Fix formatting issues within pki health-check cli documentation (#23288)

* Fix formatting issue within pki health-check cli - Missing a ``` within the CRL validity period which caused a bunch of sections to be collected within the box - One shell session was shifted over too much in the Too many certificates section * Add missing '$' in front of the command * Reorder pki entry in nav bar and add more missing $ in vault commands --------- Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2025-10-29 17:52:32 +00:00 · 2023-09-27 13:29:40 -04:00
parent 7356f3aae0
commit d7e4447ec0
2 changed files with 64 additions and 58 deletions
--- a/website/content/docs/commands/pki/health-check.mdx
+++ b/website/content/docs/commands/pki/health-check.mdx
@@ -172,6 +172,7 @@ Use `vault write` to enable CRL auto-rebuild:

 ```shell-session
 $ vault write <mount>/config/crl auto_rebuild=true
+```

 ### Hardware-Backed root certificate

@@ -315,7 +316,7 @@ This health check checks whether audit information is accessible to log consumer
 Use `vault secrets tune` to set the desired audit parameters:

 ```shell-session
-vault secrets tune \
+$ vault secrets tune \
  -audit-non-hmac-response-keys=certificate \
  -audit-non-hmac-response-keys=issuing_ca \
  -audit-non-hmac-response-keys=serial_number \
@@ -380,22 +381,25 @@ This health check verifies if the `If-Modified-Since` header has been added to `

 1. Update `allowed_response_headers` and `passthrough_request_headers` for all
   policies with `vault secrets tune`:
-    ```shell-session
-    vault secrets tune \
+
+  ```shell-session
+  $ vault secrets tune \
      -passthrough-request-headers="If-Modified-Since" \
      -allowed-response-headers="Last-Modified" \
      <mount>
-    ```
+  ```
+
 1. Update ACME-specific headers with `vault secrets tune` (if you are using ACME):
-    ```shell-session
-    vault secrets tune \
+
+  ```shell-session
+  $ vault secrets tune \
      -passthrough-request-headers="If-Modified-Since" \
      -allowed-response-headers="Last-Modified" \
      -allowed-response-headers="Replay-Nonce" \
      -allowed-response-headers="Link" \
      -allowed-response-headers="Location" \
      <mount>
-    ```
+  ```

 ### Auto-Tidy disabled

@@ -419,14 +423,14 @@ This health check verifies that auto-tidy is enabled, with sane defaults for int
 Use `vault write` to enable auto-tidy with the recommended defaults:

 ```shell-session
-vault write <mount>/config/auto-tidy \
-  enabled=true \
-  tidy_cert_store=true \
-  tidy_revoked_certs=true \
-  tidy_acme=true \
-  tidy_revocation_queue=true \
-  tidy_cross_cluster_revoked_certs=true \
-  tidy_revoked_cert_issuer_associations=true
+$ vault write <mount>/config/auto-tidy \
+    enabled=true \
+    tidy_cert_store=true \
+    tidy_revoked_certs=true \
+    tidy_acme=true \
+    tidy_revocation_queue=true \
+    tidy_cross_cluster_revoked_certs=true \
+    tidy_revoked_cert_issuer_associations=true
 ```

 ### Tidy hasn't run
@@ -447,15 +451,17 @@ This health check verifies that tidy has run within the last run window. This ca
 **Remediation steps**:

 1. Schedule a manual run of tidy with `vault write`:
-    ```shell-session
-    vault write <mount>/tidy \
+
+  ```shell-session
+  $ vault write <mount>/tidy \
      tidy_cert_store=true \
      tidy_revoked_certs=true \
      tidy_acme=true \
      tidy_revocation_queue=true \
      tidy_cross_cluster_revoked_certs=true \
      tidy_revoked_cert_issuer_associations=true
-    ```
+  ```
+
 1. Review the tidy status endpoint, `vault read <mount>/tidy-status` for
   additional information.
 1. Re-configure auto-tidy based on the log information and results of your
@@ -482,18 +488,18 @@ This health check verifies that this cluster has a reasonable number of certific

 1. Verify that tidy ran recently with `vault read`:
    ```shell-session
-    vault read <mount>/tidy-status
+    $ vault read <mount>/tidy-status
    ````
 1. Schedule a manual run of tidy with `vault write`:
-	    ```shell-session
-	    vault write <mount>/tidy \
-	      tidy_cert_store=true \
-	      tidy_revoked_certs=true \
-	      tidy_acme=true \
-	      tidy_revocation_queue=true \
-	      tidy_cross_cluster_revoked_certs=true \
-	      tidy_revoked_cert_issuer_associations=true
-	    ```
+    ```shell-session
+    $ vault write <mount>/tidy \
+      tidy_cert_store=true \
+      tidy_revoked_certs=true \
+      tidy_acme=true \
+      tidy_revocation_queue=true \
+      tidy_cross_cluster_revoked_certs=true \
+      tidy_revoked_cert_issuer_associations=true
+    ```
 1. Enable `auto-tidy`.
 1. Make sure that you are not renewing certificates too soon. Certificate
   lifetimes should reflect the expected usage of the certificate. If the TTL is
@@ -535,7 +541,7 @@ This health check verifies if the `"Replay-Nonce`, `Link`, and `Location` header

 Use `vault secrets tune` to add the missing headers to `allowed_response_headers`:
 ```shell-session
-vault secrets tune \
+$ vault secrets tune \
  -allowed-response-headers="Last-Modified" \
  -allowed-response-headers="Replay-Nonce" \
  -allowed-response-headers="Link" \
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -635,35 +635,6 @@
          }
        ]
      },
-      {
-        "title": "<code>pki</code>",
-        "routes": [
-          {
-            "title": "Overview",
-            "path": "commands/pki"
-          },
-          {
-            "title": "<code>health-check</code>",
-            "path": "commands/pki/health-check"
-          },
-          {
-            "title": "<code>verify-sign</code>",
-            "path": "commands/pki/verify-sign"
-          },
-          {
-            "title": "<code>list-intermediates</code>",
-            "path": "commands/pki/list-intermediates"
-          },
-          {
-            "title": "<code>issue</code>",
-            "path": "commands/pki/issue"
-          },
-          {
-            "title": "<code>reissue</code>",
-            "path": "commands/pki/reissue"
-          }
-        ]
-      },
      {
        "title": "<code>lease</code>",
        "routes": [
@@ -787,6 +758,35 @@
        "title": "<code>path-help</code>",
        "path": "commands/path-help"
      },
+      {
+        "title": "<code>pki</code>",
+        "routes": [
+          {
+            "title": "Overview",
+            "path": "commands/pki"
+          },
+          {
+            "title": "<code>health-check</code>",
+            "path": "commands/pki/health-check"
+          },
+          {
+            "title": "<code>verify-sign</code>",
+            "path": "commands/pki/verify-sign"
+          },
+          {
+            "title": "<code>list-intermediates</code>",
+            "path": "commands/pki/list-intermediates"
+          },
+          {
+            "title": "<code>issue</code>",
+            "path": "commands/pki/issue"
+          },
+          {
+            "title": "<code>reissue</code>",
+            "path": "commands/pki/reissue"
+          }
+        ]
+      },
      {
        "title": "<code>plugin</code>",
        "routes": [