi-alert/dist/style.css';
@import '@hashicorp/hashi-button/dist/style.css';
@import '@hashicorp/hashi-case-study-slider/dist/style.css';
@import '@hashicorp/hashi-code-block/dist/style.css';
@import '@hashicorp/hashi-consent-manager/dist/style.css';
@import '@hashicorp/hashi-content/dist/style.css';
@import '@hashicorp/hashi-docs-sidenav/dist/style.css';
@import '@hashicorp/hashi-docs-sitemap/dist/style.css';
@import '@hashicorp/hashi-footer/dist/style.css';
@import '@hashicorp/hashi-hero/dist/style.css';
@import '@hashicorp/hashi-linked-text-summary-list/dist/style.css';
@import '@hashicorp/hashi-logo-grid/dist/style.css';
@import '@hashicorp/hashi-mega-nav/dist/style.css';
@import '@hashicorp/hashi-nav/dist/style.css';
@import '@hashicorp/hashi-newsletter-signup-form/dist/style.css';
@import '@hashicorp/hashi-product-downloader/dist/style.css';
@import '@hashicorp/hashi-product-subnav/dist/style.css';
@import '@hashicorp/hashi-section-header/dist/style.css';
@import '@hashicorp/hashi-split-cta/dist/style.css';
@import '@hashicorp/hashi-text-and-content/dist/style.css';
@import '@hashicorp/hashi-toggle/dist/style.css';
@import '@hashicorp/hashi-use-cases/dist/style.css';
@import '@hashicorp/hashi-vertical-text-block-list/dist/style.css';
/* Local Preact Components */
@import '../js/components/before-after-diagram/style.css';
/* to be removed pending new components */
@import '_inner';
@import '_secondary-nav';
/* Layout */
@import '_section';
/* Pages */
@import 'pages/_docs';
@import 'pages/_section_block';
@import 'pages/_home';
@import 'pages/_use_cases';
@import 'pages/_downloads.css';
/* Print styles */
@import '_print';
.g-text-and-content .image img {
width: 100%;
}
/* Hide Mega Nav on mobile */
nav.g-mega-nav {
display: none;
@media (min-width: 1023px) {
display: block;
}
}

37
website/assets/css/pages/_docs.css
View File

@@ -1,37 +0,0 @@
#sidebar {
& .g-docs-sidebar {
margin-right: 25px;
}
}
#intro {
padding-bottom: 0px;
& .g-section-header {
margin-bottom: 48px;
& h3 {
margin: 1em auto 0 auto;
width: 85%;
}
}
}
#categories {
& .g-linked-text-summary-list {
padding-top: 12px;
padding-bottom: 12px;
}
}
#sitemap {
@media (max-width: 768px) {
display: none;
}
}
#get-started {
@media (max-width: 768px) {
display: none;
}
}

25
website/assets/css/pages/_downloads.css
View File

@@ -1,25 +0,0 @@
#download-vault {
& .content-wrap {
margin-bottom: 118px;
@media (max-width: 1199px) {
margin-bottom: 104px;
}
@media (max-width: 767px) {
margin-bottom: 0px;
}
}
}
#beta1-1-0 {
margin-bottom: 40px;
@media (max-width: 1199px) {
text-align: center;
}
& p:last-child {
margin: 0px;
}
}

78
website/assets/css/pages/_section_block.css
View File

@@ -1,78 +0,0 @@
.g-section-block {
& section {
padding-top: 96px;
padding-bottom: 96px;
@media (max-width: 768px) {
padding-top: 60px;
padding-bottom: 60px;
}
&.gray {
background: #f6f7fa;
}
&.black {
background: var(--black);
color: white;
}
&.no-pad {
padding: 0;
}
/* copied over from www, should be component-ized */
& > * + *,
& > .g-container > * + * {
margin-top: 96px;
@media (max-width: 1119px) {
margin-top: 72px;
}
@media (max-width: 767px) {
margin-top: 56px;
}
}
& > .g-section-header,
& > .g-container > .g-section-header {
& + * {
margin-top: 72px;
@media (max-width: 1119px) {
margin-top: 64px;
}
@media (max-width: 767px) {
margin-top: 40px;
}
}
}
& > * + .button-container,
& > .g-container > * + .button-container {
margin-top: 40px;
@media (max-width: 767px) {
margin-top: 32px;
}
}
}
& .button-container {
display: flex;
flex-wrap: wrap;
justify-content: center;
margin: auto -8px -16px;
& > * {
margin: auto 8px 16px;
}
}
/* Temporary Overrides */
& .g-section-header {
margin: 0 auto;
}
}

72
website/assets/css/pages/_use_cases.css
View File

@@ -1,72 +0,0 @@
@import '@hashicorp/hashi-global-styles/_variables.css';
#use-cases {
& .g-section-block section.pad-bottom {
padding-bottom: 144px;
}
& .g-logo-grid li img {
max-height: 50%;
max-width: 50%;
}
& .g-section-block.page-wrap {
padding-top: 0;
padding-bottom: 0;
}
& .g-section-block.g-cta-section {
align-items: center;
background: var(--vault-gray-dark);
display: flex;
justify-content: center;
padding-left: 15px;
padding-right: 15px;
position: relative;
text-align: center;
color: var(--white);
& h2 {
margin-top: 0;
}
& .g-btn.white {
background: var(--white);
border: 2px solid var(--white);
color: var(--vault-gray-dark);
&:hover {
background-color: var(--vault-gray);
border-color: var(--vault-gray);
color: var(--white);
& path {
fill: var(--white);
}
}
}
& .g-btn.download svg {
margin: 0 4px -4px 0;
}
& .g-btn.download svg path {
transition: fill 0.25s ease;
}
& .g-btn + .g-btn {
margin-left: 18px;
}
& .g-btn.white-outline {
background: none;
border: 2px solid var(--white);
color: var(--white);
&:hover {
background-color: var(--white);
color: var(--vault-gray-dark);
}
}
}
}

BIN
website/assets/files/press-kit.zip
View File

Binary file not shown.

101
website/assets/js/analytics.js
View File

@@ -1,101 +0,0 @@
import { each } from './utils'
/* Segment's analytics.js provides a ready() function that is called once tracking is up and running */
/* Some clients block analytics.js, so to prevent errors, we assign noop functions if window.analytics isn't present */
window.analytics.ready(() => {
const analytics = window.analytics || {
trackLink: () => {},
track: () => {},
mock: true
}
// Track all button clicks
track(
'[data-ga-button]',
el => {
return {
event: 'Click',
category: 'Button',
label: el.getAttribute('data-ga-button')
}
},
true
)
// Track product subnav link clicks
track(
'[data-ga-product-subnav]',
el => {
return {
event: 'Click',
category: 'Product Subnav Navigation',
label: el.getAttribute('data-ga-product-subnav')
}
},
true
)
// Track meganav link clicks
track(
'[data-ga-meganav]',
el => {
return {
event: 'Click',
category: 'Meganav Navigation',
label: el.getAttribute('data-ga-meganav')
}
},
true
)
// Track footer link clicks
track(
'[data-ga-footer]',
el => {
return {
event: 'Click',
category: 'Footer Navigation',
label: el.getAttribute('data-ga-footer')
}
},
true
)
// Track outbound links
track(
'a[href^="http"]:not([href^="http://vaultproject.io"]):not([href^="https://vaultproject.io"]):not([href^="http://www.vaultproject.io"]):not([href^="https://www.vaultproject.io"])',
el => {
return {
event: `Outbound Link | ${window.location.pathname}`,
category: 'Outbound link',
label: el.href
}
},
true
)
// Note: Downloads are tracked from within the Product Downloader component
/**
* Wrapper for segment's track function that will track multiple elements,
* normalize parameters, and easily switch between tracking links or events.
* @param {String} selector - query selector, multi element compatible
* @param {Function} cb - optional function that should return params, and will receive the element as a parameter
* @param {Boolean} [link=false] - if true, tracks a link click
*/
function track(selector, cb, link = false) {
each(document.querySelectorAll(selector), el => {
let params = cb
if (typeof cb === 'function') params = cb(el)
const event = params.event
delete params.event
if (link) {
analytics.trackLink(el, event, params)
} else {
el.addEventListener('click', () => {
analytics.track(event, params)
})
}
})
}
})

32
website/assets/js/components/before-after-diagram/alert-icon.js
View File

@@ -1,32 +0,0 @@
const { h } = require('preact')
module.exports = function AlertIcon() {
return (
<svg
width="24"
height="24"
viewBox="0 0 24 24"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
fillRule="evenodd"
clipRule="evenodd"
d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z"
fill="white"
stroke="#E80134"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M12 8V12"
stroke="#E80134"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
<circle cx="12" cy="16" r="1" fill="#E80134" />
</svg>
)
}

27
website/assets/js/components/before-after-diagram/check-icon.js
View File

@@ -1,27 +0,0 @@
const { h } = require('preact')
module.exports = function CheckIcon() {
return (
<svg
width="24"
height="24"
viewBox="0 0 24 24"
fill="none"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M12 23C5.92487 23 0.999999 18.0751 0.999999 12C1 5.92487 5.92487 0.999999 12 0.999999C18.0751 1 23 5.92487 23 12C23 18.0751 18.0751 23 12 23Z"
fill="black"
stroke="black"
strokeWidth="2"
/>
<path
d="M16.6663 9.08203L10.2497 15.4987L7.33301 12.582"
stroke="white"
strokeWidth="2"
strokeLinecap="round"
strokeLinejoin="round"
/>
</svg>
)
}

94
website/assets/js/components/before-after-diagram/index.js
View File

@@ -1,94 +0,0 @@
const { h, Component } = require('preact')
const { decode } = require('reshape-preact-components')
const marked = require('8fold-marked')
const Image = require('@hashicorp/hashi-image').default
const AlertIcon = require('./alert-icon')
const CheckIcon = require('./check-icon')
module.exports = class BeforeAfterDiagram extends Component {
render() {
const data = decode(this.props._data)
const markedOptions = this.generateMarkedOptions()
return (
<div class={`g-before-after-diagrams ${data.theme}`}>
<div class="before">
<div class="image">
<div>
<Image src={data.before_image.url} svg="true" />
</div>
</div>
<div class="content">
<span class="line">
<span />
<AlertIcon />
<span />
</span>
<div>
{data.before_headline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(data.before_headline, [])
}}
/>
)}
{data.before_content && (
<div
dangerouslySetInnerHTML={{
__html: marked(data.before_content, markedOptions)
}}
/>
)}
</div>
</div>
</div>
<div class="after">
<div class="image">
<div>
<Image src={data.after_image.url} svg="true" />
</div>
</div>
<div class="content">
<div class="line">
<CheckIcon />
</div>
<div>
{data.after_headline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(data.after_headline, [])
}}
/>
)}
{data.after_content && (
<div
dangerouslySetInnerHTML={{
__html: marked(data.after_content, markedOptions)
}}
/>
)}
</div>
</div>
</div>
</div>
)
}
generateMarkedOptions() {
const markedRenderer = new marked.Renderer()
markedRenderer.heading = function(text, level) {
return `<h${level} class="g-type-label">${text}</h${level}>`
}
markedRenderer.paragraph = function(text) {
return `<p class="g-type-body">${text}</p>`
}
markedRenderer.list = function(text) {
return `<ul class="g-type-body">${text}</ul>`
}
return { renderer: markedRenderer }
}
}

24
website/assets/js/index.js
View File

@@ -1,24 +0,0 @@
// components
import { each, initializeComponents } from './utils'
// external components
import nav from '@hashicorp/hashi-nav'
import footer from '@hashicorp/hashi-footer'
import newsletterSignupForm from '@hashicorp/hashi-newsletter-signup-form'
import productSubnav from '@hashicorp/hashi-product-subnav'
import megaNav from '@hashicorp/hashi-mega-nav'
import productDownloader from '@hashicorp/hashi-product-downloader'
import hero from '@hashicorp/hashi-hero'
import docsSidenav from '@hashicorp/hashi-docs-sidenav'
import consentManager from '@hashicorp/hashi-consent-manager'
const components = initializeComponents({
nav,
footer,
newsletterSignupForm,
productSubnav,
megaNav,
productDownloader,
hero,
docsSidenav,
consentManager
})

70
website/assets/js/utils.js
View File

@@ -1,70 +0,0 @@
import { render } from 'preact'
import { hydrateInitialState } from 'reshape-preact-components/lib/browser'
// rehydrates and initializes top-level preact components
export function initializeComponents(obj) {
const res = {}
for (let k in obj) {
const name = getName(k)
res[name] = []
each(document.querySelectorAll(`.g-${name}`), el => {
// do not initialize nested components
const matches = Object.keys(obj)
.map(getName)
.reduce((m, name) => {
const parent = findParent(el, `.g-${name}`)
if (parent) m.push(parent)
return m
}, [])
if (matches.length > 1) return
// if there's no data-state, don't try
if (!el.dataset.state || !el.dataset.state.length) {
return
}
// otherwise, initialize away
const vdom = hydrateInitialState(el.dataset.state, {
[`hashi-${name}`]: obj[k]
})
res[name].push(render(vdom, el.parentElement, el))
})
}
return res
function getName(s) {
return s.replace(/([A-Z])/g, '-$1').toLowerCase()
}
}
// iterates through a NodeList
export function each(list, cb) {
for (let i = 0; i < list.length; i++) {
cb(list[i], i)
}
}
// polyfills object-fit in unsupported browsers
export function fixObjectFit() {
if (Modernizr.objectfit) {
import('object-fit-images').then(ofi => {
ofi.default()
})
}
}
// given an element and selector, finds the closest parent element. doesn't
// handle attribute selectors, just class, id, and element name
export function findParent(el, selector) {
const firstChar = selector[0]
if (firstChar === '.') {
if (el.classList.contains(selector.substr(1))) return el
} else if (firstChar === '#') {
if (el.id === selector.substr(1)) return el
} else {
if (el.tagName.toLowerCase() === selector) return el
}
if (!el.parentNode.tagName) return undefined
return findParent(el.parentNode, selector)
}

11632
website/assets/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

67
website/assets/package.json
View File

@@ -1,67 +0,0 @@
{
"name": "middleman-spike-assets",
"description": "simple config to use postcss and webpack for asset processing",
"version": "0.0.0",
"author": "Jeff Escalante",
"main": "app.js",
"dependencies": {
"8fold-marked": "^0.3.8",
"@hashicorp-tmp/consent-manager": "^0.0.5",
"@hashicorp/hashi-alert": "^2.0.0",
"@hashicorp/hashi-button": "^2.0.0",
"@hashicorp/hashi-case-study-slider": "^2.3.0",
"@hashicorp/hashi-code-block": "^1.2.0",
"@hashicorp/hashi-consent-manager": "^2.0.0",
"@hashicorp/hashi-content": "^2.0.1",
"@hashicorp/hashi-docs-sidenav": "^2.0.0",
"@hashicorp/hashi-docs-sitemap": "^0.1.6",
"@hashicorp/hashi-footer": "^2.0.2",
"@hashicorp/hashi-ga-form-fields": "1.0.2",
"@hashicorp/hashi-global-styles": "^2.0.3",
"@hashicorp/hashi-hero": "^4.0.0",
"@hashicorp/hashi-image": "1.0.5",
"@hashicorp/hashi-linked-text-summary-list": "^1.0.1",
"@hashicorp/hashi-logo-grid": "^2.4.1",
"@hashicorp/hashi-mega-nav": "2.0.0",
"@hashicorp/hashi-nav": "^1.1.2",
"@hashicorp/hashi-newsletter-signup-form": "^2.0.0",
"@hashicorp/hashi-product-downloader": "^1.0.0",
"@hashicorp/hashi-product-subnav": "^1.0.1",
"@hashicorp/hashi-section-header": "^5.0.0",
"@hashicorp/hashi-split-cta": "^1.0.0",
"@hashicorp/hashi-text-and-content": "^1.1.0",
"@hashicorp/hashi-toggle": "0.2.3",
"@hashicorp/hashi-use-cases": "^1.0.1",
"@hashicorp/hashi-vertical-text-block-list": "^1.0.0",
"@hashicorp/js-utils": "^1.0.0",
"@hashicorp/localstorage-polyfill": "^1.0.3",
"@segment/in-eu": "^0.2.1",
"@segment/top-domain": "^3.0.0",
"color-contrast": "^0.0.1",
"highlight.js": "^9.15.10",
"js-cookie": "^2.2.0",
"marked": "^0.5.1",
"normalize.css": "^8.0.0",
"object-assign": "^4.1.1",
"object-fit-images": "^3.2.4",
"postcss-extend-rule": "^2.0.0",
"preact": "^8.3.1",
"promise-polyfill": "^8.1.0",
"query-string": "^5.1.1",
"reshape-preact-components": "^0.6.0",
"siema": "^1.5.1",
"slugify": "^1.3.1",
"strftime": "^0.10.0",
"tippy.js": "^3.0.6",
"unfetch": "^4.0.1"
},
"devDependencies": {
"babel-preset-preact": "^1.1.0",
"babel-register": "^6.26.0",
"node-fetch": "^2.2.1",
"spike": "^2.3.0",
"spike-css-standards": "^4.0.0",
"spike-js-standards": "^2.1.0",
"webpack-bundle-analyzer": "^3.0.3"
}
}

42
website/assets/reshape.js
View File

@@ -1,42 +0,0 @@
const button = require('@hashicorp/hashi-button')
const caseStudySlider = require('@hashicorp/hashi-case-study-slider')
const consentManager = require('@hashicorp/hashi-consent-manager')
const content = require('@hashicorp/hashi-content')
const docsSidenav = require('@hashicorp/hashi-docs-sidenav')
const docsSitemap = require('@hashicorp/hashi-docs-sitemap')
const footer = require('@hashicorp/hashi-footer')
const hero = require('@hashicorp/hashi-hero')
const linkedTextSummaryList = require('@hashicorp/hashi-linked-text-summary-list')
const megaNav = require('@hashicorp/hashi-mega-nav')
const nav = require('@hashicorp/hashi-nav')
const productDownloader = require('@hashicorp/hashi-product-downloader')
const productSubnav = require('@hashicorp/hashi-product-subnav')
const sectionHeader = require('@hashicorp/hashi-section-header')
const splitCta = require('@hashicorp/hashi-split-cta')
const textAndContent = require('@hashicorp/hashi-text-and-content')
const useCases = require('@hashicorp/hashi-use-cases')
const verticalTextBlockList = require('@hashicorp/hashi-vertical-text-block-list')
const beforeAfterDiagram = require('./js/components/before-after-diagram')
module.exports = {
'hashi-button': button,
'hashi-case-study-slider': caseStudySlider,
'hashi-consent-manager': consentManager,
'hashi-content': content,
'hashi-docs-sidenav': docsSidenav,
'hashi-docs-sitemap': docsSitemap,
'hashi-footer': footer,
'hashi-hero': hero,
'hashi-linked-text-summary-list': linkedTextSummaryList,
'hashi-mega-nav': megaNav,
'hashi-nav': nav,
'hashi-product-downloader': productDownloader,
'hashi-product-subnav': productSubnav,
'hashi-section-header': sectionHeader,
'hashi-split-cta': splitCta,
'hashi-text-and-content': textAndContent,
'hashi-use-cases': useCases,
'hashi-vertical-text-block-list': verticalTextBlockList,
'hashi-before-after': beforeAfterDiagram
}

7314
website/assets/yarn.lock
View File

File diff suppressed because it is too large Load Diff

4
website/babel.config.js Normal file
View File

@@ -0,0 +1,4 @@
module.exports = {
presets: ['next/babel'],
plugins: ['import-glob-array']
}

6
website/bootstrap.sh
View File

@@ -1,6 +0,0 @@
echo "==> installing bundler and middleman"
gem install bundler middleman --no-ri --no-rdoc
echo "==> installing ruby dependencies"
bundle
echo "==> installing node dependencies"
cd assets && npm install

1
website/components/before-after-diagram/img/alert-icon.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="24" height="24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 22c5.523 0 10-4.477 10-10S17.523 2 12 2 2 6.477 2 12s4.477 10 10 10z" fill="#fff" stroke="#E80134"/><path d="M12 8v4" stroke="#E80134"/><circle cx="12" cy="16" r="1" fill="#E80134"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 276 B

1
website/components/before-after-diagram/img/alert-triangle.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><path stroke="#D2D4DB" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M8.575 4.048L1.517 15.832a1.667 1.667 0 001.425 2.5h14.116a1.667 1.667 0 001.425-2.5L11.425 4.048a1.667 1.667 0 00-2.85 0z" clip-rule="evenodd"/><path stroke="#E80134" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M10 8.332v3.333"/><circle cx="10" cy="15.001" fill="#E80134" r=".833"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 481 B

1
website/components/before-after-diagram/img/check-circle-blue.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="19" fill="none"><path stroke="#D2D4DB" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M15.75 9.928v.698a7.5 7.5 0 11-4.447-6.855"/><path stroke="#1563FF" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M16.5 3.875l-8.25 8.25L6 9.875"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 345 B

1
website/components/before-after-diagram/img/check-circle.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="none"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M15.75 9.053v.698a7.5 7.5 0 11-4.447-6.855"/><path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M16.5 3l-8.25 8.25L6 9"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 304 B

1
website/components/before-after-diagram/img/check-icon.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="24" height="24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12 23C5.925 23 1 18.075 1 12S5.925 1 12 1s11 4.925 11 11-4.925 11-11 11z" fill="#000" stroke="#000"/><path d="M16.666 9.082l-6.416 6.417-2.917-2.917" stroke="#fff"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 256 B

108
website/components/before-after-diagram/index.jsx Normal file
View File

@@ -0,0 +1,108 @@
import marked from 'marked'
import Image from '@hashicorp/react-image'
import alertIcon from './img/alert-icon.svg?include'
import checkIcon from './img/check-icon.svg?include'
function BeforeAfterDiagram(props) {
const markedOptions = generateMarkedOptions()
const {
theme,
beforeHeadline,
beforeContent,
beforeImage,
afterHeadline,
afterContent,
afterImage
} = props
return (
<div className={`g-before-after-diagrams ${theme}`}>
<div className="before">
<div className="image">
<div>
<Image {...beforeImage} />
</div>
</div>
<div className="content">
<span className="line">
<span />
<div
dangerouslySetInnerHTML={{
__html: alertIcon
}}
/>
<span />
</span>
<div>
{beforeHeadline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(beforeHeadline, [])
}}
/>
)}
{beforeContent && (
<div
className="g-type-body-small"
dangerouslySetInnerHTML={{
__html: marked(beforeContent, markedOptions)
}}
/>
)}
</div>
</div>
</div>
<div className="after">
<div className="image">
<div>
<Image {...afterImage} />
</div>
</div>
<div className="content">
<div className="line">
<div
dangerouslySetInnerHTML={{
__html: checkIcon
}}
/>
</div>
<div>
{afterHeadline && (
<h3
className="g-type-display-3"
dangerouslySetInnerHTML={{
__html: marked.inlineLexer(afterHeadline, [])
}}
/>
)}
{afterContent && (
<div
dangerouslySetInnerHTML={{
__html: marked(afterContent, markedOptions)
}}
/>
)}
</div>
</div>
</div>
</div>
)
}
export default BeforeAfterDiagram
function generateMarkedOptions() {
const markedRenderer = new marked.Renderer()
markedRenderer.heading = function(text, level) {
return `<h${level} class="g-type-label">${text}</h${level}>`
}
markedRenderer.paragraph = function(text) {
return `<p class="g-type-body-small">${text}</p>`
}
markedRenderer.list = function(text) {
return `<ul class="g-type-body-small">${text}</ul>`
}
return { renderer: markedRenderer }
}

131
website/assets/js/components/before-after-diagram/style.css → website/components/before-after-diagram/style.css
View File

@@ -94,7 +94,7 @@
}
& .content {
border: 1px solid var(--gray-9);
border: 1px solid var(--DEPRECATED-gray-9);
padding: 24px 32px 20px;
position: relative;
flex-grow: 1;
@@ -123,7 +123,7 @@
&:before {
border-color: rgba(229, 230, 235, 0);
border-bottom-color: var(--gray-9);
border-bottom-color: var(--DEPRECATED-gray-9);
border-width: 18px;
margin-left: -18px;
}
@@ -152,7 +152,7 @@
}
& h3 {
border-bottom: 1px solid var(--gray-9);
border-bottom: 1px solid var(--DEPRECATED-gray-9);
color: var(--black);
margin: 0 0 24px;
padding-bottom: 24px;
@@ -161,10 +161,6 @@
& h4 {
display: block;
font-size: 0.75rem;
font-weight: var(--font-weight-bold);
letter-spacing: 0.5px;
line-height: 1.125rem;
margin: 24px 0 26px;
text-transform: uppercase;
}
@@ -216,7 +212,7 @@
background-image: linear-gradient(
90deg,
rgba(210, 212, 219, 0) 0%,
var(--gray-8) 100%
var(--DEPRECATED-gray-8) 100%
);
right: calc(50% + 20px);
width: calc(50% + 140px);
@@ -225,7 +221,7 @@
background-image: linear-gradient(
180deg,
rgba(210, 212, 219, 0) 0%,
var(--gray-8) 100%
var(--DEPRECATED-gray-8) 100%
);
height: 245px;
right: auto;
@@ -237,7 +233,7 @@
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--DEPRECATED-gray-8) 0%,
var(--black) 100%
);
left: calc(50% + 20px);
@@ -245,7 +241,7 @@
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--DEPRECATED-gray-8) 0%,
var(--black) 100%
);
height: calc(100% + 375px);
@@ -298,121 +294,14 @@
}
/*
* TERRAFORM THEME
* VAULT THEME
*/
&.terraform {
& .line span {
&:first-child {
background-image: linear-gradient(
90deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
}
}
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--terraform-purple) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--terraform-purple) 100%
);
}
&:after {
border-color: transparent transparent transparent
var(--terraform-purple);
border-style: solid;
border-width: 5.5px 0 5.5px 8px;
}
}
}
&.vault {
& .after {
& li:before {
background: url('/img/icons/check-circle-purple.svg');
background: url('/img/icons/check-circle-blue.svg');
height: 19px;
}
.line {
svg,
path:first-child {
fill: var(--terraform-purple);
stroke: var(--terraform-purple);
}
}
}
}
/*
* CONSUL THEME
*/
&.consul {
& .line span {
&:first-child {
background-image: linear-gradient(
90deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
rgba(95, 67, 233, 0) 0%,
var(--gray-8) 100%
);
}
}
&:last-child {
background-image: linear-gradient(
90deg,
var(--gray-8) 0%,
var(--consul-pink) 100%
);
@media (max-width: 767px) {
background-image: linear-gradient(
180deg,
var(--gray-8) 0%,
var(--consul-pink) 100%
);
}
&:after {
border-color: transparent transparent transparent var(--consul-pink);
border-style: solid;
border-width: 5.5px 0 5.5px 8px;
}
}
}
& .after {
& li:before {
background: url('/img/icons/check-circle-pink.svg');
height: 19px;
}
.line {
svg,
path:first-child {
fill: var(--consul-pink);
stroke: var(--consul-pink);
}
}
}
}
}

65
website/components/default-head-tags/index.jsx Normal file
View File

@@ -0,0 +1,65 @@
import Head from 'next/head'
export default function DefaultHeadTags() {
return (
<Head>
<title key="title">Vault by HashiCorp</title>
<meta charSet="utf-8" />
<meta httpEquiv="x-ua-compatible" content="ie=edge" />
{/* ref: https://www.phpied.com/minimum-viable-sharing-meta-tags/ */}
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="website" />
<meta
property="og:site_name"
content="Vault by HashiCorp"
key="og-name"
/>
<meta name="twitter:site" content="@HashiCorp" />
<meta name="twitter:card" content="summary_large_image" />
<meta
property="article:publisher"
content="https://www.facebook.com/HashiCorp/"
/>
<meta
name="description"
property="og:description"
content="Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, auditing, and provides secrets as a service through a unified API."
key="description"
/>
<meta
property="og:image"
content="https://www.vaultproject.io/img/og-image.png"
key="image"
/>
<link
sizes="16x16"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=16&w=16"
/>
<link
sizes="32x32"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=32&w=32"
/>
<link
sizes="96x96"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=96&w=96"
/>
<link
sizes="192x192"
type="image/png"
rel="icon"
href="https://www.datocms-assets.com/2885/1527033389-favicon.png?h=192&w=192"
/>
<link rel="stylesheet" href="/css/nprogress.css"></link>
<link
href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&display=swap"
rel="stylesheet"
/>
</Head>
)
}

1
website/components/docs-page/img/github-icon.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="23" height="22" xmlns="http://www.w3.org/2000/svg"><path d="M11.608.342C5.535.342.61 5.162.61 11.108c0 4.757 3.152 8.792 7.523 10.215.55.1.751-.233.751-.518 0-.256-.01-.933-.015-1.831-3.06.65-3.705-1.444-3.705-1.444-.5-1.243-1.222-1.574-1.222-1.574-.998-.668.076-.655.076-.655 1.104.076 1.685 1.11 1.685 1.11.981 1.645 2.575 1.17 3.201.894.1-.695.385-1.17.699-1.439-2.443-.271-5.011-1.195-5.011-5.32 0-1.176.429-2.137 1.132-2.89-.113-.272-.49-1.367.108-2.849 0 0 .924-.289 3.025 1.104.877-.24 1.819-.358 2.754-.363.934.005 1.875.124 2.754.363 2.1-1.393 3.022-1.104 3.022-1.104.6 1.482.222 2.577.11 2.85.705.752 1.13 1.713 1.13 2.888 0 4.136-2.572 5.046-5.022 5.313.394.332.746.99.746 1.994 0 1.438-.013 2.6-.013 2.953 0 .288.198.623.756.518 4.368-1.427 7.516-5.46 7.516-10.215 0-5.946-4.925-10.766-11-10.766" fill="#161514" fill-rule="evenodd"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 863 B

60
website/components/docs-page/index.jsx Normal file
View File

@@ -0,0 +1,60 @@
import DocsSidenav from '@hashicorp/react-docs-sidenav'
import Content from '@hashicorp/react-content'
import InlineSvg from '@hashicorp/react-inline-svg'
import githubIcon from './img/github-icon.svg?include'
import Link from 'next/link'
import Head from 'next/head'
export default function DocsPage({
children,
path,
orderData,
frontMatter,
category,
pageMeta
}) {
return (
<div id="p-docs">
<Head>
<title key="title">{pageMeta.page_title} | Vault by HashiCorp</title>
{pageMeta.description && (
<meta
name="description"
property="og:description"
content={pageMeta.description}
key="description"
/>
)}
</Head>
<div className="content-wrap g-container">
<div id="sidebar" role="complementary">
<div className="nav docs-nav">
<DocsSidenav
currentPage={path}
category={category}
order={orderData}
data={frontMatter}
Link={Link}
/>
</div>
</div>
<div id="inner" role="main">
<Content product="vault" content={children} />
</div>
</div>
<div id="edit-this-page" className="g-container">
<a
href={`https://github.com/hashicorp/vault/blob/master/website/pages/${pageMeta.__resourcePath}`}
>
<InlineSvg src={githubIcon} />
<span>Edit this page</span>
</a>
</div>
</div>
)
}
export async function getInitialProps({ asPath }) {
return { path: asPath }
}

77
website/components/docs-page/style.css Normal file
View File

@@ -0,0 +1,77 @@
#p-docs {
& .content-wrap {
display: flex;
flex-direction: column;
flex-wrap: wrap;
flex: 1 0 auto;
position: relative;
width: 100%;
@media (min-width: 940px) {
flex-direction: row;
margin-top: 72px;
margin-bottom: 24px;
}
}
& #inner {
margin: 64px 0;
overflow: auto;
width: 100%;
@media (min-width: 940px) {
flex: 1;
margin: 0;
}
& .g-content {
@media (max-width: 939px) {
padding-left: 0;
padding-right: 0;
}
& > h1:first-child {
margin-top: 0;
}
}
& .g-section-header {
margin-bottom: 100px;
}
/* TODO: this should be applied in global styles, temporary override here */
& pre,
& code {
font-size: 0.875em;
}
& pre code {
font-size: 1em;
}
}
& #edit-this-page {
margin-bottom: 48px;
display: flex;
justify-content: flex-end;
& a {
color: var(--gray-1);
display: flex;
align-items: center;
opacity: 0.5;
transition: opacity 0.4s ease;
padding-right: 32px;
&:hover {
opacity: 1;
}
& > div {
margin-right: 9px;
width: 23px;
height: 22px;
}
}
}
}

1
website/components/subnav/img/carat.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="8" height="5" fill="none"><path stroke="#000" d="M1 1l3 3 3-3"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 82 B

1
website/components/subnav/img/download.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="14" height="16"><path d="M6.734 11.047a.667.667 0 00.944 0l2.666-2.666a.666.666 0 10-.943-.943L7.873 8.967V1.243a.666.666 0 10-1.334 0v7.724L5.011 7.438a.666.666 0 10-.943.943l2.666 2.666zm7.139.196v2c0 1.102-.897 2-2 2H2.54c-1.103 0-2-.898-2-2v-2a.666.666 0 111.333 0v2c0 .367.299.666.667.666h9.333a.667.667 0 00.667-.666v-2a.666.666 0 111.333 0z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 368 B

1
website/components/subnav/img/github.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="20" height="20"><path d="M9.97.271C4.464.271 0 4.736 0 10.241c0 4.404 2.875 8.134 6.789 9.48.49.061.673-.245.673-.49V17.52c-2.753.612-3.364-1.345-3.364-1.345-.428-1.162-1.101-1.468-1.101-1.468-.917-.612.061-.612.061-.612.979.061 1.53 1.04 1.53 1.04.917 1.529 2.323 1.1 2.874.856a2.13 2.13 0 01.611-1.345C5.872 14.4 3.547 13.544 3.547 9.69c0-1.1.367-1.957 1.04-2.69-.061-.184-.428-1.224.122-2.57 0 0 .857-.244 2.753 1.04.795-.244 1.651-.306 2.507-.306.857 0 1.713.123 2.508.306 1.896-1.284 2.752-1.04 2.752-1.04.55 1.346.184 2.386.123 2.63a3.956 3.956 0 011.04 2.692c0 3.853-2.325 4.648-4.527 4.893.367.305.673.917.673 1.834v2.753c0 .244.184.55.673.489A9.98 9.98 0 0020 10.241C19.939 4.736 15.474.27 9.97.27z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 728 B

203
website/components/subnav/index.jsx Normal file
View File

@@ -0,0 +1,203 @@
import React, { Component } from 'react'
import Link from 'next/link'
import LinkWrap from '@hashicorp/react-link-wrap'
import InlineSvg from '@hashicorp/react-inline-svg'
import caratIcon from './img/carat.svg?include'
import downloadIcon from './img/download.svg?include'
import githubIcon from './img/github.svg?include'
class ProductSubnav extends Component {
constructor(props) {
super(props)
this.state = {
fixNav: true,
menuOpen: false
}
this.toggleMenu = this.toggleMenu.bind(this)
this.openSubmenu = this.openSubmenu.bind(this)
this.closeSubmenu = this.closeSubmenu.bind(this)
}
toggleMenu() {
this.setState({ menuOpen: !this.state.menuOpen })
}
openSubmenu(e) {
const dropdown = e.currentTarget.nextElementSibling
dropdown && dropdown.classList.add('open')
}
closeSubmenu(e) {
e.currentTarget.parentElement.classList.remove('open')
}
render() {
const {
rootUrl,
buttonText,
hideDownloadIcon,
buttonExternal,
links
} = this.props
const currentProduct = {
slug: 'vault',
siteUrl: 'https://www.vaultproject.io',
downloadUrl: '/downloads',
githubUrl: 'https://github.com/hashicorp/vault',
colorLogo: {
url: 'https://www.datocms-assets.com/2885/1509990185-vault-dark.svg',
alt: 'Vault Logo'
}
}
return (
<div className={`g-product-subnav ${currentProduct.slug}`}>
<div className={`wrapper${this.state.fixed ? ' fixed' : ''}`}>
<div className="g-container">
<div className="logo-wrapper">
<div className="logo">
<Link href="/">
<a
data-ga-product-subnav={`Product logo | ${currentProduct.slug}`}
>
<img
src={currentProduct.colorLogo.url}
alt={currentProduct.colorLogo.alt}
/>
<h4>
{currentProduct.slug.charAt(0).toUpperCase() +
currentProduct.slug.slice(1)}
</h4>
</a>
</Link>
</div>
</div>
<div
className={`toggle${currentProduct.downloadUrl ? ' center' : ''}${
this.state.menuOpen ? ' open' : ''
}`}
>
<span onClick={this.toggleMenu}>
<InlineSvg src={caratIcon} />
</span>
</div>
<div
className={`links-wrapper${this.state.menuOpen ? ' open' : ''}`}
>
<div className="links g-type-body-small-strong">
<ul>
{links.map(link => {
if (link.title === '|')
return <li className="divider" key="divider" />
return link.links ? (
<li className="dropdown" key={link.title}>
<span onClick={this.openSubmenu}>
{link.title}
<InlineSvg src={caratIcon} />
</span>
<ul>
<li className="close" onClick={this.closeSubmenu}>
<span>
<InlineSvg src={caratIcon} /> Back
</span>
</li>
<li className="name">{link.title}</li>
{link.links.map(sublink => (
<li key={sublink.title}>
<LinkWrap
Link={Link}
href={resolveLocalUrl(rootUrl, sublink.url)}
{...(sublink.external && {
rel: 'noopener',
target: '_blank'
})}
data-ga-product-subnav={`Subnav sublink | ${sublink.title}`}
>
{sublink.title}
</LinkWrap>
</li>
))}
</ul>
</li>
) : (
<li key={link.url}>
<LinkWrap
Link={Link}
href={resolveLocalUrl(rootUrl, link.url)}
onClick={this.toggleMenu}
{...(link.external && {
rel: 'noopener',
target: '_blank'
})}
data-ga-product-subnav={`Subnav link | ${link.title}`}
>
{link.title}
</LinkWrap>
</li>
)
})}
</ul>
<div className="ctas-mobile">
{currentProduct.githubUrl && (
<a className="github g-btn" href={currentProduct.githubUrl}>
<InlineSvg src={githubIcon} /> GitHub
</a>
)}
{currentProduct.downloadUrl && (
<LinkWrap
Link={Link}
className="download g-btn variant-primary brand-vault background-light"
href={resolveLocalUrl(
rootUrl,
currentProduct.downloadUrl
)}
data-ga-product-subnav={`Download mobile | ${currentProduct.slug}`}
{...(buttonExternal && {
rel: 'noopener',
target: '_blank'
})}
>
{!hideDownloadIcon && <InlineSvg src={downloadIcon} />}
<span>{buttonText || 'Download'}</span>
</LinkWrap>
)}
</div>
</div>
</div>
<div className="ctas">
{currentProduct.githubUrl && (
<a className="github" href={currentProduct.githubUrl}>
<InlineSvg src={githubIcon} />
</a>
)}
{currentProduct.downloadUrl && (
<LinkWrap
Link={Link}
className="download g-btn variant-primary brand-vault background-light"
href={resolveLocalUrl(rootUrl, currentProduct.downloadUrl)}
data-ga-product-subnav={`Download desktop | ${currentProduct.slug}`}
{...(buttonExternal && { rel: 'noopener', target: '_blank' })}
>
{!hideDownloadIcon && <InlineSvg src={downloadIcon} />}
<span>{buttonText || 'Download'}</span>
</LinkWrap>
)}
</div>
</div>
</div>
</div>
)
}
}
// This function ensures that if the root url is the same as the link's url,
// we strip the root and resolve from a relative path, so as to not redirect
// from the local dev environment to production unexpectedly.
function resolveLocalUrl(rootUrl, url) {
const urlRegex = new RegExp(`^(?:http(?:s)*://)?(?:www.)?${rootUrl}`)
return url.replace(/\.html$/, '').replace(urlRegex, '')
}
export default ProductSubnav

554
website/components/subnav/style.css Normal file
View File

@@ -0,0 +1,554 @@
.g-product-subnav {
position: relative;
z-index: 75;
font-size: 0.875rem;
line-height: 1.25rem;
font-family: var(--font-body);
@media (max-width: 1140px) {
height: 64px;
}
@media (max-width: 767px) {
height: 54px;
}
& .wrapper {
padding: 25px 0;
@media (max-width: 1140px) {
background-color: var(--white);
padding: 0;
}
&.fixed {
@media (max-width: 1140px) {
position: fixed;
top: 0;
left: 0;
width: 100%;
}
}
}
& .g-container {
display: flex;
align-items: center;
height: 100%;
@media (max-width: 1140px) {
justify-content: space-between;
height: 64px;
}
@media (max-width: 767px) {
height: 54px;
}
}
& .dropdown {
cursor: pointer;
@media (min-width: 1140px) {
position: relative;
}
&:hover ul {
@media (min-width: 1140px) {
visibility: visible;
opacity: 1;
}
}
& ul {
display: flex;
flex-direction: column;
position: absolute;
top: 100%;
left: 0;
visibility: hidden;
opacity: 0;
list-style: none;
background: var(--white);
color: var(--DEPRECATED-gray-1);
box-shadow: 0px 8px 24px rgba(0, 0, 0, 0.08);
min-width: 180px;
margin: 0 0 0 -18px;
padding: 0;
border-radius: 2px;
z-index: 4;
}
}
& .logo {
padding-bottom: 10px;
margin-bottom: -13px;
margin-right: 32px;
@media (max-width: 1140px) {
margin-right: 0;
width: auto;
}
& > a {
align-items: center;
color: var(--black);
display: flex;
& > img {
width: 45px;
height: 45px;
@media (max-width: 1140px) {
width: 30px;
height: 30px;
}
}
& > svg {
margin-left: 10px;
& path {
stroke: var(--DEPRECATED-gray-5);
}
@media (max-width: 1140px) {
display: none;
}
}
}
& h4 {
display: flex;
align-items: center;
font-family: var(--font-klavika);
font-size: 2.2rem;
margin: 0;
padding: 6px 0 6px 10px;
font-weight: var(--font-weight-bold);
@media (max-width: 1140px) {
font-size: 1.8em;
}
}
}
& .toggle {
display: none;
@media (max-width: 1140px) {
align-items: center;
display: flex;
position: absolute;
right: 20px;
}
&.center {
height: 100%;
justify-content: center;
left: 0;
position: absolute;
top: 0;
width: 100%;
@media (max-width: 767px) {
position: relative;
}
}
&.open svg {
transform: rotate(-180deg);
}
& span {
cursor: pointer;
padding: 5px;
line-height: 0;
}
& svg {
width: 14px;
height: 9px;
transition: 0.25s ease;
transition-property: transform;
}
& path {
stroke: var(--brand);
}
}
& .links-wrapper {
background-color: var(--white);
margin-left: auto;
margin-right: 32px;
@media (max-width: 1140px) {
position: absolute;
top: 100%;
left: 0;
height: 0;
overflow: hidden;
transition: 0.25s ease;
transition-property: height;
z-index: 4;
width: 100%;
}
&.open {
@media (max-width: 1140px) {
overflow-y: visible;
height: 100vh;
}
}
}
& .links {
display: flex;
font-weight: var(--font-weight-bold);
position: relative;
@media (max-width: 1140px) {
display: block;
position: absolute;
top: 0;
left: 0;
width: 100%;
padding: 10px 24px;
overflow-x: hidden;
}
& ul a,
& ul span {
color: inherit;
padding: 0 0 8px;
transition: 0.25s ease;
transition-property: border-bottom-color;
@media (max-width: 1140px) {
display: block;
padding: 12px 0;
border-bottom: 1px solid var(--DEPRECATED-gray-9);
}
}
& span {
@media (max-width: 1140px) {
display: flex;
justify-content: space-between;
align-items: center;
}
}
& > ul {
list-style: none;
padding: 0;
margin: 0;
display: flex;
flex-direction: row;
justify-content: space-between;
align-items: center;
@media (max-width: 1140px) {
flex-direction: column;
justify-content: flex-start;
font-size: 1.125rem;
line-height: 1.75rem;
font-weight: normal;
}
& + ul {
@media (min-width: 1140px) {
border-left: 1px solid var(--DEPRECATED-gray-8);
padding-left: 24px;
margin-left: 24px;
}
@media (min-width: 1200px) {
padding-left: 32px;
margin-left: 32px;
}
}
& > li {
margin-right: 35px;
@media (max-width: 1140px) {
margin-right: 28px;
}
@media (max-width: 1140px) {
margin-right: 0;
}
&:last-child {
@media (min-width: 1140px) {
margin-right: 0;
}
}
& > a,
& > span {
@media (min-width: 1140px) {
border-bottom: 2px solid transparent;
}
}
& .selected,
& > a:hover {
@media (min-width: 1140px) {
border-bottom-color: var(--brand);
}
}
}
}
& .dropdown {
& > span > div {
margin: -2px 0 0 8px;
float: right;
@media (max-width: 1140px) {
display: inline-block;
float: none;
margin: 0;
transform: rotate(-90deg);
width: 12px;
}
}
& path {
stroke: var(--DEPRECATED-gray-6);
@media (max-width: 1140px) {
stroke: var(--DEPRECATED-gray-1);
}
}
& ul {
transition: 0.25s ease;
transition-property: left, opacity, visibility;
margin: 6px 0 0 -23px;
padding: 15px 29px 15px 24px;
@media (max-width: 1140px) {
visibility: visible;
opacity: 1;
position: absolute;
top: 0;
bottom: 0;
left: 100%;
padding: 10px 24px;
margin: 0;
width: 100%;
box-shadow: none;
}
&.open {
@media (max-width: 1140px) {
left: 0;
}
}
}
& li {
@media (min-width: 1140px) {
margin: 9px 0;
}
&.close,
&.name {
@media (min-width: 1140px) {
display: none;
}
}
&.close {
& span {
justify-content: flex-start;
}
& div {
display: inline-block;
}
& svg {
margin: 2px 12px 3px 0;
transform: rotate(90deg);
}
}
&.name {
border: none;
color: var(--DEPRECATED-gray-5);
font-weight: var(--font-weight-bold);
font-size: 0.75rem;
letter-spacing: 0.03125rem;
text-transform: uppercase;
padding: 24px 0 12px;
}
& a,
& span {
white-space: nowrap;
@media (min-width: 1140px) {
border: none;
}
&:hover {
@media (min-width: 1140px) {
color: var(--DEPRECATED-gray-3);
}
}
}
}
}
}
& .divider {
border-left: 1px solid #d2d4db;
width: 1px;
height: 100%;
}
& .ctas-mobile,
& .ctas {
& .download,
& .github {
font-size: 0.875rem;
border-radius: 2px;
display: flex;
align-items: center;
& > div {
line-height: 0;
}
}
& .download {
color: var(--white);
border: none;
& path {
fill: var(--white);
}
}
& .github {
border: 1px solid var(--DEPRECATED-gray-8);
transition: 0.25s ease;
transition-property: transform;
color: inherit;
& path {
fill: var(--DEPRECATED-gray-1);
}
}
}
& .ctas {
display: flex;
& .github {
padding: 7px;
height: 2.25rem;
width: 2.25rem;
@media (max-width: 1140px) {
display: none;
}
&:hover {
transform: translateY(-1px);
& path {
fill: var(--DEPRECATED-gray-3);
}
}
}
& .download {
margin-left: 16px;
padding: 10px 15px 10px 12px;
white-space: nowrap;
@media (max-width: 1140px) {
background: none;
color: inherit;
padding: 0;
border-bottom: 2px solid transparent;
margin-left: 0;
}
&:hover {
@media (max-width: 1140px) {
color: var(--DEPRECATED-gray-5);
transform: none;
}
&:after {
@media (max-width: 1140px) {
display: none;
}
}
}
& div {
margin-right: 8px;
line-height: 0;
@media (max-width: 767px) {
display: none;
}
}
& path {
fill: var(--white);
@media (max-width: 1140px) {
fill: var(--brand);
}
}
& span {
line-height: 1em;
}
}
}
& .ctas-mobile {
margin: 56px 0 28px;
@media (min-width: 1140px) {
display: none;
}
& a {
display: flex;
align-items: center;
justify-content: center;
& + a {
margin-top: 16px;
}
&.github {
padding: 13px;
background: transparent;
& > div {
line-height: 0;
}
}
&.download {
padding: 14px;
}
& svg {
margin-right: 8px;
}
}
}
}

23
website/components/use-case-cta-section/index.jsx Normal file
View File

@@ -0,0 +1,23 @@
export default function UseCaseCtaSection() {
return (
<section className="g-section-block g-cta-section">
<div>
<h2>Ready to get started?</h2>
<a className="g-btn white download" href="/downloads.html">
<svg
xmlns="http://www.w3.org/2000/svg"
width="20"
height="22"
viewBox="0 0 20 22"
>
<path d="M9.292 15.706a1 1 0 0 0 1.416 0l3.999-3.999a1 1 0 1 0-1.414-1.414L11 12.586V1a1 1 0 1 0-2 0v11.586l-2.293-2.293a1 1 0 1 0-1.414 1.414l3.999 3.999zM20 16v3c0 1.654-1.346 3-3 3H3c-1.654 0-3-1.346-3-3v-3a1 1 0 1 1 2 0v3c0 .551.448 1 1 1h14c.552 0 1-.449 1-1v-3a1 1 0 1 1 2 0z"></path>
</svg>
Download
</a>
<a className="g-btn white-outline" href="/docs">
Explore Docs
</a>
</div>
</section>
)
}

49
website/components/use-case-cta-section/style.css Normal file
View File

@@ -0,0 +1,49 @@
.g-section-block.g-cta-section {
-webkit-box-align: center;
align-items: center;
background: var(--gray-2);
display: -webkit-box;
display: flex;
-webkit-box-pack: center;
justify-content: center;
padding-left: 15px;
padding-right: 15px;
position: relative;
text-align: center;
color: var(--white);
& .g-btn.white {
background: var(--white);
border: 2px solid var(--white);
color: var(--gray-2);
&:hover {
background-color: var(--gray-1);
border-color: var(--gray-1);
color: var(--white);
& path {
fill: var(--white);
}
}
}
& .g-btn.white-outline {
background: none;
border: 2px solid var(--white);
color: var(--white);
&:hover {
background-color: var(--white);
color: var(--gray-2);
}
}
& .g-btn.download svg {
margin: 0 4px -4px 0;
}
& .g-btn + .g-btn {
margin-left: 18px;
}
}

182
website/config.rb
View File

@@ -1,182 +0,0 @@
set :product_name, "Vault"
set :base_url, "https://www.vaultproject.io/"
# Middleware for rendering preact components
use ReshapeMiddleware, component_file: "assets/reshape.js"
activate :hashicorp do |h|
h.name = "vault"
h.version = "1.3.1"
h.github_slug = "hashicorp/vault"
h.website_root = "website"
h.releases_enabled = true
h.datocms_api_key = '78d2968c99a076419fbb'
end
# Netlify redirects/headers
proxy '_redirects', 'netlify-redirects', ignore: true
helpers do
# Formats and filters a category of docs for the sidebar component
def get_sidebar_data(category)
sitemap.resources.select { |resource|
!!Regexp.new("^#{category}").match(resource.path)
}.map { |resource|
{
path: resource.path,
data: resource.data.to_hash.tap { |a| a.delete 'description'; a }
}
}
end
# Returns the FQDN of the image URL.
# @param [String] path
# @return [String]
def image_url(path)
File.join(config[:base_url], "/img/#{path}")
end
# Get the title for the page.
#
# @param [Middleman::Page] page
#
# @return [String]
def title_for(page)
if page && page.data.page_title
return "#{page.data.page_title} - Vault by HashiCorp"
end
"Vault by HashiCorp"
end
# Get the description for the page
#
# @param [Middleman::Page] page
#
# @return [String]
def description_for(page)
description = (page.data.description || "")
.gsub('"', '')
.gsub(/\n+/, ' ')
.squeeze(' ')
return escape_html(description)
end
# This helps by setting the "active" class for sidebar nav elements
# if the YAML frontmatter matches the expected value.
def sidebar_current(expected)
current = current_page.data.sidebar_current || ""
if current.start_with?(expected)
return " class=\"active\""
else
return ""
end
end
# Returns the id for this page.
# @return [String]
def body_id_for(page)
if !(name = page.data.sidebar_current).blank?
return "page-#{name.strip}"
end
if page.url == "/" || page.url == "/index.html"
return "page-home"
end
if page.path.include? "use-cases"
return "use-cases"
end
if !(title = page.data.page_title).blank?
return title
.downcase
.gsub('"', '')
.gsub(/[^\w]+/, '-')
.gsub(/_+/, '-')
.squeeze('-')
.squeeze(' ')
end
return ""
end
# Returns the list of classes for this page.
# @return [String]
def body_classes_for(page)
classes = []
if !(layout = page.data.layout).blank?
classes << "layout-#{page.data.layout}"
end
if !(title = page.data.page_title).blank?
title = title
.downcase
.gsub('"', '')
.gsub(/[^\w]+/, '-')
.gsub(/_+/, '-')
.squeeze('-')
.squeeze(' ')
classes << "page-#{title}"
end
return classes.join(" ")
end
# Returns data / attributes used by the product subnav component.
# @return [Object]
def getSubNavData
return {
current_path: current_page.path,
products: dato.enterprise_products.map(&:to_hash),
subnav: {
tdm_focused_links: [
{
title: "Intro",
url: "/intro"
},
{
item_type: "dropdown_link",
title: "Use Cases",
links: [{
title: "Secrets Management",
url: "/use-cases/secrets-management"
},
{
title: "Data Encryption",
url: "/use-cases/data-encryption"
}, {
title: "Identity-based Access",
url: "/use-cases/identity-based-access"
}]
},
{
title: "Enterprise",
url: "https://www.hashicorp.com/products/vault/enterprise"
},
{
title: "Whitepaper",
url: "https://www.hashicorp.com/resources/unlocking-the-cloud-operating-model-security?utm_source=vaultsubnav"
}
],
practitioner_focused_links: [
{
title: "Learn",
url: "https://learn.hashicorp.com/vault"
},
{
title: "Docs",
url: "/docs"
},
{
title: "API",
url: "/api"
},
{
title: "Community",
url: "/community"
}
],
product: dato.vault_product_page.subnav.product.to_hash
}
}
end
end

153
website/data/api-navigation.js Normal file
View File

@@ -0,0 +1,153 @@
// The root folder for this documentation category is `pages/api-docs`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
'index',
'libraries',
'relatedtools',
'------------',
{
category: 'secret',
content: [
{ category: 'ad' },
{ category: 'alicloud' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'consul' },
{ category: 'cubbyhole' },
{
category: 'databases',
content: [
'cassandra',
'elasticdb',
'influxdb',
'hanadb',
'mongodb',
'mssql',
'mysql-maria',
'postgresql',
'oracle'
]
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
content: ['kv-v1', 'kv-v2']
},
{
category: 'identity',
content: [
'entity',
'entity-alias',
'group',
'group-alias',
'tokens',
'lookup'
]
},
{ category: 'nomad' },
{ category: 'pki' },
{ category: 'rabbitmq' },
{ category: 'ssh' },
{ category: 'totp' },
{ category: 'transit' },
'-----------------------',
{ category: 'cassandra' },
{ category: 'mongodb' },
{ category: 'mssql' },
{ category: 'mysql' },
{ category: 'postgresql' }
]
},
{
category: 'auth',
content: [
{ category: 'alicloud' },
{ category: 'approle' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'cf' },
{ category: 'github' },
{ category: 'gcp' },
{ category: 'jwt' },
{ category: 'kerberos' },
{ category: 'kubernetes' },
{ category: 'ldap' },
{ category: 'oci' },
{ category: 'okta' },
{ category: 'radius' },
{ category: 'cert' },
{ category: 'token' },
{ category: 'userpass' },
{ category: 'app-id' }
]
},
{
category: 'system',
content: [
'audit',
'audit-hash',
'auth',
'capabilities',
'capabilities-accessor',
'capabilities-self',
'config-auditing',
'config-control-group',
'config-cors',
'config-state',
'config-ui',
'control-group',
'generate-root',
'health',
'host-info',
'init',
'internal-specs-openapi',
'internal-ui-mounts',
'key-status',
'leader',
'leases',
'license',
'metrics',
{
category: 'mfa',
content: ['duo', 'okta', 'pingid', 'totp']
},
'mounts',
'namespaces',
'plugins-reload-backend',
'plugins-catalog',
'policy',
'policies',
'pprof',
'raw',
'rekey',
'rekey-recovery-key',
'remount',
{
category: 'replication',
content: ['replication-performance', 'replication-dr']
},
'rotate',
'seal',
'seal-status',
'sealwrap-rewrap',
'step-down',
{
category: 'storage',
content: ['raft']
},
'tools',
'unseal',
'wrapping-lookup',
'wrapping-rewrap',
'wrapping-unwrap',
'wrapping-wrap'
]
}
]

16
website/data/api_basic_categories.yml
View File

@@ -1,16 +0,0 @@
-
title: "Overview"
description: "Topics related to developing applications with the Vault API, including client libraries and related tools."
link: "/api/overview"
-
title: "Secrets Engines"
description: "Functions related to managing secrets and secrets engines."
link: "/api/secret"
-
title: "Auth Methods"
description: "Functions related to configuring how users and applications authenticate into Vault."
link: "/api/auth"
-
title: "System Backends"
description: "Functions related to managing Vault's configuration, including replication, storage, and managing Vault's unseal processes."
link: "/api/system"

92
website/data/api_detailed_categories.yml
View File

@@ -1,92 +0,0 @@
-
title: "Auth Methods"
docs:
- api/auth/index.html
- api/auth/approle/index.html
- api/auth/alicloud/index.html
- api/auth/aws/index.html
- api/auth/azure/index.html
- api/auth/github/index.html
- api/auth/gcp/index.html
- api/auth/jwt/index.html
- api/auth/kubernetes/index.html
- api/auth/ldap/index.html
- api/auth/okta/index.html
- api/auth/cf/index.html
- api/auth/oci/index.html
- api/auth/radius/index.html
- api/auth/cert/index.html
- api/auth/token/index.html
- api/auth/userpass/index.html
-
title: "Secret Engines"
docs:
- api/secret/index.html
- api/secret/ad/index.html
- api/secret/alicloud/index.html
- api/secret/aws/index.html
- api/secret/azure/index.html
- api/secret/consul/index.html
- api/secret/cubbyhole/index.html
- api/secret/databases/index.html
- api/secret/gcp/index.html
- api/secret/gcpkms/index.html
- api/secret/kmip/index.html
- api/secret/kv/index.html
- api/secret/identity/index.html
- api/secret/nomad/index.html
- api/secret/pki/index.html
- api/secret/rabbitmq/index.html
- api/secret/ssh/index.html
- api/secret/totp/index.html
- api/secret/transit/index.html
-
title: "System Backends"
docs:
- api/system/index.html
- api/system/audit.html
- api/system/audit-hash.html
- api/system/auth.html
- api/system/capabilities.html
- api/system/capabilities-accessor.html
- api/system/capabilities-self.html
- api/system/config-auditing.html
- api/system/config-control-group.html
- api/system/config-cors.html
- api/system/config-state.html
- api/system/config-ui.html
- api/system/control-group.html
- api/system/generate-recovery-token.html
- api/system/generate-root.html
- api/system/health.html
- api/system/host-info.html
- api/system/init.html
- api/system/internal-specs-openapi.html
- api/system/internal-ui-mounts.html
- api/system/key-status.html
- api/system/leader.html
- api/system/leases.html
- api/system/license.html
- api/system/namespaces.html
- api/system/mfa/index.html
- api/system/mounts.html
- api/system/plugins-reload-backend.html
- api/system/plugins-catalog.html
- api/system/policy.html
- api/system/policies.html
- api/system/pprof.html
- api/system/raw.html
- api/system/rekey.html
- api/system/rekey-recovery-key.html
- api/system/remount.html
- api/system/replication/index.html
- api/system/rotate.html
- api/system/seal.html
- api/system/seal-status.html
- api/system/step-down.html
- api/system/tools.html
- api/system/unseal.html
- api/system/wrapping-lookup.html
- api/system/wrapping-rewrap.html
- api/system/wrapping-unwrap.html
- api/system/wrapping-wrap.html

391
website/data/docs-navigation.js Normal file
View File

@@ -0,0 +1,391 @@
// The root folder for this documentation category is `pages/docs`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
{
category: 'install'
},
{
category: 'internals',
content: [
'architecture',
'high-availability',
'security',
'telemetry',
'token',
'rotation',
'replication',
'plugins'
]
},
{
category: 'concepts',
content: [
'dev-server',
'seal',
'lease',
'auth',
'tokens',
'response-wrapping',
'policies',
'ha',
'pgp-gpg-keybase',
'recovery-mode'
]
},
{
category: 'configuration',
content: [
{
category: 'listener',
content: ['tcp']
},
{
category: 'seal',
content: [
'alicloudkms',
'awskms',
'azurekeyvault',
'gcpckms',
'ocikms',
'pkcs11',
'transit'
]
},
{
category: 'storage',
content: [
'azure',
'cassandra',
'cockroachdb',
'consul',
'couchdb',
'dynamodb',
'etcd',
'filesystem',
'foundationdb',
'google-cloud-spanner',
'google-cloud-storage',
'in-memory',
'manta',
'mssql',
'mysql',
'oci-object-storage',
'postgresql',
'raft',
's3',
'swift',
'zookeeper'
]
},
{
category: 'service-registration',
content: ['consul']
},
'telemetry',
{ category: 'ui' },
{ category: 'entropy-augmentation' }
]
},
{
category: 'commands',
content: [
'agent',
{
category: 'audit',
content: ['disable', 'enable', 'list']
},
{
category: 'auth',
content: ['disable', 'enable', 'help', 'list', 'tune']
},
'debug',
'delete',
{
category: 'kv',
content: [
'delete',
'destroy',
'enable-versioning',
'get',
'list',
'metadata',
'patch',
'put',
'rollback',
'undelete'
]
},
{
category: 'lease',
content: ['renew', 'revoke']
},
'list',
'login',
'namespace',
{
category: 'operator',
content: [
'generate-root',
'init',
'key-status',
'migrate',
'rekey',
'rotate',
'seal',
'step-down',
'unseal'
]
},
'path-help',
{
category: 'plugin',
content: ['deregister', 'info', 'list', 'register']
},
{
category: 'policy',
content: ['delete', 'fmt', 'list', 'read', 'write']
},
'read',
{
category: 'secrets',
content: ['disable', 'enable', 'list', 'move', 'tune']
},
'server',
'ssh',
'status',
{
category: 'token',
content: ['capabilities', 'create', 'lookup', 'renew', 'revoke']
},
'unwrap',
'version',
'write',
'token-helper'
]
},
{
category: 'agent',
content: [
{
category: 'autoauth',
content: [
{
category: 'methods',
content: [
'alicloud',
'approle',
'aws',
'azure',
'cert',
'cf',
'gcp',
'jwt',
'kubernetes'
]
},
{
category: 'sinks',
content: ['file']
}
]
},
{ category: 'caching' },
{ category: 'template' }
]
},
'----------------',
{
category: 'secrets',
content: [
{ category: 'ad' },
{ category: 'alicloud' },
{ category: 'aws' },
{ category: 'azure' },
{ category: 'consul' },
{ category: 'cubbyhole' },
{
category: 'databases',
content: [
'cassandra',
'elasticdb',
'influxdb',
'hanadb',
'mongodb',
'mssql',
'mysql-maria',
'postgresql',
'oracle',
'custom'
]
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
content: ['kv-v1', 'kv-v2']
},
{ category: 'identity' },
{ category: 'nomad' },
{ category: 'pki' },
{ category: 'rabbitmq' },
{
category: 'ssh',
content: [
'signed-ssh-certificates',
'one-time-ssh-passwords',
'dynamic-ssh-keys'
]
},
{ category: 'totp' },
{ category: 'transit' },
'------------------------',
{ category: 'cassandra' },
{ category: 'mongodb' },
{ category: 'mssql' },
{ category: 'mysql' },
{ category: 'postgresql' }
]
},
{
category: 'auth',
content: [
'approle',
'alicloud',
'aws',
'azure',
'cf',
'gcp',
'jwt',
'kerberos',
'kubernetes',
'github',
'ldap',
'oci',
'okta',
'radius',
'cert',
'token',
'userpass',
'---------',
'app-id',
'mfa'
]
},
{
category: 'audit',
content: ['file', 'syslog', 'socket']
},
{
category: 'plugin'
},
'----------------',
{
category: 'what-is-vault'
},
{
category: 'use-cases'
},
{
category: 'partnerships'
},
{
category: 'vs',
content: [
'chef-puppet-etc',
'hsm',
'dropbox',
'consul',
'kms',
'keywhiz',
'custom'
]
},
'----------------',
{
category: 'platform',
content: [
{
category: 'k8s',
content: [
{
category: 'helm',
content: ['run', 'configuration', 'examples']
},
{
category: 'injector',
content: ['installation', 'examples']
}
]
},
{
category: 'aws-mp',
content: ['run']
}
]
},
'----------------',
{
category: 'upgrading',
content: [
'plugins',
'upgrade-to-0.5.0',
'upgrade-to-0.5.1',
'upgrade-to-0.6.0',
'upgrade-to-0.6.1',
'upgrade-to-0.6.2',
'upgrade-to-0.6.3',
'upgrade-to-0.6.4',
'upgrade-to-0.7.0',
'upgrade-to-0.8.0',
'upgrade-to-0.9.0',
'upgrade-to-0.9.1',
'upgrade-to-0.9.2',
'upgrade-to-0.9.3',
'upgrade-to-0.9.6',
'upgrade-to-0.10.0',
'upgrade-to-0.10.2',
'upgrade-to-0.10.4',
'upgrade-to-0.11.0',
'upgrade-to-0.11.2',
'upgrade-to-0.11.6',
'upgrade-to-1.0.0',
'upgrade-to-1.1.0',
'upgrade-to-1.1.1',
'upgrade-to-1.1.2',
'upgrade-to-1.2.0',
'upgrade-to-1.2.1',
'upgrade-to-1.2.4',
'upgrade-to-1.3.0'
]
},
'----------------',
{
category: 'enterprise',
content: [
{ category: 'replication' },
{
category: 'hsm',
content: ['behavior', 'security']
},
{ category: 'entropy-augmentation' },
{ category: 'sealwrap' },
{ category: 'namespaces' },
{ category: 'performance-standby' },
{ category: 'control-groups' },
{
category: 'mfa',
content: ['mfa-duo', 'mfa-okta', 'mfa-pingid', 'mfa-totp']
},
{
category: 'sentinel',
content: ['examples', 'properties']
}
]
}
]

48
website/data/docs_basic_categories.yml
View File

@@ -1,48 +0,0 @@
-
description: "Installing Vault and Vault Enterprise."
link: "/docs/install"
title: "Installing Vault"
-
description: "Technical details about Vault's architecture, cryptographic components, and security model."
link: "/docs/internals"
title: Internals
-
description: "Foundational concepts critical to understanding how Vault operates."
link: "/docs/concepts"
title: "Concepts"
-
description: "Managing Vault via its Command Line Interface (CLI)."
link: "/docs/commands"
title: "Commands (CLI)"
-
description: "Deploying Vault systems and configuring components such as storage and unseal interfaces."
link: "/docs/configuration"
title: Configuration
-
description: "Configuring the Vault binary as a client daemon for performing security operations."
link: "/docs/agent"
title: "Vault Agent"
-
description: "Engines for performing security operations using secrets stored within Vault."
link: "/docs/secrets"
title: "Secret Engines"
-
description: "Methods for configuring how users and applications authenticate into Vault."
link: "/docs/auth"
title: "Auth Methods"
-
description: "Devices for capturing audit logs monitoring activity within Vault."
link: "/docs/audit"
title: "Audit Devices"
-
description: "Configuring how Vault operates with external systems and applications via plugins."
link: "/docs/plugin"
title: "Plugin Backends"
-
description: "Topics related to running Vault on specific platforms (such as Kubernetes)."
link: "/docs/platform"
title: "Platforms"
-
description: "Topics related to Vault Enterprise, Vault's premium varient for professional teams and organizations."
link: "/docs/enterprise"
title: "Vault Enterprise"

146
website/data/docs_detailed_categories.yml
View File

@@ -1,146 +0,0 @@
-
title: "Installing Vault"
docs:
- docs/install/index.html
-
title: Internals
docs:
- docs/internals/index.html
- docs/internals/architecture.html
- docs/internals/high-availability.html
- docs/internals/security.html
- docs/internals/telemetry.html
- docs/internals/token.html
- docs/internals/rotation.html
- docs/internals/replication.html
- docs/internals/plugins.html
-
title: "Concepts"
docs:
- docs/concepts/index.html
- docs/concepts/dev-server.html
- docs/concepts/seal.html
- docs/concepts/lease.html
- docs/concepts/auth.html
- docs/concepts/tokens.html
- docs/concepts/response-wrapping.html
- docs/concepts/policies.html
- docs/concepts/ha.html
- docs/concepts/pgp-gpg-keybase.html
- docs/concepts/recovery-mode.html
-
title: Configuration
docs:
- docs/configuration/index.html
- docs/configuration/telemetry.html
- docs/configuration/seal/index.html
- docs/configuration/listener/index.html
- docs/configuration/ui/index.html
-
title: "CLI Commands"
docs:
- docs/commands/index.html
- docs/commands/agent.html
- docs/commands/audit/index.html
- docs/commands/auth/index.html
- docs/commands/debug.html
- docs/commands/delete.html
- docs/commands/lease/index.html
- docs/commands/list.html
- docs/commands/login.html
- docs/commands/namespace.html
- docs/commands/operator/index.html
- docs/commands/path-help.html
- docs/commands/plugin/index.html
- docs/commands/policy/index.html
- docs/commands/read.html
- docs/commands/secrets/index.html
- docs/commands/server.html
- docs/commands/ssh.html
- docs/commands/status.html
- docs/commands/token/index.html
- docs/commands/unwrap.html
- docs/commands/write.html
- docs/commands/token-helper.html
-
title: "Vault Agent"
docs:
- docs/agent/index.html
- docs/agent/autoauth/index.html
- docs/agent/caching/index.html
-
title: "Secret Engines"
docs:
- docs/secrets/index.html
- docs/secrets/ad/index.html
- docs/secrets/alicloud/index.html
- docs/secrets/aws/index.html
- docs/secrets/azure/index.html
- docs/secrets/consul/index.html
- docs/secrets/cubbyhole/index.html
- docs/secrets/databases/index.html
- docs/secrets/gcp/index.html
- docs/secrets/gcpkms/index.html
- docs/secrets/kmip/index.html
- docs/secrets/kv/index.html
- docs/secrets/identity/index.html
- docs/secrets/nomad/index.html
- docs/secrets/pki/index.html
- docs/secrets/rabbitmq/index.html
- docs/secrets/ssh/index.html
- docs/secrets/totp/index.html
- docs/secrets/transit/index.html
- docs/secrets/cassandra/index.html
- docs/secrets/mongodb/index.html
- docs/secrets/mssql/index.html
- docs/secrets/mysql/index.html
- docs/secrets/postgresql/index.html
-
title: "Auth Methods"
docs:
- docs/auth/index.html
- docs/auth/approle.html
- docs/auth/alicloud.html
- docs/auth/aws.html
- docs/auth/azure.html
- docs/auth/gcp.html
- docs/auth/jwt.html
- docs/auth/kubernetes.html
- docs/auth/github.html
- docs/auth/ldap.html
- docs/auth/oci.html
- docs/auth/okta.html
- docs/auth/cf.html
- docs/auth/radius.html
- docs/auth/cert.html
- docs/auth/token.html
- docs/auth/userpass.html
- docs/auth/app-id.html
- docs/auth/mfa.html
-
title: "Audit Devices"
docs:
- docs/audit/index.html
- docs/audit/file.html
- docs/audit/syslog.html
- docs/audit/socket.html
-
title: "Plugin Backends"
docs:
- docs/plugin/index.html
-
title: "Platforms"
docs:
- docs/platform/k8s/index.html
- docs/platform/aws-mp/index.html
-
title: "Vault Enterprise"
docs:
- docs/enterprise/replication/index.html
- docs/enterprise/hsm/index.html
- docs/enterprise/sealwrap/index.html
- docs/enterprise/namespaces/index.html
- docs/enterprise/performance-standby/index.html
- docs/enterprise/control-groups/index.html
- docs/enterprise/mfa/index.html
- docs/enterprise/sentinel/index.html

55
website/data/guides-navigation.js Normal file
View File

@@ -0,0 +1,55 @@
export default [
{
category: 'getting-started'
},
{
category: 'operations',
content: [
'reference-architecture',
'vault-ha-consul',
'production',
'generate-root',
'rekeying-and-rotating',
'plugin-backends',
'--------------',
'replication',
'disaster-recovery',
'mount-filter',
'multi-tenant',
'autounseal-aws-kms',
'seal-wrap',
'monitoring'
]
},
{
category: 'identity',
content: [
'secure-intro',
'policies',
'authentication',
'approle-trusted-entities',
'lease',
'identity',
'--------------',
'sentinel',
'control-groups'
]
},
{
category: 'secret-mgmt',
content: [
'static-secrets',
'versioned-kv',
'dynamic-secrets',
'db-root-rotation',
'cubbyhole',
'ssh-otp',
'pki-engine',
'app-integration'
]
},
{
category: 'encryption',
content: ['transit', 'spring-demo', 'transit-rewrap']
}
]

24
website/data/intro-navigation.js Normal file
View File

@@ -0,0 +1,24 @@
// The root folder for this documentation category is `pages/intro`
//
// - A string refers to the name of a file
// - A "category" value refers to the name of a directory
// - All directories must have an "index.mdx" file to serve as
// the landing page for the category
export default [
{
category: 'getting-started',
content: [
'dev-server',
'first-secret',
'secrets-engines',
'dynamic-secrets',
'help',
'authentication',
'policies',
'deploy',
'apis',
'next-steps'
]
}
]

28
website/data/subnav.js Normal file
View File

@@ -0,0 +1,28 @@
export default [
{ title: 'Overview', url: '/intro/getting-started' },
{
title: 'Use Cases',
links: [
{ title: 'Secrets Management', url: '/use-cases/secrets-management' },
{ title: 'Data Encryption', url: '/use-cases/data-encryption' },
{
title: 'Identity-based Access',
url: '/use-cases/identity-based-access'
}
]
},
{
title: 'Enterprise',
url: 'https://www.hashicorp.com/products/vault/enterprise'
},
{
title: 'Whitepaper',
url:
'https://www.hashicorp.com/resources/unlocking-the-cloud-operating-model-security?utm_source=vaultsubnav'
},
{ title: '|' },
{ title: 'Learn', url: 'https://learn.hashicorp.com/vault' },
{ title: 'Docs', url: '/docs' },
{ title: 'API', url: '/api-docs' },
{ title: 'Community', url: '/community' }
]

1
website/data/version.js Normal file
View File

@@ -0,0 +1 @@
export const VERSION = '1.3.1'

66
website/deploy/main.tf
View File

@@ -1,66 +0,0 @@
locals {
github_parts = ["${split("/", var.github_repo)}"]
github_full = "${var.github_repo}"
github_org = "${local.github_parts[0]}"
github_repo = "${local.github_parts[1]}"
}
/*
-------------------------------------------------------------------
GitHub Resources
-------------------------------------------------------------------
*/
provider "github" {
organization = "${local.github_org}"
version = "~>2.0.0"
}
// Configure the repository with the dynamically created Netlify key.
resource "github_repository_deploy_key" "key" {
title = "Netlify"
repository = "${local.github_repo}"
key = "${netlify_deploy_key.key.public_key}"
read_only = false
}
// Create a webhook that triggers Netlify builds on push.
resource "github_repository_webhook" "main" {
repository = "${local.github_repo}"
events = ["delete", "push", "pull_request"]
configuration {
content_type = "json"
url = "https://api.netlify.com/hooks/github"
insecure_ssl = false
}
depends_on = ["netlify_site.main"]
}
/*
-------------------------------------------------------------------
Netlify Resources
-------------------------------------------------------------------
*/
provider "netlify" {
version = "~> 0.1.0"
}
// A new, unique deploy key for this specific website
resource "netlify_deploy_key" "key" {}
resource "netlify_site" "main" {
name = "${var.name}"
custom_domain = "${var.custom_site_domain}"
repo {
repo_branch = "${var.github_branch}"
command = "cd website && bundle && cd assets && npm i && cd .. && middleman build --verbose"
deploy_key_id = "${netlify_deploy_key.key.id}"
dir = "website/build"
provider = "github"
repo_path = "${local.github_full}"
}
}

19
website/deploy/variables.tf
View File

@@ -1,19 +0,0 @@
variable "name" {
default = "vault-www"
description = "Name of the website in slug format."
}
variable "github_repo" {
default = "hashicorp/vault"
description = "GitHub repository of the provider in 'org/name' format."
}
variable "github_branch" {
default = "stable-website"
description = "GitHub branch which netlify will continuously deploy."
}
variable "custom_site_domain" {
default = "www.vaultproject.io"
description = "The custom domain to use for the Netlify site."
}

23
website/layouts/api.jsx Normal file
View File

@@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/api-navigation.js'
import { frontMatter } from '../pages/api-docs/**/*.mdx'
function ApiLayoutWrapper(pageMeta) {
function ApiLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="api-docs"
pageMeta={pageMeta}
/>
)
}
ApiLayout.getInitialProps = getInitialProps
return ApiLayout
}
export default ApiLayoutWrapper

23
website/layouts/docs.jsx Normal file
View File

@@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/docs-navigation.js'
import { frontMatter } from '../pages/docs/**/*.mdx'
function DocsLayoutWrapper(pageMeta) {
function DocsLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="docs"
pageMeta={pageMeta}
/>
)
}
DocsLayout.getInitialProps = getInitialProps
return DocsLayout
}
export default DocsLayoutWrapper

23
website/layouts/guides.jsx Normal file
View File

@@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/guides-navigation.js'
import { frontMatter } from '../pages/guides/**/*.mdx'
function GuidesLayoutWrapper(pageMeta) {
function GuidesLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="guides"
pageMeta={pageMeta}
/>
)
}
GuidesLayout.getInitialProps = getInitialProps
return GuidesLayout
}
export default GuidesLayoutWrapper

23
website/layouts/intro.jsx Normal file
View File

@@ -0,0 +1,23 @@
import DocsPage, { getInitialProps } from '../components/docs-page'
import orderData from '../data/intro-navigation.js'
import { frontMatter } from '../pages/intro/**/*.mdx'
function IntroLayoutWrapper(pageMeta) {
function IntroLayout(props) {
return (
<DocsPage
{...props}
orderData={orderData}
frontMatter={frontMatter}
category="intro"
pageMeta={pageMeta}
/>
)
}
IntroLayout.getInitialProps = getInitialProps
return IntroLayout
}
export default IntroLayoutWrapper

17
website/lib/bugsnag.js Normal file
View File

@@ -0,0 +1,17 @@
import React from 'react'
import bugsnag from '@bugsnag/js'
import bugsnagReact from '@bugsnag/plugin-react'
const apiKey =
typeof window === 'undefined'
? 'fb2dc40bb48b17140628754eac6c1b11'
: '07ff2d76ce27aded8833bf4804b73350'
const bugsnagClient = bugsnag({
apiKey,
releaseStage: process.env.NODE_ENV || 'development'
})
bugsnagClient.use(bugsnagReact, React)
export default bugsnagClient

47
website/assets/js/consent-manager.js → website/lib/consent-manager-config.js
View File

@@ -1,9 +1,21 @@
import { open, init } from '@hashicorp/hashi-consent-manager'
const isProd = process.env.NODE_ENV === 'production'
window.openConsentManager = () => open()
const segmentWriteKey = isProd
? 'OdSFDq9PfujQpmkZf03dFpcUlywme4sC'
: '0EXTgkNx0Ydje2PGXVbRhpKKoe5wtzcE'
init({
version: 1,
// TODO: refactor into web components
let utilityServerRoot = isProd
? 'https://util.hashicorp.com'
: 'https://hashicorp-web-util-staging.herokuapp.com'
if (process.env.UTIL_SERVER) {
utilityServerRoot = process.env.UTIL_SERVER.replace(/\/$/, '')
}
// Consent manager configuration
export default {
version: 3,
container: '#consent-manager',
companyName: 'HashiCorp',
privacyPolicyLink: '/privacy',
@@ -17,23 +29,22 @@ init({
'Google Analytics is a popular service for tracking web traffic. We use this data to determine what content our users find important so that we can dedicate more resources toward it.',
category: 'Analytics'
},
{
name: 'Marketo V2',
description:
'Marketo is a marketing automation tool that allows us to segment users into different categories based off of their behaviors. We use this information to provide tailored information to users in our email campaigns.',
category: 'Email Marketing'
},
{
name: 'Hull',
description:
'Hull is a tool that we use to clean up analytics data and send it between different services. It does not add any javascript tracking code to this site.',
category: 'Analytics'
},
{
name: 'Hotjar',
description:
'Hotjar is a service that generates heatmaps of where users click on our sites. We use this information to ensure that our site is not confusing, and simple to use and navigate.',
category: 'Analytics'
},
{
name: 'LinkedIn Insight Tag',
description:
'This small script allows us to see how effective our linkedin campaigns are by showing which users have clicked through to our site.',
category: 'Analytics'
},
{
name: 'Marketo V2',
description:
'Marketo is a marketing automation tool that allows us to segment users into different categories based off of their behaviors. We use this information to provide tailored information to users in our email campaigns.'
}
],
categories: [
@@ -59,7 +70,7 @@ init({
description:
"OptinMonster is a service that we use to show a prompt to sign up for our newsletter if it's perceived that you are interested in our content.",
category: 'Functional',
body: `var om597a24292a958,om597a24292a958_poll=function(){var e=0;return function(t,a){clearInterval(e),e=setInterval(t,a)}}();!function(e,t,a){if(e.getElementById(a))om597a24292a958_poll(function(){if(window.om_loaded&&!om597a24292a958)return(om597a24292a958=new OptinMonsterApp).init({s:"35109.597a24292a958",staging:0,dev:0,beta:0})},25);else{var n=!1,o=e.createElement("script");o.id=a,o.src="//a.optnmstr.com/app/js/api.min.js",o.async=!0,o.onload=o.onreadystatechange=function(){if(!(n||this.readyState&&"loaded"!==this.readyState&&"complete"!==this.readyState))try{n=om_loaded=!0,(om597a24292a958=new OptinMonsterApp).init({s:"35109.597a24292a958",staging:0,dev:0,beta:0}),o.onload=o.onreadystatechange=null}catch(e){}},(document.getElementsByTagName("head")[0]||document.documentElement).appendChild(o)}}(document,0,"omapi-script");`
body: `var om598c8e3a6e43d,om598c8e3a6e43d_poll=function(){var r=0;return function(n,l){clearInterval(r),r=setInterval(n,l)}}();!function(e,t,n){if(e.getElementById(n)){om598c8e3a6e43d_poll(function(){if(window['om_loaded']){if(!om598c8e3a6e43d){om598c8e3a6e43d=new OptinMonsterApp();return om598c8e3a6e43d.init({"s":"35109.598c8e3a6e43d","staging":0,"dev":0,"beta":0});}}},25);return;}var d=false,o=e.createElement(t);o.id=n,o.src="https://a.optnmstr.com/app/js/api.min.js",o.async=true,o.onload=o.onreadystatechange=function(){if(!d){if(!this.readyState||this.readyState==="loaded"||this.readyState==="complete"){try{d=om_loaded=true;om598c8e3a6e43d=new OptinMonsterApp();om598c8e3a6e43d.init({"s":"35109.598c8e3a6e43d","staging":0,"dev":0,"beta":0});o.onload=o.onreadystatechange=null;}catch(t){}}}};(document.getElementsByTagName("head")[0]||document.documentElement).appendChild(o)}(document,"script","omapi-script");`
}
]
})
}

10
website/lib/polyfills.js Normal file
View File

@@ -0,0 +1,10 @@
// If you run into issues with features missing in IE11, you likely need to
// make additions to this file for those features.
// See https://github.com/zloirock/core-js
import 'core-js/fn/array'
import 'core-js/fn/object/assign'
import 'core-js/fn/string/ends-with'
import 'core-js/fn/string/includes'
import 'core-js/fn/string/repeat'
import 'core-js/fn/string/starts-with'
import 'core-js/fn/symbol'

13
website/netlify.toml Normal file
View File

@@ -0,0 +1,13 @@
# This file sets configuration for Netlify
# ref: https://www.netlify.com/docs/netlify-toml-reference/
[build]
publish = "out"
command = "npm run static"
[context.production]
environment = { HASHI_ENV = "production", NODE_ENV = "production"}
[context.deploy-preview]
environment = { HASHI_ENV = "staging" }

43
website/next.config.js Normal file
View File

@@ -0,0 +1,43 @@
const withHashicorp = require('@hashicorp/nextjs-scripts')
const path = require('path')
module.exports = withHashicorp({
defaultLayout: true,
transpileModules: ['is-absolute-url', '@hashicorp/react-mega-nav'],
mdx: { resolveIncludes: path.join(__dirname, 'pages') }
})({
experimental: {
css: true,
granularChunks: true,
rewrites: () => [
{
source: '/api/:path*',
destination: '/api-docs/:path*'
}
],
redirects: () => [
{ source: '/intro', destination: '/intro/getting-started' }
]
},
exportTrailingSlash: true,
webpack(config) {
// Add polyfills
const originalEntry = config.entry
config.entry = async () => {
const entries = await originalEntry()
let polyEntry = entries['static/runtime/polyfills.js']
if (polyEntry && !polyEntry.includes('./lib/polyfills.js')) {
if (!Array.isArray(polyEntry)) {
entries['static/runtime/polyfills.js'] = [polyEntry]
}
entries['static/runtime/polyfills.js'].unshift('./lib/polyfills.js')
}
return entries
}
return config
},
env: {
HASHI_ENV: process.env.HASHI_ENV
}
})

17314
website/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

65
website/package.json Normal file
View File

@@ -0,0 +1,65 @@
{
"name": "vault-docs-platform",
"description": "Description of your website",
"version": "0.0.1",
"author": "HashiCorp",
"dependencies": {
"@bugsnag/js": "^6.5.0",
"@bugsnag/plugin-react": "^6.5.0",
"@hashicorp/nextjs-scripts": "^6.0.0-1",
"@hashicorp/react-button": "^2.1.2",
"@hashicorp/react-case-study-slider": "^2.0.4",
"@hashicorp/react-consent-manager": "^2.0.3",
"@hashicorp/react-content": "^2.1.1",
"@hashicorp/react-docs-sidenav": "^2.2.2",
"@hashicorp/react-docs-sitemap": "^1.0.0",
"@hashicorp/react-footer": "3.1.6",
"@hashicorp/react-global-styles": "^4.0.7",
"@hashicorp/react-hero": "3.0.0",
"@hashicorp/react-image": "^2.0.1",
"@hashicorp/react-inline-svg": "^1.0.0",
"@hashicorp/react-mega-nav": "^4.0.0-0",
"@hashicorp/react-product-downloader": "^2.0.1",
"@hashicorp/react-section-header": "^2.0.0",
"@hashicorp/react-text-and-content": "^3.0.9",
"@hashicorp/react-use-cases": "^1.0.2",
"@hashicorp/react-vertical-text-block-list": "^2.0.1",
"babel-plugin-import-glob-array": "^0.2.0",
"highlight.js": "^9.17.1",
"ie11-custom-properties": "^2.6.0",
"imagemin-mozjpeg": "^8.0.0",
"imagemin-optipng": "^7.1.0",
"imagemin-svgo": "^7.0.0",
"isomorphic-unfetch": "^3.0.0",
"marked": "^0.7.0",
"next": "^9.1.8-canary.8",
"nprogress": "^0.2.0",
"react": "^16.12.0",
"react-dom": "^16.12.0",
"slugify": "^1.3.6",
"stringify-object": "^3.3.0"
},
"devDependencies": {
"glob": "^7.1.6",
"husky": "^4.0.1",
"inquirer": "^7.0.3",
"prettier": "^1.19.1"
},
"husky": {
"hooks": {
"pre-commit": "next-hashicorp precommit"
}
},
"main": "index.js",
"scripts": {
"build": "node --max-old-space-size=2048 ./node_modules/.bin/next build",
"dynamic": "NODE_ENV=production next build && next start",
"export": "node --max-old-space-size=2048 ./node_modules/.bin/next export",
"format": "next-hashicorp format",
"generate:component": "next-hashicorp generate component",
"lint": "next-hashicorp lint",
"start": "npm run clear_babel_cache && next dev",
"static": "npm run clear_babel_cache && npm run build && npm run export && cp _redirects out/.",
"clear_babel_cache": "rm -rf .next/cache/next-babel-loader"
}
}

62
website/pages/_app.js Normal file
View File

@@ -0,0 +1,62 @@
import './style.css'
import App from 'next/app'
import NProgress from 'nprogress'
import Router from 'next/router'
import DefaultHeadTags from '../components/default-head-tags'
import ProductSubnav from '../components/subnav'
import MegaNav from '@hashicorp/react-mega-nav'
import Footer from '@hashicorp/react-footer'
import { ConsentManager, open } from '@hashicorp/react-consent-manager'
import consentManagerConfig from '../lib/consent-manager-config'
import bugsnagClient from '../lib/bugsnag'
import Error from './_error'
import subnavLinks from '../data/subnav'
Router.events.on('routeChangeStart', NProgress.start)
Router.events.on('routeChangeError', NProgress.done)
Router.events.on('routeChangeComplete', url => {
setTimeout(() => window.analytics.page(url), 0)
NProgress.done()
})
// Bugsnag
const ErrorBoundary = bugsnagClient.getPlugin('react')
class NextApp extends App {
static async getInitialProps({ Component, ctx }) {
let pageProps = {}
if (Component.getInitialProps) {
pageProps = await Component.getInitialProps(ctx)
} else if (Component.isMDXComponent) {
// fix for https://github.com/mdx-js/mdx/issues/382
const mdxLayoutComponent = Component({}).props.originalType
if (mdxLayoutComponent.getInitialProps) {
pageProps = await mdxLayoutComponent.getInitialProps(ctx)
}
}
return { pageProps, path: ctx.asPath }
}
render() {
const { Component, pageProps, path } = this.props
return (
<ErrorBoundary FallbackComponent={Error}>
<DefaultHeadTags />
<MegaNav product="Vault" />
<ProductSubnav
links={subnavLinks}
currentPath={path}
rootUrl="vaultproject.io"
/>
<Component {...pageProps} />
<Footer openConsentManager={open} />
<ConsentManager {...consentManagerConfig} />
</ErrorBoundary>
)
}
}
export default NextApp

28
website/pages/_document.js Normal file
View File

@@ -0,0 +1,28 @@
import Document, { Head, Main, NextScript } from 'next/document'
export default class MyDocument extends Document {
static async getInitialProps(ctx) {
const initialProps = await Document.getInitialProps(ctx)
return { ...initialProps }
}
render() {
return (
<html>
<Head>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" type="text/css" href="/css/nprogress.css" />
</Head>
<body>
<Main />
<NextScript />
<script
dangerouslySetInnerHTML={{
__html: `window.MSInputMethodContext && document.documentMode && document.write('<script src="/ie-custom-properties.js"><\\x2fscript>');`
}}
/>
</body>
</html>
)
}
}

13
website/pages/_error.jsx Normal file
View File

@@ -0,0 +1,13 @@
import React from 'react'
import ErrorPage from 'next/error'
import bugsnagClient from '../lib/bugsnag'
export default class Page extends React.Component {
static async getInitialProps(ctx) {
if (ctx.err) bugsnagClient.notify(ctx.err)
return ErrorPage.getInitialProps(ctx)
}
render() {
return <ErrorPage statusCode={this.props.statusCode || '¯\\_(ツ)_/¯'} />
}
}

44
website/source/api/auth/alicloud/index.html.md.erb → website/pages/api-docs/auth/alicloud/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AliCloud - Auth Methods - HTTP API"
sidebar_title: "AliCloud"
sidebar_current: "api-http-auth-alicloud"
description: |-
This is the API documentation for the Vault AliCloud auth method.
layout: api
page_title: AliCloud - Auth Methods - HTTP API
sidebar_title: AliCloud
description: This is the API documentation for the Vault AliCloud auth method.
---
# AliCloud Auth Method (API)
@@ -23,7 +21,7 @@ Registers a role. Only entities using the role registered using this endpoint
will be able to perform the login operation.
| Method | Path |
| :------------------------------- | :--------------------- |
| :----- | :-------------------------- |
| `POST` | `/auth/alicloud/role/:role` |
### Parameters
@@ -31,17 +29,14 @@ will be able to perform the login operation.
- `role` `(string: <required>)` - Name of the role. Must correspond with the name of the role reflected in the arn.
- `arn` `(string: <required>)` - The role's arn.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"arn": "acs:ram::5138828231865461:role/dev-role",
"policies": [
"dev",
"prod"
]
"policies": ["dev", "prod"]
}
```
@@ -60,7 +55,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------- |
| `GET` | `/auth/alicloud/role/:role` |
### Parameters
@@ -81,11 +76,7 @@ $ curl \
{
"data": {
"arn": "acs:ram::5138828231865461:role/dev-role",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"ttl": 1800000,
"max_ttl": 1800000,
"period": 0
@@ -98,7 +89,7 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `LIST` | `/auth/alicloud/roles` |
### Sample Request
@@ -115,10 +106,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@@ -128,7 +116,7 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :------------------------------- | :--------------------- |
| :------- | :-------------------------- |
| `DELETE` | `/auth/alicloud/role/:role` |
### Parameters
@@ -150,7 +138,7 @@ Fetch a token. This endpoint verifies the signature of the signed
GetCallerIdentity request.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `POST` | `/auth/alicloud/login` |
### Parameters
@@ -164,7 +152,6 @@ GetCallerIdentity request.
string value or an array of string values (though the length of that array
will probably only be one).
### Sample Payload
```json
@@ -206,10 +193,7 @@ $ curl \
"request_id": "D6E46F10-F26C-4AA0-BB69-FE2743D9AE62",
"role_name": "dev-role"
},
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}

10
website/source/api/auth/app-id/index.html.md → website/pages/api-docs/auth/app-id/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AppID - Auth Methods - HTTP API"
sidebar_title: "App ID <sup>DEPRECATED</sup>"
sidebar_current: "api-http-auth-appid"
description: |-
This is the API documentation for the Vault App ID auth method.
layout: api
page_title: AppID - Auth Methods - HTTP API
sidebar_title: App ID <sup>DEPRECATED</sup>
description: This is the API documentation for the Vault App ID auth method.
---
# AppID Auth Method (API)

62
website/source/api/auth/approle/index.html.md.erb → website/pages/api-docs/auth/approle/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AppRole - Auth Methods - HTTP API"
sidebar_title: "AppRole"
sidebar_current: "api-http-auth-approle"
description: |-
This is the API documentation for the Vault AppRole auth method.
layout: api
page_title: AppRole - Auth Methods - HTTP API
sidebar_title: AppRole
description: This is the API documentation for the Vault AppRole auth method.
---
# AppRole Auth Method (API)
@@ -22,7 +20,7 @@ please update your API calls accordingly.
This endpoint returns a list the existing AppRoles in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------- |
| `LIST` | `/auth/approle/role` |
### Sample Request
@@ -42,11 +40,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"dev",
"prod",
"test"
]
"keys": ["dev", "prod", "test"]
},
"lease_duration": 0,
"renewable": false,
@@ -62,7 +56,7 @@ constraints enabled on the role. It is required to have at least one of them
enabled while creating or updating a role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------------ |
| `POST` | `/auth/approle/role/:role_name` |
### Parameters
@@ -83,7 +77,7 @@ enabled while creating or updating a role.
using this role will be cluster local. This can only be set during role
creation and once set, it can't be reset later.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -91,9 +85,7 @@ enabled while creating or updating a role.
{
"token_ttl": "10m",
"token_max_ttl": "15m",
"token_policies": [
"default"
],
"token_policies": ["default"],
"period": 0,
"bind_secret_id": true
}
@@ -114,7 +106,7 @@ $ curl \
Reads the properties of an existing AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------------ |
| `GET` | `/auth/approle/role/:role_name` |
### Parameters
@@ -141,9 +133,7 @@ $ curl \
"token_max_ttl": 1800,
"secret_id_ttl": 600,
"secret_id_num_uses": 40,
"token_policies": [
"default"
],
"token_policies": ["default"],
"period": 0,
"bind_secret_id": true,
"bound_cidr_list": []
@@ -159,7 +149,7 @@ $ curl \
Deletes an existing AppRole from the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :------------------------------ |
| `DELETE` | `/auth/approle/role/:role_name` |
### Parameters
@@ -180,7 +170,7 @@ $ curl \
Reads the RoleID of an existing AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------------- |
| `GET` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@@ -216,7 +206,7 @@ $ curl \
Updates the RoleID of an existing AppRole to a custom value.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/role-id` |
### Parameters
@@ -266,7 +256,7 @@ be used to read the properties of the SecretID without divulging the SecretID
itself, and also to delete the SecretID from the AppRole.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
@@ -325,7 +315,7 @@ Lists the accessors of all the SecretIDs issued against the AppRole.
This includes the accessors for "custom" SecretIDs as well.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `LIST` | `/auth/approle/role/:role_name/secret-id` |
### Parameters
@@ -368,7 +358,7 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id/lookup` |
### Parameters
@@ -399,7 +389,7 @@ $ curl \
Destroy an AppRole secret ID.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------------------------------ |
| `POST` | `/auth/approle/role/:role_name/secret-id/destroy` |
### Parameters
@@ -430,7 +420,7 @@ $ curl \
Reads out the properties of a SecretID.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/lookup` |
### Parameters
@@ -461,7 +451,7 @@ $ curl \
Destroy an AppRole secret ID by its accessor.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/secret-id-accessor/destroy` |
### Parameters
@@ -493,7 +483,7 @@ Assigns a "custom" SecretID against an existing AppRole. This is used in the
"Push" model of operation.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------------------------------- |
| `POST` | `/auth/approle/role/:role_name/custom-secret-id` |
### Parameters
@@ -555,7 +545,7 @@ required; if `bind_secret_id` is enabled (the default) on the AppRole,
AppRole (such as client IP CIDR) are also evaluated.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------- |
| `POST` | `/auth/approle/login` |
### Parameters
@@ -589,9 +579,7 @@ $ curl \
"renewable": true,
"lease_duration": 1200,
"metadata": null,
"token_policies": [
"default"
],
"token_policies": ["default"],
"accessor": "fd6c9a00-d2dc-3b11-0be5-af7ae0e1d374",
"client_token": "5b1a0318-679c-9c45-e5c6-d1b9a9035d49"
},
@@ -612,7 +600,7 @@ endpoint directly. The endpoints for each field is provided separately
to be able to delegate specific endpoints using Vault's ACL system.
| Method | Path |
| :--------------------------- | :--------------------- |
| :---------------- | :---------------------------------------------------- |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/policies` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-num-uses` | `200/204` |
| `GET/POST/DELETE` | `/auth/approle/role/:role_name/secret-id-ttl` | `200/204` |
@@ -633,7 +621,7 @@ notes or support personnel suggest it. This may perform a lot of I/O to the
storage method so should be used sparingly.
| Method | Path |
| :------------------------------ | :--------------------- |
| :----- | :----------------------------- |
| `POST` | `/auth/approle/tidy/secret-id` |
### Sample Request

126
website/source/api/auth/aws/index.html.md.erb → website/pages/api-docs/auth/aws/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "AWS - Auth Methods - HTTP API"
sidebar_title: "AWS"
sidebar_current: "api-http-auth-aws"
description: |-
This is the API documentation for the Vault AWS auth method.
layout: api
page_title: AWS - Auth Methods - HTTP API
sidebar_title: AWS
description: This is the API documentation for the Vault AWS auth method.
---
# AWS Auth Method (API)
@@ -31,7 +29,7 @@ method is configured on an EC2 instance with metadata querying
capabilities, the credentials are fetched automatically.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `POST` | `/auth/aws/config/client` |
### Parameters
@@ -93,7 +91,7 @@ $ curl \
Returns the previously configured AWS access credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `GET` | `/auth/aws/config/client` |
### Sample Request
@@ -124,7 +122,7 @@ $ curl \
Deletes the previously configured AWS access credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :------------------------ |
| `DELETE` | `/auth/aws/config/client` |
### Sample Request
@@ -143,7 +141,7 @@ This configures the way that Vault interacts with the
1.0.3) is `role_id` for both values.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------- |
| `POST` | `/auth/aws/config/identity` |
### Parameters
@@ -191,9 +189,8 @@ $ curl \
Returns the previously configured Identity integration configuration
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------- |
| `GET` | `/auth/aws/config/identity` |
### Sample Request
@@ -223,7 +220,7 @@ keys for each type varies respectively. Indicate the type of the public key
using the "type" parameter.
| Method | Path |
| :------------------------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `POST` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@@ -260,7 +257,7 @@ $ curl \
Returns the previously configured AWS public key.
| Method | Path |
| :--------------------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `GET` | `/auth/aws/config/certificate/:cert_name` |
### Parameters
@@ -291,7 +288,7 @@ $ curl \
Removes the previously configured AWS public key.
| Method | Path |
| :---------------------------------------- | :--------------------- |
| :------- | :---------------------------------------- |
| `DELETE` | `/auth/aws/config/certificate/:cert_name` |
### Sample Request
@@ -308,7 +305,7 @@ $ curl \
Lists all the AWS public certificates that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------------ |
| `LIST` | `/auth/aws/config/certificates` |
### Sample Request
@@ -325,9 +322,7 @@ $ curl \
```json
{
"data": {
"keys": [
"cert1"
]
"keys": ["cert1"]
}
}
```
@@ -340,7 +335,7 @@ running.) Vault will use credentials obtained by assuming these STS roles
when validating IAM principals or EC2 instances in the particular AWS account.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------------- |
| `POST` | `/auth/aws/config/sts/:account_id` |
### Parameters
@@ -375,7 +370,7 @@ $ curl \
Returns the previously configured STS role.
| Method | Path |
| :--------------------------------- | :--------------------- |
| :----- | :--------------------------------- |
| `GET` | `/auth/aws/config/sts/:account_id` |
### Parameters
@@ -406,7 +401,7 @@ $ curl \
Lists all the AWS Account IDs for which an STS role is registered.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `LIST` | `/auth/aws/config/sts` |
### Sample Request
@@ -423,10 +418,7 @@ $ curl \
```json
{
"data": {
"keys": [
"111122223333",
"999988887777"
]
"keys": ["111122223333", "999988887777"]
}
}
```
@@ -436,7 +428,7 @@ $ curl \
Deletes a previously configured AWS account/STS role association.
| Method | Path |
| :--------------------------------- | :------------------|
| :------- | :--------------------------------- |
| `DELETE` | `/auth/aws/config/sts/:account_id` |
### Parameters
@@ -458,7 +450,7 @@ $ curl \
Configures the periodic tidying operation of the whitelisted identity entries.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------------------------- |
| `POST` | `/auth/aws/config/tidy/identity-whitelist` |
### Parameters
@@ -492,7 +484,7 @@ $ curl \
Returns the previously configured periodic whitelist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------------------------- |
| `GET` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@@ -519,7 +511,7 @@ $ curl \
Deletes the previously configured periodic whitelist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :----------------------------------------- |
| `DELETE` | `/auth/aws/config/tidy/identity-whitelist` |
### Sample Request
@@ -536,7 +528,7 @@ $ curl \
Configures the periodic tidying operation of the blacklisted role tag entries.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `POST` | `/auth/aws/config/tidy/roletag-blacklist` |
### Parameters
@@ -570,7 +562,7 @@ $ curl \
Returns the previously configured periodic blacklist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------------- |
| `GET` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@@ -597,7 +589,7 @@ $ curl \
Deletes the previously configured periodic blacklist tidying settings.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :---------------------------------------- |
| `DELETE` | `/auth/aws/config/tidy/roletag-blacklist` |
### Sample Request
@@ -624,7 +616,7 @@ of values, the authenticating instance/principal must match any one value in the
list in order to satisfy that constraint.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `POST` | `/auth/aws/role/:role` |
### Parameters
@@ -703,7 +695,7 @@ list in order to satisfy that constraint.
"arn:aws:iam::123456789012:role/\*" will match all roles in the AWS account.
This is a comma-separated string or JSON array.
- `inferred_entity_type` `(string: "")` - When set, instructs Vault to turn on
inferencing. The only current valid value is "ec2\_instance" instructing Vault
inferencing. The only current valid value is "ec2_instance" instructing Vault
to infer that the role comes from an EC2 instance in an IAM instance profile.
This only applies to the iam auth method. If you set this on an existing role
where it had not previously been set, tokens that had been created prior will
@@ -760,7 +752,7 @@ list in order to satisfy that constraint.
This only applies to authentications via the ec2 auth method. This is mutually
exclusive with `allow_instance_migration`.
<%=partial("partials/tokenfields")%>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -769,11 +761,7 @@ list in order to satisfy that constraint.
"bound_ami_id": ["ami-fce36987"],
"bound_ec2_instance_id": ["i-12345678901234567"],
"role_tag": "",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"disallow_reauthentication": false,
"allow_instance_migration": false
@@ -795,7 +783,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `GET` | `/auth/aws/role/:role` |
### Parameters
@@ -817,11 +805,7 @@ $ curl \
"data": {
"bound_ami_id": ["ami-fce36987"],
"role_tag": "",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"disallow_reauthentication": false,
"allow_instance_migration": false
@@ -834,7 +818,7 @@ $ curl \
Lists all the roles that are registered with the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------- |
| `LIST` | `/auth/aws/roles` |
### Sample Request
@@ -851,10 +835,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@@ -864,7 +845,7 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :--------------------- |
| `DELETE` | `/auth/aws/role/:role` |
### Parameters
@@ -898,7 +879,7 @@ capabilities, the role should never provide more capabilities than any
given instance can be allowed to gain in a worst-case scenario.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------- |
| `POST` | `/auth/aws/role/:role/tag` |
### Parameters
@@ -962,7 +943,7 @@ auth method, as an alternative to pkcs7 signature, the identity document
along with its RSA digest can be supplied to this endpoint.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------- |
| `POST` | `/auth/aws/login` |
### Sample Payload
@@ -981,7 +962,7 @@ along with its RSA digest can be supplied to this endpoint.
the instance identity document. This needs to be supplied along with
`identity` parameter when using the ec2 auth method.
- `pkcs7` `(string: <required-ec2>)` - PKCS7 signature of the identity document with
all `\n` characters removed. Either this needs to be set *OR* both `identity`
all `\n` characters removed. Either this needs to be set _OR_ both `identity`
and `signature` need to be set when using the ec2 auth method.
- `nonce` `(string: "")` - The nonce to be used for subsequent login requests.
If this parameter is not specified at all and if reauthentication is allowed,
@@ -1017,7 +998,6 @@ along with its RSA digest can be supplied to this endpoint.
its value must match the value configured, and the header must be included in
the signed headers. This is required when using the iam auth method.
### Sample Payload
```json
@@ -1047,10 +1027,7 @@ $ curl \
"role": "dev-role",
"auth_type": "ec2"
},
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}
@@ -1066,7 +1043,7 @@ placing the tag in the blacklist does not invalidate the already issued
token.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------------- |
| `POST` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@@ -1089,7 +1066,7 @@ $ curl \
Returns the blacklist entry of a previously blacklisted role tag.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------------- |
| `GET` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@@ -1106,7 +1083,6 @@ $ curl \
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
```
### Sample Response
```json
@@ -1123,7 +1099,7 @@ $ curl \
Lists all the role tags that are blacklisted.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------- |
| `LIST` | `/auth/aws/roletag-blacklist` |
### Sample Request
@@ -1152,7 +1128,7 @@ $ curl \
Deletes a blacklisted role tag.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :-------------------------------------- |
| `DELETE` | `/auth/aws/roletag-blacklist/:role_tag` |
### Parameters
@@ -1161,7 +1137,6 @@ Deletes a blacklisted role tag.
supplied as-is. In order to avoid any encoding problems, it can be base64
encoded.
### Sample Request
```
@@ -1177,7 +1152,7 @@ Cleans up the entries in the blacklist based on expiration time on the entry and
`safety_buffer`.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------------- |
| `POST` | `/auth/aws/tidy/roletag-blacklist` |
### Parameters
@@ -1201,7 +1176,7 @@ Returns an entry in the whitelist. An entry will be created/updated by every
successful login.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------------------------ |
| `GET` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@@ -1218,7 +1193,6 @@ $ curl \
http://127.0.0.1:8200/v1/auth/aws/identity-whitelist/i-aab47d37
```
### Sample Response
```json
@@ -1235,10 +1209,10 @@ $ curl \
## List Identity Whitelist Entries
Lists all the instance IDs that are in the whitelist of successful logins.
Lists all the instance IDs that are in the whitelist of successful logins.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------------- |
| `LIST` | `/auth/aws/identity-whitelist` |
### Sample Request
@@ -1255,9 +1229,7 @@ $ curl \
```json
{
"data": {
"keys": [
"i-aab47d37"
]
"keys": ["i-aab47d37"]
}
}
```
@@ -1267,7 +1239,7 @@ $ curl \
Deletes a cache of the successful login from an instance.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :------------------------------------------ |
| `DELETE` | `/auth/aws/identity-whitelist/:instance_id` |
### Parameters
@@ -1291,7 +1263,7 @@ Cleans up the entries in the whitelist based on expiration time and
`safety_buffer`.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------- |
| `POST` | `/auth/aws/tidy/identity-whitelist` |
### Parameters

38
website/source/api/auth/azure/index.html.md.erb → website/pages/api-docs/auth/azure/index.mdx
View File

@@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Azure - Auth Methods - HTTP API"
sidebar_title: "Azure"
sidebar_current: "api-http-auth-azure"
layout: api
page_title: Azure - Auth Methods - HTTP API
sidebar_title: Azure
description: |-
This is the API documentation for the Vault Azure authentication
method plugin.
@@ -25,7 +24,7 @@ to Azure. These credentials will be used to query the metadata about the
virtual machine.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------- |
| `POST` | `/auth/azure/config` |
### Parameters
@@ -62,7 +61,7 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------- |
| `GET` | `/auth/azure/config` |
### Sample Request
@@ -93,7 +92,7 @@ $ curl \
Deletes the previously configured Azure config and credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :------------------- |
| `DELETE` | `/auth/azure/config` |
### Sample Request
@@ -113,10 +112,11 @@ to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------- |
| `POST` | `/auth/azure/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `bound_service_principal_ids` `(array: [])` - The list of Service Principal IDs
that login is restricted to.
@@ -130,24 +130,16 @@ entities attempting to login.
- `bound_scale_sets` `(array: [])` - The list of scale set names that the
login is restricted to.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"token_policies": [
"default",
"dev",
"prod"
],
"token_policies": ["default", "dev", "prod"],
"max_ttl": 1800000,
"max_jwt_exp": 10000,
"bound_resource_groups": [
"vault-dev",
"vault-staging",
"vault-prod"
]
"bound_resource_groups": ["vault-dev", "vault-staging", "vault-prod"]
}
```
@@ -166,7 +158,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------- |
| `GET` | `/auth/azure/role/:name` |
### Parameters
@@ -209,7 +201,7 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `LIST` | `/auth/azure/role` |
### Sample Request
@@ -240,7 +232,7 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :----------------------- |
| `DELETE` | `/auth/azure/role/:name` |
### Parameters
@@ -263,7 +255,7 @@ a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------ |
| `POST` | `/auth/azure/login` |
### Sample Payload

58
website/source/api/auth/cert/index.html.md.erb → website/pages/api-docs/auth/cert/index.mdx
View File

@@ -1,8 +1,7 @@
---
layout: "api"
page_title: "TLS Certificate - Auth Methods - HTTP API"
sidebar_title: "TLS Certificates"
sidebar_current: "api-http-auth-cert"
layout: api
page_title: TLS Certificate - Auth Methods - HTTP API
sidebar_title: TLS Certificates
description: |-
This is the API documentation for the Vault TLS Certificate authentication
method.
@@ -23,7 +22,7 @@ location, please update your API calls accordingly.
Sets a CA cert and associated parameters in a role name.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------- |
| `POST` | `/auth/cert/certs/:name` |
### Parameters
@@ -32,34 +31,28 @@ Sets a CA cert and associated parameters in a role name.
- `certificate` `(string: <required>)` - The PEM-format CA certificate.
- `allowed_names` `(string: "")` - DEPRECATED: Please use the individual
`allowed_X_sans` parameters instead. Constrain the Common and Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one Name
matching at least one pattern. If not set, defaults to allowing all names.
- `allowed_common_names` `(string: "" or array: [])` - Constrain the Common
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one Name
matching at least one pattern. If not set, defaults to allowing all names.
- `allowed_dns_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one DNS
matching at least one pattern. If not set, defaults to allowing all dns.
- `allowed_email_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of patterns. Authentication requires at least one
Email matching at least one pattern. If not set, defaults to allowing all
emails.
- `allowed_uri_sans` `(string: "" or array: [])` - Constrain the Alternative
Names in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Names in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of URI patterns. Authentication requires at least one
URI matching at least one pattern. If not set, defaults to allowing all URIs.
- `allowed_organizational_units` `(string: "" or array: [])` - Constrain the
Organizational Units (OU) in the client certificate with a [globbed pattern]
(https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
Organizational Units (OU) in the client certificate with a [globbed pattern](https://github.com/ryanuber/go-glob/blob/master/README.md#example). Value is
a comma-separated list of OU patterns. Authentication requires at least one
OU matching at least one pattern. If not set, defaults to allowing all OUs.
- `required_extensions` `(string: "" or array: [])` - Require specific Custom
@@ -71,7 +64,7 @@ Sets a CA cert and associated parameters in a role name.
when authenticating against this CA certificate. If not set, defaults to the
name of the role.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -98,7 +91,7 @@ $ curl \
Gets information associated with the named role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------- |
| `GET` | `/auth/cert/certs/:name` |
### Parameters
@@ -140,7 +133,7 @@ $ curl \
Lists configured certificate names.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `LIST` | `/auth/cert/certs` |
### Sample Request
@@ -160,10 +153,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"cert1",
"cert2"
]
"keys": ["cert1", "cert2"]
},
"lease_duration": 0,
"renewable": false,
@@ -176,7 +166,7 @@ $ curl \
Deletes the named role and CA cert from the method mount.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :----------------------- |
| `DELETE` | `/auth/cert/certs/:name` |
### Parameters
@@ -197,10 +187,9 @@ $ curl \
Sets a named CRL.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------- |
| `POST` | `/auth/cert/crls/:name` |
### Parameters
- `name` `(string: <required>)` - The name of the CRL.
@@ -231,7 +220,7 @@ numbers contained within). As the serials can be integers up to an
arbitrary size, these are returned as strings.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------- |
| `GET` | `/auth/cert/crls/:name` |
### Parameters
@@ -268,7 +257,7 @@ $ curl \
Deletes the named CRL from the auth method mount.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :---------------------- |
| `DELETE` | `/auth/cert/crls/:name` |
### Parameters
@@ -289,7 +278,7 @@ $ curl \
Configuration options for the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------ |
| `POST` | `/auth/cert/config` |
### Parameters
@@ -326,7 +315,7 @@ and must be duplicated as a DNS SAN (see
https://tools.ietf.org/html/rfc6125#section-2.3)
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `POST` | `/auth/cert/login` |
### Parameters
@@ -360,12 +349,9 @@ $ curl \
{
"auth": {
"client_token": "cf95f87d-f95b-47ff-b1f5-ba7bff850425",
"policies": [
"web",
"stage"
],
"policies": ["web", "stage"],
"lease_duration": 3600,
"renewable": true,
"renewable": true
}
}
```

110
website/source/api/auth/cf/index.html.md.erb → website/pages/api-docs/auth/cf/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Cloud Foundry - Auth Methods - HTTP API"
sidebar_title: "Cloud Foundry"
sidebar_current: "api-http-auth-cf"
description: |-
This is the API documentation for the Vault Cloud Foundry auth method.
layout: api
page_title: Cloud Foundry - Auth Methods - HTTP API
sidebar_title: Cloud Foundry
description: This is the API documentation for the Vault Cloud Foundry auth method.
---
# Pivotal Cloud Foundry (CF) Auth Method (API)
@@ -25,38 +23,42 @@ on how to obtain these values, please see the [Vault CF method
documentation](/docs/auth/cf.html).
| Method | Path |
| :--------|---------------------- |
| :----- | ----------------- |
| `POST` | `/auth/cf/config` |
### Parameters
- `identity_ca_certificates` `(array: [], required)` - The root CA certificate(s)
to be used for verifying that the `CF_INSTANCE_CERT` presented for logging in was
issued by the proper authority.
to be used for verifying that the `CF_INSTANCE_CERT` presented for logging in was
issued by the proper authority.
- `cf_api_addr` `(string: required)`: CF's full API address, to be used for verifying
that a given `CF_INSTANCE_CERT` shows an application ID, space ID, and organization ID
that presently exist.
that a given `CF_INSTANCE_CERT` shows an application ID, space ID, and organization ID
that presently exist.
- `cf_username` `(string: required)`: The username for authenticating to the CF API.
- `cf_password` `(string: required)`: The password for authenticating to the CF API.
- `cf_api_trusted_certificates` `(array: [])`: The certificate that's presented by the
CF API. This configures Vault to trust this certificate when making API calls, resolving
`x509: certificate signed by unknown authority` errors.
CF API. This configures Vault to trust this certificate when making API calls, resolving
`x509: certificate signed by unknown authority` errors.
- `login_max_seconds_not_before` `(int: 300)`: The maximum number of seconds in the past when a
signature could have been created. The lower the value, the lower the risk of replay
attacks.
signature could have been created. The lower the value, the lower the risk of replay
attacks.
- `login_max_seconds_not_after` `(int: 60)`: In case of clock drift, the maximum number of
seconds in the future when a signature could have been created. The lower the value,
the lower the risk of replay attacks.
seconds in the future when a signature could have been created. The lower the value,
the lower the risk of replay attacks.
### Sample Payload
```json
{
"identity_ca_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"identity_ca_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"cf_api_addr": "https://api.sys.somewhere.cf-app.com",
"cf_username": "vault",
"cf_password": "pa55w0rd",
"cf_api_trusted_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"cf_api_trusted_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"login_max_seconds_not_before": 5,
"login_max_seconds_not_after": 1
}
@@ -77,7 +79,7 @@ $ curl \
Returns the present CF configuration.
| Method | Path |
| :--------|---------------------- |
| :----- | ----------------- |
| `GET` | `/auth/cf/config` |
### Sample Request
@@ -92,10 +94,14 @@ $ curl \
```json
{
"identity_ca_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"identity_ca_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"cf_api_addr": "https://api.sys.somewhere.cf-app.com",
"cf_username": "vault",
"cf_api_trusted_certificates": ["-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"],
"cf_api_trusted_certificates": [
"-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----"
],
"login_max_seconds_not_before": 5,
"login_max_seconds_not_after": 1
}
@@ -106,7 +112,7 @@ $ curl \
Deletes the present CF configuration.
| Method | Path |
| :--------|---------------------- |
| :------- | ----------------- |
| `DELETE` | `/auth/cf/config` |
### Sample Request
@@ -129,29 +135,29 @@ If you list no `bound` parameters, then any entity with a valid
will be able to authenticate against this role.
| Method | Path |
| :--------|----------------------- |
| `POST` | `/auth/cf/roles/:role`|
| :----- | ---------------------- |
| `POST` | `/auth/cf/roles/:role` |
### Parameters
- `role` `(string: required)` - The name of the role.
- `bound_application_ids` `(array: [])` - An optional list of application IDs
an instance must be a member of to qualify as a member of this role.
an instance must be a member of to qualify as a member of this role.
- `bound_space_ids` `(array: [])` - An optional list of space IDs
an instance must be a member of to qualify as a member of this role.
an instance must be a member of to qualify as a member of this role.
- `bound_organization_ids` `(array: [])` - An optional list of organization IDs
an instance must be a member of to qualify as a member of this role.
an instance must be a member of to qualify as a member of this role.
- `bound_instance_ids` `(array: [])` - An optional list of instance IDs
an instance must be a member of to qualify as a member of this role. Please note that
every time you use `cf push` on an app, its instance ID changes. Also, instance IDs
are not verifiable as being presently alive using the CF API. Thus, we recommend against
using this setting for most use cases.
an instance must be a member of to qualify as a member of this role. Please note that
every time you use `cf push` on an app, its instance ID changes. Also, instance IDs
are not verifiable as being presently alive using the CF API. Thus, we recommend against
using this setting for most use cases.
- `disable_ip_matching` `(bool: false)` - If set to true, disables the default behavior
that logging in must be performed from an acceptable IP address described by the
certificate presented. Should only be set to true if required, generally when a proxy
is used to perform logins.
that logging in must be performed from an acceptable IP address described by the
certificate presented. Should only be set to true if required, generally when a proxy
is used to perform logins.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -184,8 +190,8 @@ $ curl \
Returns a CF role.
| Method | Path |
| :--------|----------------------- |
| `GET` | `/auth/cf/roles/:role`|
| :----- | ---------------------- |
| `GET` | `/auth/cf/roles/:role` |
### Sample Request
@@ -216,8 +222,8 @@ $ curl \
Deletes a CF role.
| Method | Path |
| :--------|----------------------- |
| `DELETE` | `/auth/cf/roles/:role`|
| :------- | ---------------------- |
| `DELETE` | `/auth/cf/roles/:role` |
### Sample Request
@@ -233,7 +239,7 @@ $ curl \
Returns a CF role.
| Method | Path |
| :--------|----------------------- |
| :----- | ---------------- |
| `LIST` | `/auth/cf/roles` |
### Sample Request
@@ -250,10 +256,7 @@ $ curl \
```json
{
"data": {
"keys": [
"role1",
"role2"
]
"keys": ["role1", "role2"]
}
}
```
@@ -270,30 +273,33 @@ a command-line tool (`generate-signature`) that can be compiled as a binary for
and a test that outputs steps in generating the signature so they can be duplicated.
However, at a high level, these are the steps for generating a signature:
- Get and format the current time, ex. `2006-01-02T15:04:05Z`.
- Get the full body of the file located at `CF_INSTANCE_CERT`.
- Get the name of the role.
- Concatenate them together in the above order, with no extra string used for joining them.
- Create a SHA256 checksum of the resulting string (`checksum` below).
- Sign the string using the key located at `CF_INSTANCE_KEY`. In Go, this is performed using
the following line of code which you can more deeply inspect:
the following line of code which you can more deeply inspect:
```
rsa.SignPSS(rand.Reader, rsaPrivateKey, crypto.SHA256, checksum, nil)
```
- Convert the signature to a string.
| Method | Path |
| :--------|----------------------- |
| :----- | ---------------- |
| `POST` | `/auth/cf/login` |
### Parameters
- `role` `(string: required)` - The name of the role.
- `cf_instance_cert` `(string: required)` - The full body of the file available at
the path denoted by `CF_INSTANCE_CERT`.
the path denoted by `CF_INSTANCE_CERT`.
- `signing_time` `(string: required)` - The date and time used to construct the signature.
- `signature` `(string: required)` - The signature generated by the algorithm described
above using the `CF_INSTANCE_KEY`.
above using the `CF_INSTANCE_KEY`.
### Sample Payload
@@ -317,15 +323,13 @@ $ curl \
```
### Sample Response
```json
{
"auth": {
"renewable": true,
"lease_duration": 1800000,
"policies": [
"default",
"dev"
],
"policies": ["default", "dev"],
"accessor": "20b89871-e6f2-1160-fb29-31c2f6d4645e",
"client_token": "c9368254-3f21-aded-8a6f-7c818e81b17a"
}

82
website/source/api/auth/gcp/index.html.md.erb → website/pages/api-docs/auth/gcp/index.mdx
View File

@@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Google Cloud - Auth Methods - HTTP API"
sidebar_title: "Google Cloud"
sidebar_current: "api-http-auth-gcp"
layout: api
page_title: Google Cloud - Auth Methods - HTTP API
sidebar_title: Google Cloud
description: |-
This is the API documentation for the Vault Google Cloud authentication
method.
@@ -26,7 +25,7 @@ entities and get service account or other Google public certificates
to confirm signed JWTs passed in during login.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `POST` | `/auth/gcp/config` |
### Parameters
@@ -68,7 +67,7 @@ $ curl \
Returns the configuration, if any, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `GET` | `/auth/gcp/config` |
### Sample Request
@@ -88,7 +87,7 @@ $ curl \
"client_id": "123456789101112131415",
"private_key_id": "97fd7ba59a96e1f3830296aedb4f50879e4d5382",
"project_id": "project-123456"
},
}
}
```
@@ -100,7 +99,7 @@ to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `POST` | `/auth/gcp/role/:name` |
### Parameters
@@ -126,7 +125,7 @@ entities attempting to login.
for the entities project and all its folder or organization ancestors. This
requires Vault to have IAM permission `resourcemanager.projects.get`.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
#### `iam`-only Parameters
@@ -177,9 +176,7 @@ Example `iam` role:
"ttl": "30m",
"max_ttl": "24h",
"max_jwt_exp": "5m",
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
]
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"]
}
```
@@ -193,9 +190,7 @@ Example `gce` role:
"bound_zones": ["us-east1-b", "eu-west2-a"],
"ttl": "30m",
"max_ttl": "24h",
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
]
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"]
}
```
@@ -216,7 +211,7 @@ This allows you to add or remove service accounts from the list of
service accounts on the role.
| Method | Path |
| :---------------------------------------| :------------------|
| :----- | :-------------------------------------- |
| `POST` | `/auth/gcp/role/:name/service-accounts` |
### Parameters
@@ -234,13 +229,8 @@ service accounts on the role.
```json
{
"add": [
"dev-1@project-123456.iam.gserviceaccount.com",
"123456789"
],
"remove": [
"dev-2@project-123456.iam.gserviceaccount.com"
]
"add": ["dev-1@project-123456.iam.gserviceaccount.com", "123456789"],
"remove": ["dev-2@project-123456.iam.gserviceaccount.com"]
}
```
@@ -260,7 +250,7 @@ Edit labels for an existing GCE role in the backend. This allows you to add or
remove labels (keys, values, or both) from the list of keys on the role.
| Method | Path |
| :---------------------------------------| :------------------|
| :----- | :---------------------------- |
| `POST` | `/auth/gcp/role/:name/labels` |
### Parameters
@@ -279,15 +269,8 @@ remove labels (keys, values, or both) from the list of keys on the role.
```json
{
"add": [
"foo:bar",
"env:dev",
"key:value"
],
"remove": [
"key1",
"key2"
]
"add": ["foo:bar", "env:dev", "key:value"],
"remove": ["key1", "key2"]
}
```
@@ -306,7 +289,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `GET` | `/auth/gcp/role/:name` |
### Parameters
@@ -331,17 +314,10 @@ $ curl \
"foo": "bar",
"key": "value"
},
"bound_service_accounts": [
"dev-1@project-123456.iam.gserviceaccount.com"
],
"bound_zones": [
"eu-west2-a",
"us-east1-b"
],
"bound_service_accounts": ["dev-1@project-123456.iam.gserviceaccount.com"],
"bound_zones": ["eu-west2-a", "us-east1-b"],
"max_ttl": 86400,
"policies": [
"prod"
],
"policies": ["prod"],
"project_id": "project-123456",
"type": "gce",
"ttl": 1800
@@ -354,7 +330,7 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------- |
| `LIST` | `/auth/gcp/roles` |
### Sample Request
@@ -371,10 +347,7 @@ $ curl \
```json
{
"data": {
"keys": [
"my-role",
"my-other-role"
]
"keys": ["my-role", "my-other-role"]
}
}
```
@@ -384,7 +357,7 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :--------------------- |
| `DELETE` | `/auth/gcp/role/:role` |
### Parameters
@@ -408,7 +381,7 @@ Cloud to authenticate that entity and then authorizes the entity for the given
role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------- |
| `POST` | `/auth/gcp/login` |
### Sample Payload
@@ -423,7 +396,6 @@ role.
- For `gce` type roles, this is an [identity metadata token][instance-token].
### Sample Payload
```json
@@ -449,11 +421,7 @@ $ curl \
"auth": {
"client_token": "f33f8c72-924e-11f8-cb43-ac59d697597c",
"accessor": "0e9e354a-520f-df04-6867-ee81cae3d42d",
"policies": [
"default",
"dev",
"prod"
],
"policies": ["default", "dev", "prod"],
"metadata": {
"project_id": "my-project",
"role": "my-role",

30
website/source/api/auth/github/index.html.md.erb → website/pages/api-docs/auth/github/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "GitHub - Auth Methods - HTTP API"
sidebar_title: "GitHub"
sidebar_current: "api-http-auth-github"
description: |-
This is the API documentation for the Vault GitHub auth method.
layout: api
page_title: GitHub - Auth Methods - HTTP API
sidebar_title: GitHub
description: This is the API documentation for the Vault GitHub auth method.
---
# GitHub Auth Method (API)
@@ -23,7 +21,7 @@ Configures the connection parameters for GitHub. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------- |
| `POST` | `/auth/github/config` |
### Parameters
@@ -33,7 +31,7 @@ distinction between the `create` and `update` capabilities inside ACL policies.
- `base_url` `(string: "")` - The API endpoint to use. Useful if you are running
GitHub Enterprise or an API-compatible authentication server.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -58,7 +56,7 @@ $ curl \
Reads the GitHub configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------- |
| `GET` | `/auth/github/config` |
### Sample Request
@@ -92,7 +90,7 @@ $ curl \
Map a list of policies to a team that exists in the configured GitHub organization.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------- |
| `POST` | `/auth/github/map/teams/:team_name` |
### Parameters
@@ -118,13 +116,12 @@ $ curl \
http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```
## Read Team Mapping
Reads the GitHub team policy mapping.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------- |
| `GET` | `/auth/github/map/teams/:team_name` |
### Sample Request
@@ -159,7 +156,7 @@ Map a list of policies to a specific GitHub user exists in the configured
organization.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------- |
| `POST` | `/auth/github/map/users/:user_name` |
### Parameters
@@ -193,7 +190,7 @@ policy **in addition to** any team policies.
Reads the GitHub user policy mapping.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------------- |
| `GET` | `/auth/github/map/users/:user_name` |
### Sample Request
@@ -222,13 +219,12 @@ $ curl \
}
```
## Login
Login using GitHub access token.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------- |
| `POST` | `/auth/github/login` |
### Parameters
@@ -272,4 +268,4 @@ $ curl \
"lease_duration": 7200,
"renewable": true
}
```
```

7
website/source/api/auth/index.html.md → website/pages/api-docs/auth/index.mdx
View File

@@ -1,8 +1,7 @@
---
layout: "api"
page_title: "Auth Methods - HTTP API"
sidebar_title: "Auth Methods"
sidebar_current: "api-http-auth"
layout: api
page_title: Auth Methods - HTTP API
sidebar_title: Auth Methods
description: |-
Each auth method publishes its own set of API paths and methods.
These endpoints are documented in this section.

34
website/source/api/auth/jwt/index.html.md.erb → website/pages/api-docs/auth/jwt/index.mdx
View File

@@ -1,8 +1,7 @@
---
layout: "api"
page_title: "JWT/OIDC - Auth Methods - HTTP API"
sidebar_title: "JWT/OIDC"
sidebar_current: "api-http-auth-jwt-oidc"
layout: api
page_title: JWT/OIDC - Auth Methods - HTTP API
sidebar_title: JWT/OIDC
description: |-
This is the API documentation for the Vault JWT/OIDC authentication
method plugin.
@@ -25,7 +24,7 @@ Configures the validation information to be used globally across all roles. One
set.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `POST` | `/auth/jwt/config` |
### Parameters
@@ -65,7 +64,7 @@ $ curl \
Returns the previously configured config.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `GET` | `/auth/jwt/config` |
### Sample Request
@@ -98,10 +97,11 @@ to the role type must be set on the role. These are applied to the authenticated
entities attempting to login. At least one of the bound values must be set.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `POST` | `/auth/jwt/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `role_type` `(string: <optional>)` - Type of role, either "oidc" (default) or "jwt".
- `bound_audiences` `(array: <optional>)` - List of `aud` claims to match against.
@@ -136,16 +136,13 @@ entities attempting to login. At least one of the bound values must be set.
logging is active. Not recommended in production since sensitive information may be present
in OIDC responses.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"policies": [
"dev",
"prod"
],
"policies": ["dev", "prod"],
"bound_subject": "sl29dlldsfj3uECzsU3Sbmh0F29Fios1@clients",
"bound_audiences": "https://myco.test",
"user_claim": "https://vault/user",
@@ -176,7 +173,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `GET` | `/auth/jwt/role/:name` |
### Parameters
@@ -222,7 +219,7 @@ $ curl \
Lists all the roles that are registered with the plugin.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------- |
| `LIST` | `/auth/jwt/role` |
### Sample Request
@@ -253,7 +250,7 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :--------------------- |
| `DELETE` | `/auth/jwt/role/:name` |
### Parameters
@@ -274,7 +271,7 @@ $ curl \
Obtain an authorization URL from Vault to start an OIDC login flow.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `POST` | `/auth/jwt/oidc/auth_url` |
### Parameters
@@ -317,11 +314,12 @@ $ curl \
```
## OIDC Callback
Exchange an authorization code for an OIDC ID Token. The ID token will be further validated
against any bound claims, and if valid a Vault token will be returned.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `GET` | `/auth/jwt/oidc/callback` |
### Parameters
@@ -366,7 +364,7 @@ a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------- |
| `POST` | `/auth/jwt/login` |
### Parameters

50
website/source/api/auth/kerberos/index.html.md.erb → website/pages/api-docs/auth/kerberos/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Kerberos - Auth Methods - HTTP API"
sidebar_title: "Kerberos"
sidebar_current: "api-http-auth-kerberos"
description: |-
This is the API documentation for the Vault Kerberos auth method plugin.
layout: api
page_title: Kerberos - Auth Methods - HTTP API
sidebar_title: Kerberos
description: This is the API documentation for the Vault Kerberos auth method plugin.
---
# Kerberos Auth Method (API)
@@ -26,16 +24,16 @@ This endpoint configures the keytab and service account to be used by Vault
for verifying inbound SPNEGO tokens.
| Method | Path |
| :------- | :--------------------------- |
| :----- | :---------------------- |
| `POST` | `/auth/kerberos/config` |
- `keytab` `(string: <required>)` A base 64 representation of the contents
of the Kerberos keytab that will be used for verifying inbound SPNEGO tokens.
It should contain an entry matching the service account given. This can be
created through the following command: `$ base64 vault.keytab > vault.keytab.base64`.
of the Kerberos keytab that will be used for verifying inbound SPNEGO tokens.
It should contain an entry matching the service account given. This can be
created through the following command: `$ base64 vault.keytab > vault.keytab.base64`.
- `service_account` `(string: <required>)` The service account associated
with both the keytab entry and an LDAP service account created for Vault. Ex.:
`"vault_svc"`.
with both the keytab entry and an LDAP service account created for Vault. Ex.:
`"vault_svc"`.
### Sample Request
@@ -62,7 +60,7 @@ This endpoint retrieves the service account for the Kerberos auth method.
The keytab is not returned because it is sensitive information.
| Method | Path |
| :------- | :--------------------------- |
| :----- | :---------------------- |
| `GET` | `/auth/kerberos/config` |
### Sample Request
@@ -94,7 +92,7 @@ $ curl \
This endpoint configures LDAP in the Kerberos auth method.
| Method | Path |
| :------- | :--------------------------- |
| :----- | :--------------------------- |
| `POST` | `/auth/kerberos/config/ldap` |
### Parameters
@@ -149,7 +147,7 @@ This endpoint configures LDAP in the Kerberos auth method.
groupfilter queries returning _group_ objects, use: `cn`. For queries
returning _user_ objects, use: `memberOf`. The default is `cn`.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Request
@@ -186,7 +184,7 @@ $ curl \
This endpoint retrieves the LDAP configuration for the Kerberos auth method.
| Method | Path |
| :------- | :--------------------------- |
| :----- | :--------------------------- |
| `GET` | `/auth/kerberos/config/ldap` |
### Sample Request
@@ -233,7 +231,7 @@ $ curl \
This endpoint returns a list of existing LDAP groups in the Kerberos auth method.
| Method | Path |
| :------- | :---------------------- |
| :----- | :---------------------- |
| `LIST` | `/auth/kerberos/groups` |
### Sample Request
@@ -253,10 +251,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"scientists",
"engineers"
]
"keys": ["scientists", "engineers"]
},
"lease_duration": 0,
"renewable": false,
@@ -269,7 +264,7 @@ $ curl \
This endpoint returns the policies associated with a Kerberos LDAP group.
| Method | Path |
| :------- | :----------------------------- |
| :----- | :---------------------------- |
| `GET` | `/auth/kerberos/groups/:name` |
### Parameters
@@ -289,10 +284,7 @@ $ curl \
```json
{
"data": {
"policies": [
"admin",
"default"
]
"policies": ["admin", "default"]
},
"renewable": false,
"lease_id": "",
@@ -306,7 +298,7 @@ $ curl \
This endpoint creates or updates LDAP group policies.
| Method | Path |
| :-------- | :----------------------------- |
| :----- | :---------------------------- |
| `POST` | `/auth/kerberos/groups/:name` |
### Parameters
@@ -338,7 +330,7 @@ $ curl \
This endpoint deletes the LDAP group and policy association.
| Method | Path |
| :------- | :----------------------------- |
| :------- | :---------------------------- |
| `DELETE` | `/auth/kerberos/groups/:name` |
### Parameters
@@ -394,7 +386,7 @@ sWw
```
| Method | Path |
| :------- | :--------------------------- |
| :----- | :--------------------- |
| `POST` | `/auth/kerberos/login` |
### Sample Request

68
website/source/api/auth/kubernetes/index.html.md.erb → website/pages/api-docs/auth/kubernetes/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "Kubernetes - Auth Methods - HTTP API"
sidebar_title: "Kubernetes"
sidebar_current: "api-http-auth-kubernetes"
description: |-
This is the API documentation for the Vault Kubernetes auth method plugin.
layout: api
page_title: Kubernetes - Auth Methods - HTTP API
sidebar_title: Kubernetes
description: This is the API documentation for the Vault Kubernetes auth method plugin.
---
# Kubernetes Auth Method (API)
@@ -25,21 +23,22 @@ public key used to validate the JWT signature and the necessary information to
access the Kubernetes API.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `POST` | `/auth/kubernetes/config` |
### Parameters
- `kubernetes_host` `(string: <required>)` - Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
- `kubernetes_ca_cert` `(string: "")` - PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
- `token_reviewer_jwt` `(string: "")` - A service account JWT used to access the TokenReview
- `kubernetes_host` `(string: <required>)` - Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
- `kubernetes_ca_cert` `(string: "")` - PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
- `token_reviewer_jwt` `(string: "")` - A service account JWT used to access the TokenReview
API to validate other JWTs during login. If not set
the JWT used for login will be used to access the API.
- `pem_keys` `(array: [])` - Optional list of PEM-formatted public keys or certificates
- `pem_keys` `(array: [])` - Optional list of PEM-formatted public keys or certificates
used to verify the signatures of Kubernetes service account
JWTs. If a certificate is given, its public key will be
extracted. Not every installation of Kubernetes exposes these
keys.
- `issuer` `(string: "")` - Optional JWT issuer. If no issuer is specified, then this plugin will
- `issuer` `(string: "")` - Optional JWT issuer. If no issuer is specified, then this plugin will
use `kubernetes.io/serviceaccount` as the default issuer.
### Sample Payload
@@ -67,7 +66,7 @@ $ curl \
Returns the previously configured config, including credentials.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `GET` | `/auth/kubernetes/config` |
### Sample Request
@@ -98,10 +97,11 @@ to the role type must be set on the role. These are applied to the authenticated
entities attempting to login.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/kubernetes/role/:name`|
| :----- | :---------------------------- |
| `POST` | `/auth/kubernetes/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `bound_service_account_names` `(array: <required>)` - List of service account
names able to access this role. If set to "\*" all names are allowed, both this
@@ -111,7 +111,7 @@ entities attempting to login.
this and bound_service_account_names can not be set to "\*".
- `audience` `(string: "")` - Optional Audience claim to verify in the JWT.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
@@ -119,11 +119,8 @@ entities attempting to login.
{
"bound_service_account_names": "vault-auth",
"bound_service_account_namespaces": "default",
"policies": [
"dev",
"prod"
],
"max_ttl": 1800000,
"policies": ["dev", "prod"],
"max_ttl": 1800000
}
```
@@ -136,12 +133,13 @@ $ curl \
--data @payload.json \
http://127.0.0.1:8200/v1/auth/kubernetes/role/dev-role
```
## Read Role
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------------- |
| `GET` | `/auth/kubernetes/role/:name` |
### Parameters
@@ -160,16 +158,13 @@ $ curl \
```json
{
"data":{
"data": {
"bound_service_account_names": "vault-auth",
"bound_service_account_namespaces": "default",
"max_ttl": 1800000,
"ttl":0,
"ttl": 0,
"period": 0,
"policies":[
"dev",
"prod"
]
"policies": ["dev", "prod"]
}
}
```
@@ -179,7 +174,7 @@ $ curl \
Lists all the roles that are registered with the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :-------------------------------- |
| `LIST` | `/auth/kubernetes/role` |
| `GET` | `/auth/kubernetes/role?list=true` |
@@ -197,10 +192,7 @@ $ curl \
```json
{
"data": {
"keys": [
"dev-role",
"prod-role"
]
"keys": ["dev-role", "prod-role"]
}
}
```
@@ -210,8 +202,8 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/kubernetes/role/:role`|
| :------- | :---------------------------- |
| `DELETE` | `/auth/kubernetes/role/:role` |
### Parameters
@@ -233,7 +225,7 @@ a role name for some entity. It verifies the JWT signature to authenticate that
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------------- |
| `POST` | `/auth/kubernetes/login` |
### Sample Payload
@@ -269,9 +261,7 @@ $ curl \
"auth": {
"client_token": "62b858f9-529c-6b26-e0b8-0457b6aacdb4",
"accessor": "afa306d0-be3d-c8d2-b0d7-2676e1c0d9b4",
"policies": [
"default"
],
"policies": ["default"],
"metadata": {
"role": "test",
"service_account_name": "vault-auth",

49
website/source/api/auth/ldap/index.html.md.erb → website/pages/api-docs/auth/ldap/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "LDAP - Auth Methods - HTTP API"
sidebar_title: "LDAP"
sidebar_current: "api-http-auth-ldap"
description: |-
This is the API documentation for the Vault LDAP auth method.
layout: api
page_title: LDAP - Auth Methods - HTTP API
sidebar_title: LDAP
description: This is the API documentation for the Vault LDAP auth method.
---
# LDAP Auth Method (API)
@@ -22,7 +20,7 @@ please update your API calls accordingly.
This endpoint configures the LDAP auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------ |
| `POST` | `/auth/ldap/config` |
### Parameters
@@ -80,7 +78,7 @@ This endpoint configures the LDAP auth method.
groupfilter queries returning _group_ objects, use: `cn`. For queries
returning _user_ objects, use: `memberOf`. The default is `cn`.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Request
@@ -117,7 +115,7 @@ $ curl \
This endpoint retrieves the LDAP configuration for the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------ |
| `GET` | `/auth/ldap/config` |
### Sample Request
@@ -164,7 +162,7 @@ $ curl \
This endpoint returns a list of existing groups in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------ |
| `LIST` | `/auth/ldap/groups` |
### Sample Request
@@ -184,10 +182,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"scientists",
"engineers"
]
"keys": ["scientists", "engineers"]
},
"lease_duration": 0,
"renewable": false,
@@ -200,7 +195,7 @@ $ curl \
This endpoint returns the policies associated with a LDAP group.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `GET` | `/auth/ldap/groups/:name` |
### Parameters
@@ -237,7 +232,7 @@ $ curl \
This endpoint creates or updates LDAP group policies.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------ |
| `POST` | `/auth/ldap/groups/:name` |
### Parameters
@@ -269,7 +264,7 @@ $ curl \
This endpoint deletes the LDAP group and policy association.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :------------------------ |
| `DELETE` | `/auth/ldap/groups/:name` |
### Parameters
@@ -290,7 +285,7 @@ $ curl \
This endpoint returns a list of existing users in the method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `LIST` | `/auth/ldap/users` |
### Sample Request
@@ -310,10 +305,7 @@ $ curl \
"warnings": null,
"wrap_info": null,
"data": {
"keys": [
"mitchellh",
"armon"
]
"keys": ["mitchellh", "armon"]
},
"lease_duration": 0,
"renewable": false,
@@ -326,7 +318,7 @@ $ curl \
This endpoint returns the policies associated with a LDAP user.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------- |
| `GET` | `/auth/ldap/users/:username` |
### Parameters
@@ -364,7 +356,7 @@ $ curl \
This endpoint creates or updates LDAP users policies and group associations.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------- |
| `POST` | `/auth/ldap/users/:username` |
### Parameters
@@ -398,7 +390,7 @@ $ curl \
This endpoint deletes the LDAP user and policy association.
| Method | Path |
| :--------------------------- | :--------------------- |
| :------- | :--------------------------- |
| `DELETE` | `/auth/ldap/users/:username` |
### Parameters
@@ -419,7 +411,7 @@ $ curl \
This endpoint allows you to log in with LDAP credentials
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------------- |
| `POST` | `/auth/ldap/login/:username` |
### Parameters
@@ -454,10 +446,7 @@ $ curl \
"data": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": [
"admins",
"default"
],
"policies": ["admins", "default"],
"metadata": {
"username": "mitchellh"
},

68
website/source/api/auth/oci/index.html.md.erb → website/pages/api-docs/auth/oci/index.mdx
View File

@@ -1,10 +1,8 @@
---
layout: "api"
page_title: "OCI - Auth Methods - HTTP API"
sidebar_title: "OCI"
sidebar_current: "api-http-auth-oci"
description: |-
This is the API documentation for the Vault OCI auth method plugin.
layout: api
page_title: OCI - Auth Methods - HTTP API
sidebar_title: OCI
description: This is the API documentation for the Vault OCI auth method plugin.
---
# OCI Auth Method (API)
@@ -22,11 +20,12 @@ any location, please update your API calls accordingly.
Configure your home tenancy in the Vault, so that only users or instances from your tenancy will be allowed to log into Vault, through the OCI Auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `POST` | `/auth/oci/config` |
### Parameters
- `home_tenancy_id` `(string: <required>)` - The Tenancy OCID of your OCI account.
- `home_tenancy_id` `(string: <required>)` - The Tenancy OCID of your OCI account.
### Sample Payload
@@ -51,7 +50,7 @@ $ curl \
Returns the previously configured config.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :----------------- |
| `GET` | `/auth/oci/config` |
### Sample Request
@@ -66,7 +65,7 @@ $ curl \
```json
{
"data":{
"data": {
"home_tenancy_id": "ocid1.tenancy.oc1..aaaaaaaah7zkvaffv26pzyauoe2zbnionqvhvsexamplee557wakiofi4ysgqq"
}
}
@@ -77,24 +76,22 @@ $ curl \
Create a Vault administrator role in the OCI Auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| `POST` | `/auth/oci/role/:name`|
| :----- | :--------------------- |
| `POST` | `/auth/oci/role/:name` |
### Parameters
- `name` `(string: <required>)` - Name of the role.
- `ocid_list` `(string: <required>)` - A comma separated list of Group or Dynamic Group OCIDs that can take this role.
<%= partial "partials/tokenfields" %>
@include 'partials/tokenfields.mdx'
### Sample Payload
```json
{
"ocid_list": "ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq,ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea",
"token_policies": [
"dev",
"prod"
],
"token_policies": ["dev", "prod"],
"token_ttl": 1800
}
```
@@ -114,7 +111,7 @@ $ curl \
Returns the previously registered role configuration.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :--------------------- |
| `GET` | `/auth/oci/role/:name` |
### Parameters
@@ -133,13 +130,13 @@ $ curl \
```json
{
"data":{
"ocid_list": ["ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq","ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea"],
"data": {
"ocid_list": [
"ocid1.group.oc1..aaaaaaaaiqnblimpvmegkqh3bxilrdvjobr7qd223g275idcqhexamplefq",
"ocid1.dynamicgroup.oc1..aaaaaaaa5hmfyrdaxvmt52ekju5n7ffamn2pdvxaq6esb2vzzoduexamplea"
],
"token_ttl": 1800,
"token_policies":[
"dev",
"prod"
]
"token_policies": ["dev", "prod"]
}
}
```
@@ -149,7 +146,7 @@ $ curl \
Lists all the roles that are registered with the auth method.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :------------------------- |
| `LIST` | `/auth/oci/role` |
| `GET` | `/auth/oci/role?list=true` |
@@ -167,10 +164,7 @@ $ curl \
```json
{
"data": {
"keys": [
"devrole",
"prodrole"
]
"keys": ["devrole", "prodrole"]
}
}
```
@@ -180,8 +174,8 @@ $ curl \
Deletes the previously registered role.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/auth/oci/role/:role`|
| :------- | :--------------------- |
| `DELETE` | `/auth/oci/role/:role` |
### Parameters
@@ -203,7 +197,7 @@ a role name for some entity. It verifies the signed request headers to authentic
entity and then authorizes the entity for the given role.
| Method | Path |
| :--------------------------- | :--------------------- |
| :----- | :---------------------- |
| `POST` | `/auth/oci/login/:role` |
### Parameters
@@ -215,12 +209,14 @@ entity and then authorizes the entity for the given role.
```json
{
"request_headers": {
"request_headers": {
"date": ["Fri, 22 Aug 2019 21:02:19 GMT"],
"(request-target)": ["get /v1/auth/oci/login/devrole"],
"host": ["127.0.0.1"],
"content-type": ["application/json"],
"authorization": ["Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7\",signature=\"GBas7grhyrhSKHP6AVIj/h5/Vp8bd/peM79H9Wv8kjoaCivujVXlpbKLjMPeDUhxkFIWtTtLBj3sUzaFj34XE6YZAHc9r2DmE4pMwOAy/kiITcZxa1oHPOeRheC0jP2dqbTll8fmTZVwKZOKHYPtrLJIJQHJjNvxFWeHQjMaR7M=\",version=\"1\""]
"authorization": [
"Signature algorithm=\"rsa-sha256\",headers=\"date (request-target) host\",keyId=\"ocid1.tenancy.oc1..aaaaaaaaba3pv6wkcr4jqae5f15p2b2m2yt2j6rx32uzr4h25vqstifsfdsq/ocid1.user.oc1..aaaaaaaat5nvwcna5j6aqzjcaty5eqbb6qt2jvpkanghtgdaqedqw3rynjq/73:61:a2:21:67:e0:df:be:7e:4b:93:1e:15:98:a5:b7\",signature=\"GBas7grhyrhSKHP6AVIj/h5/Vp8bd/peM79H9Wv8kjoaCivujVXlpbKLjMPeDUhxkFIWtTtLBj3sUzaFj34XE6YZAHc9r2DmE4pMwOAy/kiITcZxa1oHPOeRheC0jP2dqbTll8fmTZVwKZOKHYPtrLJIJQHJjNvxFWeHQjMaR7M=\",version=\"1\""
]
}
}
```
@@ -241,9 +237,7 @@ $ curl \
"auth": {
"token": "62b8ssf9-529c-6b26-e0b8-045fcdb4",
"token_accessor": "afaff6d0-be3d-c8d2-b0d7-2676sss0d9b4",
"token_policies": [
"dev"
],
"token_policies": ["dev"],
"token_duration": 1800
}
}

Some files were not shown because too many files have changed in this diff Show More