diff --git a/website/source/assets/images/icon-checkmark-circle.svg b/website/source/assets/images/icon-checkmark-circle.svg new file mode 100644 index 0000000000..8a7549f327 --- /dev/null +++ b/website/source/assets/images/icon-checkmark-circle.svg @@ -0,0 +1,6 @@ + + + + + + diff --git a/website/source/assets/images/icon-warning.svg b/website/source/assets/images/icon-warning.svg new file mode 100644 index 0000000000..82b1265576 --- /dev/null +++ b/website/source/assets/images/icon-warning.svg @@ -0,0 +1,4 @@ + + + + diff --git a/website/source/assets/javascripts/application.js b/website/source/assets/javascripts/application.js index 51c8914f8f..646543796a 100644 --- a/website/source/assets/javascripts/application.js +++ b/website/source/assets/javascripts/application.js @@ -1,8 +1,13 @@ //= require turbolinks //= require jquery +//= require lib/file-saver.min //= require hashicorp/mega-nav //= require hashicorp/sidebar //= require hashicorp/analytics //= require analytics +//= require tabs +//= require os-detect +//= require downloads +//= require configuration-builder diff --git a/website/source/assets/javascripts/configuration-builder.js b/website/source/assets/javascripts/configuration-builder.js new file mode 100644 index 0000000000..21db9d3158 --- /dev/null +++ b/website/source/assets/javascripts/configuration-builder.js @@ -0,0 +1,133 @@ +function downloadConfiguration() { + var form = document.querySelector("#configuration-builder"); + var config = ""; + + // Add Listener stanza + if (document.getElementById("include_tcp_listener").checked) { + config += `listener "tcp" { +${addFieldsToStanza("listener")}} +`; + } + + // Add Storage stanza + if (document.getElementById("include_storage").checked) { + var backend = document.getElementById("storage").value; + config += ` +storage "${backend}" { +${addFieldsToStanza("storage")}} +`; + } + + // Add Telemetry stanza + if (document.getElementById("include_telemetry").checked) { + var provider = document.getElementById("telemetry").value; + config += ` +telemetry { +${addFieldsToStanza("telemetry")}} +`; + } + + // Add Seal stanza + if (document.getElementById("include_seal").checked) { + var type = document.getElementById("seal").value; + config += ` +seal "${type}" { +${addFieldsToStanza("seal")}} +`; + } + + // Add UI stanza + if (document.getElementById("include_ui").checked) { + config += ` +ui = true`; + var startServerLink = document.querySelector(".start-server-link") + startServerLink.href = `${startServerLink.href}?tab=ui`; + } + + config = config.replace(/([^\r])\n/g, "$1\r\n"); + var blob = new Blob([config], {type: "text/plain;charset=utf-8"}); + saveAs(blob, "vault-config.hcl"); + document.querySelector(".form-actions").style.display = "none"; + document.querySelector("#download-confirm").style.display = "block"; + return false; +} + +function addFieldsToStanza(stanza) { + var fieldsets = document.querySelectorAll(`[data-config-stanza="${stanza}"] .nested-fields fieldset`); + var lines = ""; + + for (i = 0; i < fieldsets.length; i++) { + var fieldset = fieldsets[i]; + if (fieldset.offsetWidth > 0 && fieldset.offsetHeight > 0) { + var line = fieldsetToLine(fieldset); + if (line) { + lines += line; + } + } + } + return lines; +} + +function fieldsetToLine(fieldset) { + var parameter = fieldset.getAttribute("name"); + var isChecked = document.querySelector(`#include_${parameter}`).checked; + if (isChecked) { + var field = fieldset.querySelector(`#${parameter}`); + var value = field.value; + + if (field.getAttribute("type") == "number") { + return ` ${parameter} = ${value} +`; + } else { + return ` ${parameter} = "${value}" +`; + } + } + return; +} + +document.addEventListener("turbolinks:load", function() { + var revealTriggers = document.querySelectorAll(".reveal-trigger"); + var configTriggers = document.querySelectorAll(".config-reveal-trigger"); + var configSelects = document.querySelectorAll(".config-reveal-select"); + + for (i = 0; i < revealTriggers.length; i++) { + revealTriggers[i].addEventListener("click", function(clickEvent) { + var revealTrigger = clickEvent.currentTarget; + revealTrigger.classList.toggle("active"); + revealTrigger.nextElementSibling.classList.toggle("active"); + }); + } + + for (i = 0; i < configTriggers.length; i++) { + configTriggers[i].addEventListener("change", function(clickEvent) { + var configTrigger = clickEvent.currentTarget; + var container = configTrigger.closest("fieldset"); + var reveal = container.querySelector(".config-reveal-container"); + reveal.classList.toggle("active"); + + if (reveal.querySelector(".config-reveal-select")) { + var selection = reveal.querySelector(".config-reveal-select").value; + document.querySelector(`[data-if-option="${selection}"]`).classList.toggle("active"); + } + }); + } + + for (i = 0; i < configSelects.length; i++) { + configSelects[i].addEventListener("change", function(clickEvent) { + var configSelect = clickEvent.currentTarget; + var selection = configSelect.value; + var section = configSelect.closest("section"); + var reveal = section.querySelector(`[data-if-option='${selection}']`); + var nestedOptions = section.querySelectorAll("[data-if-option]"); + + for (i = 0; i < nestedOptions.length; i++) { + nestedOptions[i].classList.remove("active"); + } + + if (reveal) { + reveal.classList.add("active"); + } + }); + } +}); diff --git a/website/source/assets/javascripts/downloads.js b/website/source/assets/javascripts/downloads.js new file mode 100644 index 0000000000..1f4226faa1 --- /dev/null +++ b/website/source/assets/javascripts/downloads.js @@ -0,0 +1,22 @@ +document.addEventListener("turbolinks:load", function() { + var downloadLinks = document.querySelectorAll(".download-arches .download-link"); + + for (i = 0; i < downloadLinks.length; i++) { + downloadLinks[i].addEventListener("click", handleDownloadLinkClick); + } + + function handleDownloadLinkClick(clickEvent) { + var clickedLink = clickEvent.currentTarget; + var bit = clickedLink.innerHTML; + var container = clickedLink.closest(".download"); + var name = container.querySelector(".os-name").innerHTML; + var icon = container.querySelector(".icon svg").outerHTML; + var confirm = document.querySelector("#download-confirm"); + + document.querySelector(".download-arches").style.display = "none"; + confirm.style.display = "flex"; + confirm.querySelector(".chosen-os-name").innerHTML = name; + confirm.querySelector(".chosen-os-bit").innerHTML = bit; + confirm.querySelector(".icon").innerHTML = icon; + } +}); diff --git a/website/source/assets/javascripts/lib/file-saver.min.js b/website/source/assets/javascripts/lib/file-saver.min.js new file mode 100644 index 0000000000..9a1e397f20 --- /dev/null +++ b/website/source/assets/javascripts/lib/file-saver.min.js @@ -0,0 +1,2 @@ +/*! @source http://purl.eligrey.com/github/FileSaver.js/blob/master/FileSaver.js */ +var saveAs=saveAs||function(e){"use strict";if(typeof e==="undefined"||typeof navigator!=="undefined"&&/MSIE [1-9]\./.test(navigator.userAgent)){return}var t=e.document,n=function(){return e.URL||e.webkitURL||e},r=t.createElementNS("http://www.w3.org/1999/xhtml","a"),o="download"in r,a=function(e){var t=new MouseEvent("click");e.dispatchEvent(t)},i=/constructor/i.test(e.HTMLElement)||e.safari,f=/CriOS\/[\d]+/.test(navigator.userAgent),u=function(t){(e.setImmediate||e.setTimeout)(function(){throw t},0)},s="application/octet-stream",d=1e3*40,c=function(e){var t=function(){if(typeof e==="string"){n().revokeObjectURL(e)}else{e.remove()}};setTimeout(t,d)},l=function(e,t,n){t=[].concat(t);var r=t.length;while(r--){var o=e["on"+t[r]];if(typeof o==="function"){try{o.call(e,n||e)}catch(a){u(a)}}}},p=function(e){if(/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(e.type)){return new Blob([String.fromCharCode(65279),e],{type:e.type})}return e},v=function(t,u,d){if(!d){t=p(t)}var v=this,w=t.type,m=w===s,y,h=function(){l(v,"writestart progress write writeend".split(" "))},S=function(){if((f||m&&i)&&e.FileReader){var r=new FileReader;r.onloadend=function(){var t=f?r.result:r.result.replace(/^data:[^;]*;/,"data:attachment/file;");var n=e.open(t,"_blank");if(!n)e.location.href=t;t=undefined;v.readyState=v.DONE;h()};r.readAsDataURL(t);v.readyState=v.INIT;return}if(!y){y=n().createObjectURL(t)}if(m){e.location.href=y}else{var o=e.open(y,"_blank");if(!o){e.location.href=y}}v.readyState=v.DONE;h();c(y)};v.readyState=v.INIT;if(o){y=n().createObjectURL(t);setTimeout(function(){r.href=y;r.download=u;a(r);h();c(y);v.readyState=v.DONE});return}S()},w=v.prototype,m=function(e,t,n){return new v(e,t||e.name||"download",n)};if(typeof navigator!=="undefined"&&navigator.msSaveOrOpenBlob){return function(e,t,n){t=t||e.name||"download";if(!n){e=p(e)}return navigator.msSaveOrOpenBlob(e,t)}}w.abort=function(){};w.readyState=w.INIT=0;w.WRITING=1;w.DONE=2;w.error=w.onwritestart=w.onprogress=w.onwrite=w.onabort=w.onerror=w.onwriteend=null;return m}(typeof self!=="undefined"&&self||typeof window!=="undefined"&&window||this.content);if(typeof module!=="undefined"&&module.exports){module.exports.saveAs=saveAs}else if(typeof define!=="undefined"&&define!==null&&define.amd!==null){define("FileSaver.js",function(){return saveAs})} diff --git a/website/source/assets/javascripts/os-detect.js b/website/source/assets/javascripts/os-detect.js new file mode 100644 index 0000000000..d33b4d31cf --- /dev/null +++ b/website/source/assets/javascripts/os-detect.js @@ -0,0 +1,31 @@ +function getCurrentOS() { + var userAgent = navigator.userAgent; + if (userAgent.indexOf("Win") != -1) return "windows"; + if (userAgent.indexOf("Mac") != -1) return "darwin"; + if (userAgent.indexOf("Linux") != -1) return "linux"; + if (userAgent.indexOf("NetBSD") != -1) return "netbsd"; + if (userAgent.indexOf("FreeBSD") != -1) return "freebsd"; + if (userAgent.indexOf("OpenBSD") != -1) return "openbsd"; + if (userAgent.indexOf("SunOS") != -1) return "solaris"; + return "Unkown"; +} + +function getCurrentOSBit() { + var userAgent = navigator.userAgent; + if (userAgent.match( /(Win64|WOW64|Mac OS X 10|amd64|x86)/ )) { + return "64-bit"; + } + if (userAgent.match( /arm/ )) { + return "arm"; + } + return "32-bit"; +} + +document.addEventListener("turbolinks:load", function() { + if (document.querySelector(`[data-os]`)) { + var currentOSElement = document.querySelector(`[data-os="${getCurrentOS()}"]`); + var currentBitLinkElement = document.querySelector(`[data-os="${getCurrentOS()}"] [data-os-bit="${getCurrentOSBit()}"]`); + currentOSElement.classList.add("current"); + currentBitLinkElement.classList.add("current"); + } +}); diff --git a/website/source/assets/javascripts/tabs.js b/website/source/assets/javascripts/tabs.js new file mode 100644 index 0000000000..b2972c15af --- /dev/null +++ b/website/source/assets/javascripts/tabs.js @@ -0,0 +1,40 @@ +document.addEventListener("turbolinks:load", function() { + var tabs = document.querySelectorAll(".tabs li"); + + function handleTabClick(clickEvent) { + var clickedLink = clickEvent.currentTarget.querySelector("a"); + var activeContentId = clickedLink.getAttribute("data-tab-for"); + + switchTab(activeContentId); + + clickEvent.preventDefault(activeContentId); + return false; + } + + function switchTab(id) { + var tabsContent = document.querySelectorAll(".tabs-content"); + var activeTab = document.querySelector(`[data-tab-for="${id}"]`); + var activeContent = document.getElementById(id); + + for (var i = 0; i < tabs.length; i++) { + var tabLink = tabs[i].querySelector("a"); + tabLink.classList.remove("is-active"); + } + + for (i = 0; i < tabsContent.length; i++) { + tabsContent[i].classList.remove("is-active"); + } + + activeTab.classList.add("is-active"); + activeContent.classList.add("is-active"); + } + + for (i = 0; i < tabs.length; i++) { + tabs[i].addEventListener("click", handleTabClick) + } + + var urlParams = new URLSearchParams(window.location.search); + if (urlParams && urlParams.has("tab")) { + switchTab(urlParams.get("tab")); + } +}); diff --git a/website/source/assets/stylesheets/_config.scss b/website/source/assets/stylesheets/_config.scss new file mode 100644 index 0000000000..841f07b718 --- /dev/null +++ b/website/source/assets/stylesheets/_config.scss @@ -0,0 +1,64 @@ +.config-reveal-label { + .config-reveal-trigger:not(:checked) + & { + color: #aaa; + } + + .docs-info-icon { + &::before { + content: '\0024D8'; + color: #AAA; + display: inline-block; + height: 1em; + margin-left: 0.25em; + width: 1em; + } + + &:hover::before { + color: inherit; + } + } +} + +.reveal-container, +.config-reveal-container { + display: none; + margin-left: 20px; + + &.active { + display: block; + } +} + +.reveal-trigger { + align-items: center; + color: $sidebar-link-color-active; + cursor: pointer; + display: flex; + font-size: $sidebar-font-size; + margin: -5px 0 10px; + + &::before { + content: '\203A'; + display: inline-block; + height: 1em; + line-height: 1; + text-align: center; + transform: rotate(90deg); + width: 1em; + } + + &::after { + content: attr(data-show-text); + margin-left: 0.5em; + } + + &.active { + &::before { + transform: rotate(-90deg); + } + + &::after { + content: attr(data-hide-text); + } + } +} diff --git a/website/source/assets/stylesheets/_downloads.scss b/website/source/assets/stylesheets/_downloads.scss index 97a4dfc66b..9bc53e55e7 100644 --- a/website/source/assets/stylesheets/_downloads.scss +++ b/website/source/assets/stylesheets/_downloads.scss @@ -1,16 +1,15 @@ body.layout-downloads { #inner { .downloads { - margin-top: 20px; - .description { margin-bottom: 20px; } .download { - align-items: center; - border-bottom: 1px solid #b2b2b2; + border: 1px solid #ddd; + border-radius: 8px; display: flex; + margin: 6px 0; padding: 15px; .details { @@ -51,10 +50,75 @@ body.layout-downloads { } } - .poweredby { - margin-top: 20px; - text-align: center; + .download-arches { + @media (min-width: 992px) { + display: flex; + flex-wrap: wrap; + } + + .download { + @media (min-width: 992px) { + margin: 6px; + order: 1; + width: calc(50% - 12px); + } + + &.current { + border: 1px solid #909FA8; + order: 0; + width: 100%; + + .current { + .download-link { + @extend .button; + @extend .primary; + line-height: 1; + order: 0; + padding: 10px 15px; + + &::before { + content: "Download " + } + + &:hover { + text-decoration: none; + } + } + } + } + } } } } + + .poweredby { + float: right; + margin-top: 10px; + text-align: center; + } +} + +#download-confirm, +body.layout-downloads .downloads #download-confirm.download { + border: 1px solid #2EB039; + border-radius: 8px; + box-shadow: 0 4px 4px rgba($black, 0.09), 0 4px 12px rgba($black, 0.05); + display: none; + padding: 15px; + + .details { + padding-left: 20px; + + h2 { + margin: 4px 0 0; + border: none; + } + } + + .download-confirm-message { + background: url("/assets/images/icon-checkmark-circle.svg") left center no-repeat; + color: #2EB039; + margin-bottom: 20px; + padding-left: 2rem; + } } diff --git a/website/source/assets/stylesheets/_forms.scss b/website/source/assets/stylesheets/_forms.scss new file mode 100644 index 0000000000..bbef082767 --- /dev/null +++ b/website/source/assets/stylesheets/_forms.scss @@ -0,0 +1,156 @@ +label { + cursor: pointer; +} + +.label { + color: $gray-darker; + display: block; + font-size: 13px; + margin-bottom: 2px; + text-align: left; +} + +fieldset { + margin-bottom: 10px; +} + +.checkbox-label { + padding-left: 0; + + input[type="checkbox"] { + margin-right: 5px; + } + + & + .input, + & + .textarea, + & + .select { + margin-left: 20px; + max-width: calc(100% - 20px); + } +} + +.input, +.textarea, +.select select { + appearance: none; + -webkit-appearance: none; + align-items: center; + background-color: #fff; + border-radius: 2px; + border: 1px solid #BAC1CC; + color: #000; + display: block; + height: 36px; + justify-content: flex-start; + line-height: 1.5; + padding: calc(.375em - 1px) 12px; + vertical-align: top; + max-width: 100%; + width: 100%; + + &::placeholder { + opacity: 0.5; + } +} + +.input, +.textarea, +.select { + display: block; + height: 36px; + margin-bottom: 10px; + max-width: 100%; + position: relative; + width: 100%; +} + +.input[disabled], +.textarea[disabled] { + border-color: #E1E5EB; + background-color: #FAFAFA; + box-shadow: none; + color: #8e96a3; +} + + +.input, +.textarea { + box-shadow: 0 4px 1px rgba($black, 0.06) inset; + + &:focus, + &.is-focused, + &:active, + &.is-active { + border-color: #0068FF; + } +} + +.select select { + background-color: #F7F8FA; + box-shadow: 0 3px 1px rgba($black, 0.12); + + .has-background-grey-lighter & { + background-color: $white; + } +} + +.select::after { + border: 1px solid $black; + border-right: 0; + border-top: 0; + border-width: 2px; + content: " "; + display: block; + height: 7px; + margin-top: 0; + pointer-events: none; + position: absolute; + right: 1.125em; + top: 50%; + transform: translateY(20%) rotate(-45deg); + width: 7px; + z-index: 4; +} + +.select::before { + @extend .select::after; + transform: translateY(-75%) rotate(135deg); + z-index: 5; +} + +.nested-fields { + border: 1px solid #E1E5EB; + border-radius: 4px; + margin: 0 0 20px 20px; + padding: 10px 20px 0; +} + +.form-hint { + color: #aaa; + font-size: 1.2rem; + font-weight: bold; + margin: -5px 12px 10px; +} + +.form-input-warning { + color: #614903; + + &::before { + background: url("/assets/images/icon-warning.svg") left center no-repeat; + content: ""; + display: inline-block; + height: 12px; + margin-right: 0.25rem; + width: 12px; + vertical-align: -0.1rem; + } +} + +.form-actions { + margin-top: 30px; + + .button { + line-height: 1; + padding: 11px 15px 8px 15px; + } +} diff --git a/website/source/assets/stylesheets/_home.scss b/website/source/assets/stylesheets/_home.scss index 823719fdbe..770b02383f 100755 --- a/website/source/assets/stylesheets/_home.scss +++ b/website/source/assets/stylesheets/_home.scss @@ -61,6 +61,25 @@ text-align: center; z-index: 1; + .get-started-links { + p { + margin-top: 0; + text-align: center; + } + + a { + margin: 0 0.5em; + } + + a:not(.button) { + border-bottom: 1px dashed #00ABE0; + color: #000; + font-size: 16px; + font-weight: 500; + text-decoration: none; + } + } + #tag-line { display: block; font-size: 24px; diff --git a/website/source/assets/stylesheets/_tabs.scss b/website/source/assets/stylesheets/_tabs.scss new file mode 100644 index 0000000000..1ec3495a25 --- /dev/null +++ b/website/source/assets/stylesheets/_tabs.scss @@ -0,0 +1,60 @@ +#inner .tabs { + user-select: none; + align-items: stretch; + display: flex; + font-size: 1rem; + justify-content: space-between; + margin-bottom: 1em; + overflow: hidden; + overflow-x: auto; + white-space: nowrap; + + p { + display: none; + } + + ul { + align-items: center; + border-bottom-color: #BAC1CC; + border-bottom-style: solid; + border-bottom-width: 1px; + display: flex; + flex-grow: 1; + flex-shrink: 0; + list-style: none; + justify-content: flex-start; + padding: 0; + } + + li { + margin: 0; + padding: 0 1rem; + } + + a { + align-items: center; + display: flex; + justify-content: center; + margin-bottom: -1px; + vertical-align: top; + color: #525761; + font-weight: 600; + text-decoration: none; + padding: 1rem 0.5rem 0.5rem; + border-bottom: 2px solid transparent; + transition: border-color 150ms; + + &.is-active { + border-color: #00ABE0; + color: #00ABE0; + } + } +} + +.tabs-content { + display: none; + + &.is-active { + display: block; + } +} diff --git a/website/source/assets/stylesheets/application.scss b/website/source/assets/stylesheets/application.scss index 3af5a28777..a451421578 100755 --- a/website/source/assets/stylesheets/application.scss +++ b/website/source/assets/stylesheets/application.scss @@ -25,6 +25,8 @@ @import '_buttons'; @import '_syntax'; @import '_logos'; +@import '_forms'; +@import '_tabs'; // Pages @import '_community'; @@ -32,6 +34,7 @@ @import '_downloads'; @import '_home'; @import '_latest'; +@import '_config'; // Demo @import '_demo'; diff --git a/website/source/docs/configuration/builder.html.erb b/website/source/docs/configuration/builder.html.erb new file mode 100644 index 0000000000..7b19be53cb --- /dev/null +++ b/website/source/docs/configuration/builder.html.erb @@ -0,0 +1,70 @@ +--- +layout: "docs" +page_title: "Server Configuration" +sidebar_current: "docs-configuration" +description: |- + Vault server configuration reference. +--- + +

Vault Configuration

+ + + +

+ Choose from the options below (some are required) and download your + configuration file. Some variables may be sensitive, so we will give you + placeholders that you can replace after downloading. +

+ +
+ <%= partial "builder/section_listener" %> + <%= partial "builder/section_storage" %> + <%= partial "builder/section_telemetry" %> + <%= partial "builder/section_seal" %> + + <%= partial "builder/reveal_select_field", locals: { + label: "Vault Web UI", + name: "ui", + options: { + false: "Do not activate UI", + true: "Activate UI" + }, + docs_url: "ui" + } %> + +
+ +
+ + +
+
+

+ Downloading configuration +

+
+ You can find your configuration file in your downloads folder named "vault-config.hcl" +
+ + + +
+
+
diff --git a/website/source/docs/configuration/builder/_reveal_label.html.erb b/website/source/docs/configuration/builder/_reveal_label.html.erb new file mode 100644 index 0000000000..018eea5ef3 --- /dev/null +++ b/website/source/docs/configuration/builder/_reveal_label.html.erb @@ -0,0 +1,16 @@ + diff --git a/website/source/docs/configuration/builder/_reveal_number_field.html.erb b/website/source/docs/configuration/builder/_reveal_number_field.html.erb new file mode 100644 index 0000000000..3ef2414db7 --- /dev/null +++ b/website/source/docs/configuration/builder/_reveal_number_field.html.erb @@ -0,0 +1,21 @@ +
+ <%= partial "builder/reveal_label", locals: { + label: label, + name: "include_#{name}", + required: (required if defined?(required)), + docs_url: (docs_url if defined?(docs_url)) + } %> +
"> + +
+
diff --git a/website/source/docs/configuration/builder/_reveal_select_field.html.erb b/website/source/docs/configuration/builder/_reveal_select_field.html.erb new file mode 100644 index 0000000000..29aa564ff7 --- /dev/null +++ b/website/source/docs/configuration/builder/_reveal_select_field.html.erb @@ -0,0 +1,22 @@ +
+ <%= partial "builder/reveal_label", locals: { + label: label, + name: "include_#{name}", + required: (required if defined?(required)), + docs_url: (docs_url if defined?(docs_url)) + } %> +
"> +
+ +
+
+
diff --git a/website/source/docs/configuration/builder/_reveal_text_field.html.erb b/website/source/docs/configuration/builder/_reveal_text_field.html.erb new file mode 100644 index 0000000000..2449b7e1b4 --- /dev/null +++ b/website/source/docs/configuration/builder/_reveal_text_field.html.erb @@ -0,0 +1,26 @@ +
+ <%= partial "builder/reveal_label", locals: { + label: label, + name: "include_#{name}", + required: (required if defined?(required)), + docs_url: (docs_url if defined?(docs_url)) + } %> +
"> + + /> + <% if (defined?(sensitive_disabled) && sensitive_disabled) %> +
+ This is sensitive information, so we will put this placeholder in your + config for you to replace. +
+ <% end %> +
+
diff --git a/website/source/docs/configuration/builder/_section_listener.html.erb b/website/source/docs/configuration/builder/_section_listener.html.erb new file mode 100644 index 0000000000..4abf9020ea --- /dev/null +++ b/website/source/docs/configuration/builder/_section_listener.html.erb @@ -0,0 +1,156 @@ +
+ <%= partial "builder/reveal_label", locals: { + label: "TCP Listener", + name: "include_tcp_listener", + required: true, + docs_url: "listener" + } %> + +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Listener Address", + name: "address", + value: "127.0.0.1:8200", + required: true, + docs_url: "listener/tcp.html#address" + } %> + +
+
+
+ <%= partial "builder/reveal_text_field", locals: { + label: "Cluster Address", + name: "cluster_address", + value: "127.0.0.1:8201", + docs_url: "listener/tcp.html#cluster_address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum Request Size", + name: "max_request_size", + placeholder: "33554432", + value: "33554432", + docs_url: "listener/tcp.html#max_request_size" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Proxy Protocol Behavior", + name: "proxy_protocol_behavior", + options: { + use_always: "Always use the client's IP address", + allow_authorized: "Use client address if IP is in Proxy Protocol Authorized Addresses", + deny_unauthorized: "Deny if not in Proxy Protocol Authorized Addresses" + }, + docs_url: "listener/tcp.html#proxy_protocol_behavior" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Proxy Protocol Authorized Addresses", + name: "proxy_protocol_authorized_addrs", + docs_url: "listener/tcp.html#proxy_protocol_authorized_addrs" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Disable TLS", + name: "tls_disable", + options: { + false: "Use TLS for secure communication", + true: "Disable TLS and use insecure communication" + }, + docs_url: "listener/tcp.html#tls_disable" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path for TLS Certificate File", + name: "tls_cert_file", + value: "", + sensitive_disabled: true, + docs_url: "listener/tcp.html#tls_cert_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path for TLS Key File", + name: "tls_key_file", + value: "", + sensitive_disabled: true, + docs_url: "listener/tcp.html#tls_key_file" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "TLS Minimum Version", + name: "tls_min_version", + options: { + tls12: "TLS 1.2", + tls11: "TLS 1.1", + tls10: "TLS 1.0" + }, + docs_url: "listener/tcp.html#tls_min_version" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "List of TLS Cipher Suites", + name: "tls_cipher_suites", + docs_url: "listener/tcp.html#tls_cipher_suites" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "TLS Cipher Suite Preference", + name: "tls_prefer_server_cipher_suites", + options: { + false: "Prefer the client ciphersuites over the server's ciphersuite", + true: "Prefer the server's ciphersuite over the client ciphersuites" + }, + docs_url: "listener/tcp.html#tls_prefer_server_cipher_suites" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Require and verify client certificate", + name: "tls_require_and_verify_client_cert", + options: { + false: "Leave off client authentication", + true: "Turn on client authentication" + }, + docs_url: "listener/tcp.html#tls_require_and_verify_client_cert" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Certificate Authority file (PEM-encoded)", + name: "tls_client_ca_file", + value: "", + sensitive_disabled: true, + docs_url: "listener/tcp.html#tls_client_ca_file" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Client authentication for this listener", + name: "tls_disable_client_certs", + options: { + false: "Request client certificates when available", + true: "Disable client authentication for this listener" + }, + docs_url: "listener/tcp.html#tls_disable_client_certs" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "IP addresses trusted by an X-Forwarded-For header", + name: "x_forwarded_for_authorized_addrs", + docs_url: "listener/tcp.html#x_forwarded_for_authorized_addrs" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Number of addresses to skip from rear of the set of hops", + name: "x_forwarded_for_hop_skips", + value: 0, + docs_url: "listener/tcp.html#x_forwarded_for_hop_skips" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Connections from unauthorized addresses", + name: "x_forwarded_for_reject_not_authorized", + options: { + true: "Reject connection from unauthorized addresses", + false: "Ignore header if there is an X-Forwarded-For header in a connection from an unauthorized address" + }, + docs_url: "listener/tcp.html#x_forwarded_for_reject_not_authorized" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Connections with no X-Forwarded-For header", + name: "x_forwarded_for_reject_not_present", + options: { + true: "Reject the client address if there is no X-Forwarded-For header or it is emptys", + false: "Use the client address if there is no X-Forwarded-For header or it is empty" + }, + docs_url: "listener/tcp.html#x_forwarded_for_reject_not_present" + } %> +
+
+
+
diff --git a/website/source/docs/configuration/builder/_section_seal.html.erb b/website/source/docs/configuration/builder/_section_seal.html.erb new file mode 100644 index 0000000000..ab2d6bf88b --- /dev/null +++ b/website/source/docs/configuration/builder/_section_seal.html.erb @@ -0,0 +1,219 @@ +
+ <%= partial "builder/reveal_select_field", locals: { + label: "Seal (Requires Vault Enterprise)", + name: "seal", + reveal: true, + options: { + pkcs11: "HSM PKCS11", + awskms: "AWS KMS", + gcpckms: "GCP Cloud KMS", + azurekeyvault: "Azure Key Vault" + } + } %> + +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Path to the PKCS#11 library shared object file", + name: "lib", + required: true, + docs_url: "seal/pkcs11.html#lib" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "PIN for login", + name: "pin", + required: true, + docs_url: "seal/pkcs11.html#pin" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Key Label", + name: "key_label", + required: true, + docs_url: "seal/pkcs11.html#key_label" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Label of the key to use for HMACing", + name: "hmac_key_label", + required: true, + docs_url: "seal/pkcs11.html#hmac_key_label" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Slot number to use (must specify number or token)", + name: "slot", + docs_url: "seal/pkcs11.html#slot" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Slot token label to use (must specify number or token)", + name: "token_label", + docs_url: "seal/pkcs11.html#token_label" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Default key label for decryption operations", + name: "default_key_label", + value: "", + sensitive_disabled: true, + docs_url: "seal/pkcs11.html#default_key_label" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Encryption/decryption mechanism", + name: "mechanism", + options: { + "0x1085": "CKM_AES_CBC_PAD (HMAC mechanism required)", + "0x1082": "CKM_AES_CBC (HMAC mechanism required)", + "0x1087": "CKM_AES_GCM", + "0x0009": "CKM_RSA_PKCS_OAEP", + "0x0001": "CKM_RSA_PKCS" + }, + docs_url: "seal/pkcs11.html#mechanism" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Default key label for decryption operations", + name: "hmac_mechanism", + value: "0x0251", + docs_url: "seal/pkcs11.html#hmac_mechanism" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Generate a key if 'key_label' can not be found", + name: "generate_key", + options: { + false: "No", + true: "Yes" + }, + docs_url: "storage/consul.html#generate_key" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Force generation of a new key (even if given key_label and hmac_key_label already exist)", + name: "regenerate_key", + options: { + false: "No", + true: "Yes (This will render previous data unrecoverable)" + }, + docs_url: "storage/consul.html#regenerate_key" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Perform encyption locally", + name: "rsa_encrypt_local", + options: { + false: "No", + true: "Yes" + }, + docs_url: "storage/consul.html#rsa_encrypt_local" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Hash algorithm to use for RSA with OAEP padding", + name: "rsa_oaep_hash", + options: { + "sha256": "SHA-256", + "sha1": "SHA-1", + "sha224": "SHA-224", + "sha384": "SHA-384", + "sha512": "SHA-512" + }, + docs_url: "storage/consul.html#rsa_oaep_hash" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "AWS access key ID", + name: "access_key", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "seal/awskms.html#access_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS secret access key", + name: "secret_key", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "seal/awskms.html#secret_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS KMS key ID to use for encryption and decryption", + name: "kms_key_id", + required: true, + docs_url: "seal/awskms.html#kms_key_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS region where the encryption key lives", + name: "region", + docs_url: "seal/awskms.html#region" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Path to the credentials JSON file", + name: "credentials", + required: true, + docs_url: "seal/gcpckms.html#credentials" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "GCP project ID", + name: "project", + required: true, + docs_url: "seal/gcpckms.html#project" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "GCP CKMS key ring", + name: "key_ring", + required: true, + docs_url: "seal/gcpckms.html#key_ring" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "GCP CKMS crypto key to use for encryption and decryption", + name: "crypto_key", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "seal/gcpckms.html#crypto_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "GCP region/location where the key ring lives", + name: "region", + docs_url: "seal/gcpckms.html#region" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Tenant id for the Azure Active Directory organization", + name: "tenant_id", + required: true, + docs_url: "seal/azurekeyvault.html#tenant_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Key Vault vault to use the encryption keys for encryption and decryption", + name: "vault_name", + required: true, + docs_url: "seal/azurekeyvault.html#vault_name" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Key Vault key to use for encryption and decryption", + name: "key_name", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "seal/azurekeyvault.html#key_name" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Client id for credentials to query the Azure APIs", + name: "client_id", + docs_url: "seal/azurekeyvault.html#client_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Client id for credentials to query the Azure APIs", + name: "client_secret", + value: "", + sensitive_disabled: true, + docs_url: "seal/azurekeyvault.html#client_secret" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Azure Cloud environment API endpoints", + name: "environment", + value: "AZUREPUBLICCLOUD", + docs_url: "seal/azurekeyvault.html#environment" + } %> +
+
diff --git a/website/source/docs/configuration/builder/_section_storage.html.erb b/website/source/docs/configuration/builder/_section_storage.html.erb new file mode 100644 index 0000000000..9ebedd15b4 --- /dev/null +++ b/website/source/docs/configuration/builder/_section_storage.html.erb @@ -0,0 +1,877 @@ +
+
+ <%= partial "builder/reveal_label", locals: { + label: "Storage", + name: "include_storage", + required: true, + docs_url: "storage" + } %> + + + +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Path", + name: "path", + required: true, + docs_url: "storage/filesystem.html#path" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Account Name", + name: "accountName", + required: true, + docs_url: "storage/azure.html#path" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Account Key", + name: "accountKey", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "storage/azure.html#accountKey" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Storage Blob container name", + name: "container", + required: true, + docs_url: "storage/azure.html#container" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/azure.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Connection URL", + name: "connection_url", + required: true, + docs_url: "storage/cockroachdb.html#connection_url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the table in which to write Vault data", + name: "table", + value: "vault_kv_store", + docs_url: "storage/cockroachdb.html#vault_kv_store" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/cockroachdb.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Address of Consul agent", + name: "address", + value: "127.0.0.1:8500", + docs_url: "storage/consul.html#address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Check interval to send health checks back to Consul", + name: "check_timeout", + value: "5s", + docs_url: "storage/consul.html#check_timeout" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Consul consistency mode", + name: "consistency_mode", + options: { + default: "Default", + strong: "Strong" + }, + docs_url: "storage/consul.html#consistency_mode" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Should Vault should register itself with Consul", + name: "disable_registration", + options: { + false: "No", + true: "Yes" + }, + docs_url: "storage/consul.html#disable_registration" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/consul.html#max_parallel" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path in Consul's key-value store where Vault data will be stored", + name: "path", + value: "vault/", + docs_url: "storage/consul.html#path" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Scheme to use when communicating with Consul", + name: "scheme", + options: { + http: "http", + https: "https" + }, + docs_url: "storage/consul.html#scheme" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the service to register in Consul", + name: "service", + value: "vault", + docs_url: "storage/consul.html#service" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "List of Service tags", + name: "service_tags", + docs_url: "storage/consul.html#service_tags" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Service-specific address to set on the service registration", + name: "service_address", + docs_url: "storage/consul.html#service_address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Consul ACL token", + name: "token", + docs_url: "storage/consul.html#token" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Minimum allows session TTL", + name: "session_ttl", + value: "15s", + docs_url: "storage/consul.html#session_ttl" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Minimum time to cancel a lock acquisition", + name: "lock_wait_time", + value: "15s", + docs_url: "storage/consul.html#lock_wait_time" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to CA certificate used for Consul communication", + name: "tls_ca_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/consul.html#tls_ca_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to certificate for Consul communication", + name: "tls_cert_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/consul.html#tls_cert_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to the private key for Consul communication", + name: "tls_key_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/consul.html#tls_key_file" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Minimum TLS version", + name: "tls_min_version", + options: { + tls12: "TLS 1.2", + tls11: "TLS 1.1", + tls10: "TLS 1.0" + }, + docs_url: "storage/consul.html#tls_min_version" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Disable TLS Host verification", + name: "tls_skip_verify", + options: { + false: "Use TLS Host verification", + true: "Disable TLS Host verification (highly discouraged)" + }, + docs_url: "storage/consul.html#tls_skip_verify" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "CouchDB endpoint", + name: "endpoint", + docs_url: "storage/couchdb.html#endpoint" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "User to use for authentication", + name: "username", + value: "", + sensitive_disabled: true, + docs_url: "storage/couchdb.html#username" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Password", + name: "password", + value: "", + sensitive_disabled: true, + docs_url: "storage/couchdb.html#password" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/couchdb.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Access Key", + name: "access_key", + required: true, + value: "", + sensitive_disabled: true, + docs_url: "storage/dynamodb.html#access_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Secret Key", + name: "secret_key", + required: true, + value: "", + sensitive_disabled: true, + docs_url: "storage/dynamodb.html#secret_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "DynamoDB endpoint", + name: "endpoint", + docs_url: "storage/dynamodb.html#endpoint" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "High Availability mode (HA)", + name: "ha_enabled", + options: { + false: "Use High Availablity mode", + true: "Disable High Availablity mode" + }, + docs_url: "storage/dynamodb.html#ha_enabled" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/dynamodb.html#max_parallel" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS Region", + name: "region", + value: "us-east-1", + docs_url: "storage/dynamodb.html#region" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Maximum number of reads per second", + name: "read_capacity", + value: 5, + docs_url: "storage/dynamodb.html#read_capacity" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Maximum number of writes per second", + name: "write_capacity", + value: 5, + docs_url: "storage/dynamodb.html#write_capacity" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the DynamoDB table in which to store Vault data", + name: "table", + value: "vault-dynamodb-backend", + docs_url: "storage/dynamodb.html#table" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Session Token", + name: "session_token", + value: "", + sensitive_disabled: true, + docs_url: "storage/dynamodb.html#session_token" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "List of addresses of the Etcd instances", + name: "address", + value: "http://localhost:2379", + docs_url: "storage/etcd.html#address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Domain name to query for SRV records describing cluster endpoints", + name: "discovery_srv", + value: "example.com", + docs_url: "storage/etcd.html#discovery_srv" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Etcd API Version", + name: "etcd_api", + docs_url: "storage/etcd.html#etcd_api" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "High Availability mode (HA)", + name: "ha_enabled", + options: { + false: "Use High Availablity mode", + true: "Disable High Availablity mode" + }, + docs_url: "storage/etcd.html#ha_enabled" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path in Etcd where Vault data will be stored", + name: "path", + value: "vault/", + docs_url: "storage/etcd.html#path" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Sync the list of available Etcd services on startup", + name: "sync", + options: { + true: "Enable Sync", + false: "Disable Sync" + }, + docs_url: "storage/etcd.html#sync" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Username to use when authenticating with the Etcd server", + name: "username", + value: "", + sensitive_disabled: true, + docs_url: "storage/etcd.html#username" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Password", + name: "password", + value: "", + sensitive_disabled: true, + docs_url: "storage/etcd.html#password" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to the CA certificate used for Etcd communication", + name: "tls_ca_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/etcd.html#tls_ca_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to the certificate used for Etcd communication", + name: "tls_cert_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/etcd.html#tls_cert_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to the private key for Etcd communication", + name: "tls_key_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/etcd.html#tls_key_file" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Path to the cluster file containing the connection data for the target cluster", + name: "cluster_file", + required: true, + docs_url: "storage/foundationdb.html#cluster_file" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "FoundationDB API version", + name: "api_version", + docs_url: "storage/foundationdb.html#api_version" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "High Availability mode (HA)", + name: "ha_enabled", + options: { + false: "Use High Availablity mode", + true: "Disable High Availablity mode" + }, + docs_url: "storage/foundationdb.html#ha_enabled" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path in Etcd where Vault data will be stored", + name: "path", + value: "vault", + docs_url: "storage/foundationdb.html#path" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Name of the bucket to use for storage", + name: "bucket", + required: true, + docs_url: "storage/gcs.html#bucket" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Maximum size (in kilobytes) to send in a single request", + name: "chunk_size", + value: "8192", + docs_url: "storage/gcs.html#chunk_size" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: 128, + docs_url: "storage/gcs.html#max_parallel" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "High Availability mode (HA)", + name: "ha_enabled", + options: { + false: "Use High Availablity mode", + true: "Disable High Availablity mode" + }, + docs_url: "storage/gcs.html#ha_enabled" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Name of the database", + name: "database", + required: true, + docs_url: "storage/spanner.html#database" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the table where data will be stored and retrieved", + name: "table", + value: "Vault", + docs_url: "storage/spanner.html#table" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: 128, + docs_url: "storage/spanner.html#max_parallel" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "High Availability mode (HA)", + name: "ha_enabled", + options: { + false: "Use High Availablity mode", + true: "Disable High Availablity mode" + }, + docs_url: "storage/spanner.html#ha_enabled" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the table to use for storing high availability information", + name: "ha_table", + value: "VaultHA", + docs_url: "storage/spanner.html#ha_table" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Name of the manta directory to use", + name: "directory", + required: true, + docs_url: "storage/manta.html#directory" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Manta user account name", + name: "user", + required: true, + value: "", + sensitive_disabled: true, + docs_url: "storage/manta.html#user" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Fingerprint of the public key of the SSH key pair to use for authentication", + name: "key_id", + required: true, + value: "", + sensitive_disabled: true, + docs_url: "storage/manta.html#key_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of a subuser that has been granted access to the Manta account", + name: "subuser", + docs_url: "storage/manta.html#subuser" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Manta URL", + name: "url", + value: "https://us-east.manta.joyent.com", + docs_url: "storage/manta.html#url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/manta.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "MySQL username to connect to the database", + name: "username", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "storage/mysql.html#username" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "MySQL password to connect to the database", + name: "password", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "storage/mysql.html#password" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Address of the MySQL host", + name: "address", + value: "127.0.0.1:3306", + docs_url: "storage/mysql.html#address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the database", + name: "database", + value: "vault", + docs_url: "storage/mysql.html#database" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the table", + name: "table", + value: "vault", + docs_url: "storage/mysql.html#table" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path to the CA certificate to connect using TLS", + name: "tls_ca_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/mysql.html#tls_ca_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/mysql.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Connection string to use to authenticate and connect to PostgreSQL", + name: "connection_url", + required: true, + docs_url: "storage/postgresql.html#connection_url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the table in which to write Vault data", + name: "table", + value: "vault_kv_store", + docs_url: "storage/postgresql.html#table" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + value: "128", + docs_url: "storage/postgresql.html#max_parallel" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Comma-separated list of Cassandra hosts to connect to", + name: "hosts", + value: "127.0.0.1", + docs_url: "storage/cassandra.html#hosts" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Cassandra keyspace to use", + name: "keyspace", + value: "vault", + docs_url: "storage/cassandra.html#keyspace" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Table within the keyspace in which to store data", + name: "keyspace", + value: "entries", + docs_url: "storage/cassandra.html#table" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Consistency level to use when reading/writing data", + name: "consistency", + options: { + ANY: "Any", + ONE: "One", + TWO: "Two", + THREE: "Three", + QUORUM: "Quorum", + ALL: "All", + LOCAL_QUORUM: "Local Quorum", + EACH_QUORUM: "Each Quorum", + LOCAL_ONE: "Local One" + }, + docs_url: "storage/cassandra.html#consistency" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Cassandra protocol version to use", + name: "protocol_version", + value: "2", + min: "0", + docs_url: "storage/cassandra.html#protocol_version" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Username to use when authenticating with the Cassandra hosts", + name: "username", + value: "", + sensitive_disabled: true, + docs_url: "storage/cassandra.html#username" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Password to use when authenticating with the Cassandra hosts", + name: "password", + value: "", + sensitive_disabled: true, + docs_url: "storage/cassandra.html#password" + } %> + <%= partial "builder/reveal_number_field", locals: { + label: "Timeout in seconds to wait until a connection is established", + name: "connection_timeout", + value: "0", + min: "0", + docs_url: "storage/cassandra.html#connection_timeout" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Connection with the Cassandra hosts should use TLS", + name: "tls", + options: { + "0": "Do not use TLS", + "1": "Use TLS" + }, + docs_url: "storage/cassandra.html#tls" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "PEM Bundle File", + name: "pem_bundle_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/cassandra.html#pem_bundle_file" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "PEM JSON File", + name: "pem_json_file", + value: "", + sensitive_disabled: true, + docs_url: "storage/cassandra.html#pem_json_file" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Disable TLS host verification", + name: "tls_skip_verify", + options: { + "0": "Use TLS host verification", + "1": "Disable TLS host verification" + }, + docs_url: "storage/cassandra.html#tls_skip_verify" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Minimum TLS version", + name: "tls_min_version", + options: { + tls12: "TLS 1.2", + tls11: "TLS 1.1", + tls10: "TLS 1.0" + }, + docs_url: "storage/cassandra.html#tls_min_version" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Name of the S3 bucket", + name: "bucket", + required: true, + docs_url: "storage/s3.html#bucket" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Alternative, AWS compatible, S3 endpoint", + name: "endpoint", + docs_url: "storage/s3.html#endpoint" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS region", + name: "region", + docs_url: "storage/s3.html#region" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS Access Key", + name: "access_key", + value: "", + sensitive_disabled: true, + docs_url: "storage/s3.html#access_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "AWS Secret Key", + name: "secret_key", + value: "", + sensitive_disabled: true, + docs_url: "storage/s3.html#secret_key" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Session Token", + name: "session_token", + value: "", + sensitive_disabled: true, + docs_url: "storage/s3.html#session_token" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + docs_url: "storage/s3.html#max_parallel" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Use host bucket style domains", + name: "s3_force_path_style", + options: { + false: "No", + true: "Yes" + }, + docs_url: "storage/s3.html#s3_force_path_style" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Use SSL for the endpoint connection", + name: "disable_ssl", + options: { + false: "No", + true: "Yes" + }, + docs_url: "storage/s3.html#disable_ssl" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "OpenStack authentication endpoint", + name: "auth_url", + required: true, + docs_url: "swift/swift.html#auth_url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the Swift container", + name: "container", + required: true, + docs_url: "swift/swift.html#container" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "OpenStack username", + name: "username", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "storage/swift.html#username" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "OpenStack password", + name: "password", + value: "", + sensitive_disabled: true, + required: true, + docs_url: "storage/swift.html#password" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Maximum number of concurrent requests", + name: "max_parallel", + docs_url: "storage/swift.html#max_parallel" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the region", + name: "region", + docs_url: "storage/swift.html#region" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "ID of the tenant", + name: "tenant_id", + docs_url: "storage/swift.html#tenant_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the user domain", + name: "domain", + docs_url: "storage/swift.html#domain" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name of the project's domain", + name: "project-domain", + docs_url: "storage/swift.html#project-domain" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "ID of the trust", + name: "trust_id", + docs_url: "storage/swift.html#trust_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Storage URL from alternate authentication", + name: "storage_url", + docs_url: "storage/swift.html#storage_url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Auth token from alternate authentication", + name: "auth_token", + value: "", + sensitive_disabled: true, + docs_url: "storage/swift.html#auth_token" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "List of addresses of the Zookeeper instances", + name: "address", + value: "localhost:2181", + docs_url: "swift/swift.html#address" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Path in Zookeeper where data will be stored", + name: "path", + value: "vault/", + docs_url: "swift/swift.html#path" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Authentication string in Zookeeper AddAuth format", + name: "auth_info", + value: "", + sensitive_disabled: true, + docs_url: "swift/swift.html#auth_info" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Set permissions (CRWDA) to the ACL", + name: "znode_owner", + docs_url: "swift/swift.html#znode_owner" + } %> +
+
diff --git a/website/source/docs/configuration/builder/_section_telemetry.html.erb b/website/source/docs/configuration/builder/_section_telemetry.html.erb new file mode 100644 index 0000000000..9527b89cf8 --- /dev/null +++ b/website/source/docs/configuration/builder/_section_telemetry.html.erb @@ -0,0 +1,123 @@ +
+ <%= partial "builder/reveal_select_field", locals: { + label: "Telemetry", + name: "telemetry", + reveal: true, + options: { + statsite: "Statsite", + statsd: "StatsD", + circonus: "Circonus", + dogstatsd: "DogStatsD" + } + } %> + +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Address of a statsite server to forward metrics data to", + name: "statsite_address", + docs_url: "telemetry/#statsite_address" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Prefix gauge values with local hostname", + name: "disable_hostname", + options: { + false: "No", + true: "Yes" + }, + docs_url: "telemetry/#disable_hostname" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Address of a statsd server to forward metrics data to", + name: "statsd_address", + docs_url: "telemetry/#statsd_address" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Prefix gauge values with local hostname", + name: "disable_hostname", + options: { + false: "No", + true: "Yes" + }, + docs_url: "telemetry/#disable_hostname" + } %> +
+ +
+ <%= partial "builder/reveal_text_field", locals: { + label: "Circonus API Token used to create/manage check", + name: "circonus_api_token", + value: "", + sensitive_disabled: true, + docs_url: "telemetry/#circonus_api_token" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "App name associated with the API token", + name: "circonus_api_app", + value: "nomad", + docs_url: "telemetry/#circonus_api_app" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Base URL to use for contacting the Circonus API", + name: "circonus_api_url", + value: "https://api.circonus.com/v2", + docs_url: "telemetry/#circonus_api_url" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Interval at which metrics are submitted to Circonus", + name: "circonus_submission_interval", + value: "10s", + docs_url: "telemetry/#circonus_submission_interval" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Circonus check.config.submission_url field", + name: "circonus_submission_url", + docs_url: "telemetry/#circonus_submission_url" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Force activation of metrics which already exist and are not currently active", + name: "circonus_check_force_metric_activation", + options: { + false: "No", + true: "Yes" + }, + docs_url: "telemetry/#circonus_check_force_metric_activation" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Tag to narrow down the search results", + name: "circonus_check_search_tag", + docs_url: "telemetry/#circonus_check_search_tag" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Name to give a check when it is created", + name: "circonus_check_display_name", + docs_url: "telemetry/#circonus_check_display_name" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "List of additional tags to add to a check when it is created", + name: "circonus_check_tags", + docs_url: "telemetry/#circonus_check_tags" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "ID of Circonus Broker to use when creating a new check", + name: "circonus_broker_id", + docs_url: "telemetry/#circonus_broker_id" + } %> + <%= partial "builder/reveal_text_field", locals: { + label: "Tag which will be used to select a Circonus Broker (when a Broker ID is not provided)", + name: "circonus_broker_select_tag", + docs_url: "telemetry/#circonus_broker_select_tag" + } %> + <%= partial "builder/reveal_select_field", locals: { + label: "Prefix gauge values with local hostname", + name: "disable_hostname", + options: { + false: "No", + true: "Yes" + }, + docs_url: "telemetry/#disable_hostname" + } %> +
+
diff --git a/website/source/docs/configuration/index.html.md b/website/source/docs/configuration/index.html.md index 2d05966e37..09592bd833 100644 --- a/website/source/docs/configuration/index.html.md +++ b/website/source/docs/configuration/index.html.md @@ -8,6 +8,21 @@ description: |- # Vault Configuration + + Outside of development mode, Vault servers are configured using a file. The format of this file is [HCL](https://github.com/hashicorp/hcl) or JSON. An example configuration is shown below: @@ -150,6 +165,7 @@ The following parameters are used on backends that support [high availability][h such as request forwarding are enabled. Setting this to true on one Vault node will disable these features _only when that node is the active node_. +[config-builder]: /docs/configuration/builder.html [storage-backend]: /docs/configuration/storage/index.html [listener]: /docs/configuration/listener/index.html [seal]: /docs/configuration/seal/index.html diff --git a/website/source/downloads.html.erb b/website/source/downloads.html.erb index 4ebaa55aa3..fc4871517a 100644 --- a/website/source/downloads.html.erb +++ b/website/source/downloads.html.erb @@ -6,16 +6,68 @@ description: |- Download Vault --- -

Download Vault

-
+

Download Vault

Below are the available downloads for the latest version of Vault (<%= latest_version %>). Please download the proper package for your - operating system and architecture. + operating system and architecture. Check out the + + v<%= latest_version %> CHANGELOG + + for information on the latest release.

+
+
+ +
+ <% product_versions.each do |os, arches| %> + <% next if os == "web" %> +
+
<%= system_icon(os) %>
+
+

<%= pretty_os(os) %>

+ +
+
+
+ <% end %> +
+
+
+
+

+ Vault for + +

+
+ Downloading Vault for +
+ + + +
+
+
+ + <%= inline_svg "fastly.svg", height: 25 %> + + +
+
+

Verify your download

You can find the @@ -26,36 +78,21 @@ description: |- verify the checksums signature file which has been signed using HashiCorp's GPG key. - You can also download older versions of Vault from the releases service.

-

Check out the v<%= latest_version %> CHANGELOG for information on the latest release.

-

Community resources are available to learn more about Vault and interact with the community.

- <% product_versions.each do |os, arches| %> - <% next if os == "web" %> -
-
-
<%= system_icon(os) %>
-
-

<%= pretty_os(os) %>

- -
-
-
+
+
+

Older versions

+

You can download older versions of Vault from the releases service.

- <% end %> +
-
- - <%= inline_svg "fastly.svg", height: 50 %> - +
+

Welcome to the Vault community

+

Community resources are available to learn more about Vault and interact with the community.

diff --git a/website/source/index.html.erb b/website/source/index.html.erb index 8d8d1d0e31..2838bc65ed 100644 --- a/website/source/index.html.erb +++ b/website/source/index.html.erb @@ -15,9 +15,14 @@ description: |- <%= inline_svg "logo-hashicorp.svg", height: 120, class: "logo" %> A Tool for Managing Secrets -
- Get Started - Launch Interactive Tutorial +
+ Download + Get Started + +

+ Web UI demo + Command-line demo +

diff --git a/website/source/intro/getting-started/dev-server.html.md b/website/source/intro/getting-started/dev-server.html.md index 7200030f27..cd633cf73f 100644 --- a/website/source/intro/getting-started/dev-server.html.md +++ b/website/source/intro/getting-started/dev-server.html.md @@ -15,104 +15,172 @@ piece of the Vault architecture that interacts with the data storage and backends. All operations done via the Vault CLI interact with the server over a TLS connection. -In this page, we'll start and interact with the Vault server to understand how -the server is started. + -## Starting the Dev Server +
+ First, we're going to start a Vault _dev server_. The dev server is a built-in, + pre-configured server that is not very secure but useful for playing with Vault + locally. Later in this guide we'll configure and start a real server. -First, we're going to start a Vault _dev server_. The dev server is a built-in, -pre-configured server that is not very secure but useful for playing with Vault -locally. Later in this guide we'll configure and start a real server. + To start the Vault dev server, run: -To start the Vault dev server, run: + ```text + $ vault server -dev + ==> Vault server configuration: -```text -$ vault server -dev -==> Vault server configuration: + Cgo: disabled + Cluster Address: https://127.0.0.1:8201 + Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled") + Log Level: info + Mlock: supported: false, enabled: false + Redirect Address: http://127.0.0.1:8200 + Storage: inmem + Version: Vault v1.2.3 + Version Sha: ... - Cgo: disabled - Cluster Address: https://127.0.0.1:8201 - Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled") - Log Level: info - Mlock: supported: false, enabled: false - Redirect Address: http://127.0.0.1:8200 - Storage: inmem - Version: Vault v1.2.3 - Version Sha: ... + WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory + and starts unsealed with a single unseal key. The root token is already + authenticated to the CLI, so you can immediately begin using Vault. -WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory -and starts unsealed with a single unseal key. The root token is already -authenticated to the CLI, so you can immediately begin using Vault. + You may need to set the following environment variable: -You may need to set the following environment variable: + $ export VAULT_ADDR='http://127.0.0.1:8200' - $ export VAULT_ADDR='http://127.0.0.1:8200' + The unseal key and initial root token are displayed below in case you want to + seal/unseal the Vault or re-authenticate. -The unseal key and initial root token are displayed below in case you want to -seal/unseal the Vault or re-authenticate. + Unseal Key: 1aKM7rNnyW+7Jx1XDAXFswgkRVe+78JB28k/bel90jY= + Root Token: root -Unseal Key: 1aKM7rNnyW+7Jx1XDAXFswgkRVe+78JB28k/bel90jY= -Root Token: root + Development mode should NOT be used in production installations! -Development mode should NOT be used in production installations! + ==> Vault server started! Log data will stream in below: -==> Vault server started! Log data will stream in below: + # ... + ``` -# ... -``` + You should see output similar to that above. Vault does not fork, so it will + continue to run in the foreground. Open another shell or terminal tab to run the + remaining commands. -You should see output similar to that above. Vault does not fork, so it will -continue to run in the foreground. Open another shell or terminal tab to run the -remaining commands. + The dev server stores all its data in-memory (but still encrypted), listens on + `localhost` without TLS, and automatically unseals and shows you the unseal key + and root access key. **Do not run a dev server in production!** -The dev server stores all its data in-memory (but still encrypted), listens on -`localhost` without TLS, and automatically unseals and shows you the unseal key -and root access key. **Do not run a dev server in production!** + With the dev server running, do the following three things before anything else: -With the dev server running, do the following three things before anything else: + 1. Launch a new terminal session. - 1. Launch a new terminal session. + 2. Copy and run the `export VAULT_ADDR ...` command from the terminal + output. This will configure the Vault client to talk to our dev server. - 2. Copy and run the `export VAULT_ADDR ...` command from the terminal - output. This will configure the Vault client to talk to our dev server. + 3. Save the unseal key somewhere. Don't worry about _how_ to save this + securely. For now, just save it anywhere. - 3. Save the unseal key somewhere. Don't worry about _how_ to save this - securely. For now, just save it anywhere. + 4. Do the same as step 3, but with the root token. We'll use this later. - 4. Do the same as step 3, but with the root token. We'll use this later. + ## Verify the Server is Running -## Verify the Server is Running + Verify the server is running by running the `vault status` command. This should + succeed and exit with exit code 0. If you see an error about opening + a connection, make sure you copied and executed the `export VAULT_ADDR...` + command from above properly. -Verify the server is running by running the `vault status` command. This should -succeed and exit with exit code 0. If you see an error about opening -a connection, make sure you copied and executed the `export VAULT_ADDR...` -command from above properly. + If it ran successfully, the output should look like the below: -If it ran successfully, the output should look like the below: + ```text + $ vault status + Key Value + --- ----- + Sealed false + Total Shares 1 + Version (version unknown) + Cluster Name vault-cluster-81109a1a + Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1 + HA Enabled false + ``` -```text -$ vault status -Key Value ---- ----- -Sealed false -Total Shares 1 -Version (version unknown) -Cluster Name vault-cluster-81109a1a -Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1 -HA Enabled false -``` + If the output looks different, especially if the numbers are different or the + Vault is sealed, then restart the dev server and try again. The only reason + these would ever be different is if you're running a dev server from going + through this guide previously. -If the output looks different, especially if the numbers are different or the -Vault is sealed, then restart the dev server and try again. The only reason -these would ever be different is if you're running a dev server from going -through this guide previously. + We'll cover what this output means later in the guide. -We'll cover what this output means later in the guide. + ## Next -## Next + Congratulations! You've started your first Vault server. We haven't stored + any secrets yet, but we'll do that in the next section. -Congratulations! You've started your first Vault server. We haven't stored -any secrets yet, but we'll do that in the next section. + Next, we're going to + [read and write our first secrets](/intro/getting-started/first-secret.html). +
-Next, we're going to -[read and write our first secrets](/intro/getting-started/first-secret.html). +
+ We're going to start a Vault _server_ with the + configuration file that you + created. + + To start the Vault server, run: + + ```text + $ vault server -config=vault-config.hcl + ==> Vault server configuration: + + Cgo: disabled + Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled") + Log Level: info + Mlock: supported: false, enabled: false + Storage: file + Version: Vault v0.1.2 + Version Sha: ... + + ==> Vault server started! Log data will stream in below: + + # ... + ``` + + You should see output similar to that above. Vault does not fork, so it will + continue to run in the foreground. + + ## Verify the Server is Running + + Verify the server is running by running the `vault status` command. This should + succeed and exit with exit code 0. If you see an error about opening + a connection, make sure you copied and executed the `export VAULT_ADDR...` + command from above properly. + + If it ran successfully, the output should look like the below: + + ```text + $ vault status + Key Value + --- ----- + Sealed false + Total Shares 1 + Version (version unknown) + Cluster Name vault-cluster-81109a1a + Cluster ID f6e0aa8a-700e-38b8-5dc5-4265c880b2a1 + HA Enabled false + ``` + + ## Next + + Congratulations! You've started your first Vault server. You can now view the + Vault Web UI (at http://localhost:4200/ui + if you are running Vault locally) to guide you through the rest of getting set up. + +