[DOCS] Administrative namespace updates (#23208)

website/content/api-docs/system/audit.mdx

@@ -6,6 +6,8 @@ description: The `/sys/audit` endpoint is used to enable and disable audit devic
 
 # `/sys/audit`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/audit` endpoint is used to list, enable, and disable audit devices.
 Audit devices must be enabled before use, and more than one device may be
 enabled at a time.

website/content/api-docs/system/config-auditing.mdx

@@ -6,6 +6,8 @@ description: The `/sys/config/auditing` endpoint is used to configure auditing s
 
 # `/sys/config/auditing/request-headers`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/config/auditing` endpoint is used to configure auditing settings.
 
 ## Read all audited request headers

website/content/api-docs/system/config-cors.mdx

@@ -8,6 +8,8 @@ description: >-
 
 # `/sys/config/cors`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/config/cors` endpoint is used to configure CORS settings.
 
 - **`sudo` required** – All CORS endpoints require `sudo` capability in

website/content/api-docs/system/config-group-policy-application.mdx

@@ -8,6 +8,8 @@ description: The '/sys/config/group-policy-application' endpoint is used to conf
 
 @include 'alerts/enterprise-and-hcp-plus.mdx'
 
+@include 'alerts/restricted-root.mdx'
+
 The `sys/config/group-policy-application` endpoint can be used to configure the
 mode of policy application for identity groups in Vault. This setting dictates
 the behavior across all groups in all namespaces in Vault.

website/content/api-docs/system/config-reload.mdx

@@ -6,6 +6,8 @@ description: The '/sys/config/reload' endpoint is used to reload specific parts
 
 # `/sys/config/reload`
 
+@include 'alerts/restricted-root.mdx'
+
 The `sys/config/reload` endpoint allows reloading specific parts of Vault's configuration.
 Currently, it only supports reloading license information from files on disk.
 

website/content/api-docs/system/config-state.mdx

@@ -6,6 +6,8 @@ description: The '/sys/config/state' endpoint is used to retrieve the configurat
 
 # `/sys/config/state`
 
+@include 'alerts/restricted-root.mdx'
+
 The endpoints under `sys/config/state` return Vault's configuration state.
 Currently, it only supports returning a sanitized version of the configuration.
 

website/content/api-docs/system/config-ui.mdx

@@ -6,6 +6,8 @@ description: The '/sys/config/ui' endpoint configures the UI.
 
 # `/sys/config/ui`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/config/ui` endpoint is used to configure UI settings.
 
 - **`sudo` required** – All UI endpoints require `sudo` capability in

website/content/api-docs/system/decode-token.mdx

@@ -6,6 +6,8 @@ description: The `/sys/decode-token` endpoint is used to decode the encoded toke
 
 # `/sys/decode-token`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/decode-token` endpoint is used to decode the encoded token which is the result of the [/sys/generate-root](/vault/api-docs/system/generate-root) API.
 
 ## Parameters

website/content/api-docs/system/experiments.mdx

@@ -6,6 +6,8 @@ description: The `/sys/experiments` endpoint returns information about experimen
 
 # `/sys/experiments`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/experiments` endpoint returns information about experiments on the Vault node.
 
 ## Read experiments

website/content/api-docs/system/generate-recovery-token.mdx

@@ -8,6 +8,8 @@ description: |-
 
 # `/sys/generate-recovery-token`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/generate-recovery-token` endpoint is used to create a new recovery
 token for Vault.
 

website/content/api-docs/system/generate-root.mdx

@@ -8,6 +8,8 @@ description: |-
 
 # `/sys/generate-root`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/generate-root` endpoint is used to create a new root key for Vault.
 
 ## Read root generation progress

website/content/api-docs/system/health.mdx

@@ -6,6 +6,8 @@ description: The `/sys/health` endpoint is used to check the health status of Va
 
 # `/sys/health`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/health` endpoint is used to check the health status of Vault.
 
 ## Read health information

website/content/api-docs/system/host-info.mdx

@@ -6,6 +6,8 @@ description: The '/sys/host-info' endpoint is used to retrieve host information
 
 # `/sys/host-info`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/host-info` endpoint is used retrieve information about the
 host instance that the Vault server is running on.
 

website/content/api-docs/system/in-flight-req.mdx

@@ -6,6 +6,8 @@ description: The `/sys/in-flight-req` endpoint is used to get information on in-
 
 # `/sys/in-flight-req`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/in-flight-req` endpoint is used to get information on in-flight requests.
 The returned information contains the `start_time`, `client_remote_address`, `request_path`,
 `request_method`, and `client_id` of the in-flight requests.

website/content/api-docs/system/init.mdx

@@ -6,6 +6,8 @@ description: The `/sys/init` endpoint is used to initialize a new Vault.
 
 # `/sys/init`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/init` endpoint is used to initialize a new Vault.
 
 ## Read initialization status

website/content/api-docs/system/inspect/router.mdx

@@ -6,12 +6,12 @@ description: >-
 ---
 
 # `/sys/internal/inspect/router`
+
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/internal/inspect/router` endpoint is intended for a Vault admin to inspect the internal components of Vault's router.
 This endpoint can be accessed with a root token or sudo privileges.
 
-~> **NOTE**: These endpoints are only available in Vault version 1.13+. Backwards compatibility is not guaranteed. These endpoints are subject to change or may disappear without notice.
-
-
 ## Root
 
 This endpoint returns a list of router entries in the router's root tree.

website/content/api-docs/system/internal-counters.mdx

@@ -7,9 +7,9 @@ description: >-
 
 # `/sys/internal/counters`
 
-The `/sys/internal/counters` endpoints are used to return data about the number of Tokens and Entities in Vault. They return information for the entire cluster.
+@include 'alerts/restricted-root.mdx'
 
-~> **NOTE**: These endpoints are only available in Vault version 1.3+. Backwards compatibility is not guaranteed. These endpoints are subject to change or may disappear without notice.
+The `/sys/internal/counters` endpoints are used to return data about the number of Tokens and Entities in Vault. They return information for the entire cluster.
 
 ## Entities
 

website/content/api-docs/system/key-status.mdx

@@ -8,6 +8,8 @@ description: |-
 
 # `/sys/key-status`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/key-status` endpoint is used to query info about the current
 encryption key of Vault.
 

website/content/api-docs/system/lease-count-quotas.mdx

@@ -8,6 +8,8 @@ description: The `/sys/quotas/lease-count` endpoint is used to create, edit and
 
 @include 'alerts/enterprise-and-hcp-plus.mdx'
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/quotas/lease-count` endpoint is used to create, edit and delete lease count quotas.
 
 ## Create or update a lease count quota

website/content/api-docs/system/loggers.mdx

@@ -6,6 +6,8 @@ description: The `/sys/loggers` endpoint is used modify the verbosity level of l
 
 # `/sys/loggers`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/loggers` endpoint is used modify the verbosity level of logging.
 
 !> **NOTE:** Changes made to the log level using this endpoint are not persisted and will be restored

website/content/api-docs/system/managed-keys.mdx

@@ -6,6 +6,8 @@ description: The `/sys/managed-keys` endpoint is used to manage the managed keys
 
 # `/sys/managed-keys`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/managed-keys` endpoint is used to manage the Managed Key configuration within Vault.
 See the [Managed Keys](/vault/docs/enterprise/managed-keys) section for further details on the Managed Keys system.
 

website/content/api-docs/system/metrics.mdx

@@ -6,6 +6,8 @@ description: The `/sys/metrics` endpoint is used to get telemetry metrics for Va
 
 # `/sys/metrics`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/metrics` endpoint is used to get telemetry metrics for Vault.
 
 ## Read telemetry metrics

website/content/api-docs/system/mfa/duo.mdx

@@ -8,6 +8,8 @@ description: >-
 
 ## Configure Duo MFA method
 
+@include 'alerts/restricted-root.mdx'
+
 This endpoint defines a MFA method of type Duo.
 
 | Method | Path                        |

website/content/api-docs/system/mfa/okta.mdx

@@ -8,6 +8,8 @@ description: >-
 
 ## Configure okta MFA method
 
+@include 'alerts/restricted-root.mdx'
+
 This endpoint defines a MFA method of type Okta.
 
 | Method | Path                         |

website/content/api-docs/system/mfa/pingid.mdx

@@ -8,6 +8,8 @@ description: >-
 
 ## Configure PingID MFA method
 
+@include 'alerts/restricted-root.mdx'
+
 This endpoint defines a MFA method of type PingID.
 
 | Method | Path                           |

website/content/api-docs/system/mfa/totp.mdx

@@ -8,6 +8,8 @@ description: >-
 
 ## Configure TOTP MFA method
 
+@include 'alerts/restricted-root.mdx'
+
 This endpoint defines a MFA method of type TOTP.
 
 | Method | Path                         |

website/content/api-docs/system/pprof.mdx

@@ -6,6 +6,8 @@ description: The `/sys/pprof` endpoint is used to query profiling information.
 
 # `/sys/pprof`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/pprof` endpoint is used to query. The response returned by
 these endpoints are equivalent to those returned by the `http/pprof`
 package.

website/content/api-docs/system/quotas-config.mdx

@@ -6,6 +6,8 @@ description: The `/sys/quotas/config` endpoint is used to configure rate limit q
 
 # `/sys/quotas/config`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/quotas/config` endpoint is used to configure rate limit quotas.
 
 ## Create or update the rate limit configuration

website/content/api-docs/system/rate-limit-quotas.mdx

@@ -6,6 +6,8 @@ description: The `/sys/quotas/rate-limit` endpoint is used to create, edit and d
 
 # `/sys/quotas/rate-limit`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/quotas/rate-limit` endpoint is used to create, edit and delete rate limit quotas.
 
 ## Create or update a rate limit quota

website/content/api-docs/system/raw.mdx

@@ -6,6 +6,8 @@ description: The `/sys/raw` endpoint is used to access the raw underlying store
 
 # `/sys/raw`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/raw` endpoint is used to access the raw underlying store in Vault.
 
 This endpoint is off by default. See the

website/content/api-docs/system/rekey-recovery-key.mdx

@@ -8,9 +8,11 @@ description: >-
 
 # `/sys/rekey-recovery-key`
 
-~> **Note:** These endpoints are only applicable to seals that support recovery keys.
+@include 'alerts/restricted-root.mdx'
 
-The `/sys/rekey-recovery-key` endpoints are used to rekey the recovery keys for Vault.
+The `/sys/rekey-recovery-key` endpoints are used to rekey the recovery keys for
+Vault. Key recovery endpoints are only applicable to seals that support recovery
+keys.
 
 ## Read rekey progress
 

website/content/api-docs/system/rekey.mdx

@@ -6,6 +6,8 @@ description: The `/sys/rekey` endpoints are used to rekey the unseal keys for Va
 
 # `/sys/rekey`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/rekey` endpoints are used to rekey the unseal keys for Vault.
 
 On seals that support stored keys (e.g. HSM PKCS11), the recovery key share(s)

website/content/api-docs/system/replication/index.mdx

@@ -10,6 +10,8 @@ description: >-
 
 @include 'alerts/enterprise-and-hcp-plus.mdx'
 
+@include 'alerts/restricted-root.mdx'
+
 ## Attempt recovery
 
 This endpoint attempts recovery if replication is in an adverse state. For

website/content/api-docs/system/rotate-config.mdx

@@ -6,6 +6,8 @@ description: The `/sys/rotate/config` endpoint is used to configure automatic ke
 
 # `/sys/rotate/config`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/rotate` endpoint is used to configure automatic key rotation.
 
 ## Configure automatic key rotation

website/content/api-docs/system/rotate.mdx

@@ -6,6 +6,8 @@ description: The `/sys/rotate` endpoint is used to rotate the encryption key.
 
 # `/sys/rotate`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/rotate` endpoint is used to rotate the encryption key.
 
 ## Rotate encryption key

website/content/api-docs/system/seal.mdx

@@ -6,6 +6,8 @@ description: The `/sys/seal` endpoint seals the Vault.
 
 # `/sys/seal`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/seal` endpoint seals the Vault.
 
 ## Seal

website/content/api-docs/system/sealwrap-rewrap.mdx

@@ -10,6 +10,8 @@ description: >-
 
 @include 'alerts/enterprise-and-hcp-plus.mdx'
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/sealwrap/rewrap` endpoint is used to rewrap all seal wrapped entries.
 This is useful when you want to upgrade seal wrapped entries to use the latest
 key, for example, after a seal migration or after rotating the remote keyring.

website/content/api-docs/system/step-down.mdx

@@ -6,6 +6,8 @@ description: The `/sys/step-down` endpoint causes the node to give up active sta
 
 # `/sys/step-down`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/step-down` endpoint causes the node to give up active status.
 
 ## Step down leader

website/content/api-docs/system/storage/index.mdx

@@ -6,6 +6,10 @@ description: |-
   The '/sys/storage' endpoints are used to manage Vault's storage backends.
 ---
 
+# `/sys/storage`
+
+@include 'alerts/restricted-root.mdx'
+
 This API sub-section is currently only used to manage [Raft](/vault/api-docs/system/storage/raft) storage backend.
 
 On Enterprise there are additional endpoints for working with [Raft Automated Snapshots](/vault/api-docs/system/storage/raftautosnapshots).

website/content/api-docs/system/storage/raft.mdx

@@ -9,6 +9,8 @@ description: |-
 
 # `/sys/storage/raft`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/storage/raft` endpoints are used to manage Vault's Raft storage
 backend.
 

website/content/api-docs/system/storage/raftautopilot.mdx

@@ -9,6 +9,8 @@ description: |-
 
 # `/sys/storage/raft/autopilot`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/storage/raft/autopilot` endpoints are used to manage raft clusters using autopilot
 with Vault's [Integrated Storage backend](/vault/docs/internals/integrated-storage).
 Refer to the [Integrated Storage Autopilot](/vault/tutorials/raft/raft-autopilot) tutorial to learn how to manage raft clusters using autopilot.

website/content/api-docs/system/storage/raftautosnapshots.mdx

@@ -11,6 +11,8 @@ description: |-
 
 # `/sys/storage/raft/snapshot-auto`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/storage/raft/snapshot-auto` endpoints are used to manage automated
 snapshots with Vault's Raft storage backend.
 

website/content/api-docs/system/unseal.mdx

@@ -6,6 +6,8 @@ description: The `/sys/unseal` endpoint is used to unseal the Vault.
 
 # `/sys/unseal`
 
+@include 'alerts/restricted-root.mdx'
+
 The `/sys/unseal` endpoint is used to unseal the Vault.
 
 ## Submit unseal key