diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx
index 3e024827b5a6..47d2d9167ce1 100644
--- a/website/content/docs/agent/index.mdx
+++ b/website/content/docs/agent/index.mdx
@@ -61,7 +61,6 @@ func getSecretWithAppRole() (string, error) {
}
data := secret.Data["data"].(map[string]interface{})
-
...snip...
}
```
diff --git a/website/content/docs/auth/approle.mdx b/website/content/docs/auth/approle.mdx
index 182aae8989fb..f42c9bc2cdaa 100644
--- a/website/content/docs/auth/approle.mdx
+++ b/website/content/docs/auth/approle.mdx
@@ -341,12 +341,12 @@ using VaultSharp.V1.AuthMethods.AppRole;
using VaultSharp.V1.AuthMethods.Token;
using VaultSharp.V1.Commons;
-namespace Examples
+namespace Examples
{
public class ApproleAuthExample
{
const string DefaultTokenPath = "../../../path/to/wrapping-token";
-
+
///
/// Fetches a key-value secret (kv-v2) after authenticating to Vault via AppRole authentication
///
@@ -356,7 +356,7 @@ namespace Examples
// The Secret ID is a value that needs to be protected, so instead of the app having knowledge of the secret ID directly,
// we have a trusted orchestrator (https://learn.hashicorp.com/tutorials/vault/secure-introduction?in=vault/app-integration#trusted-orchestrator)
// give the app access to a short-lived response-wrapping token (https://www.vaultproject.io/docs/concepts/response-wrapping).
- // Read more at: https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices
+ // Read more at: https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices
var vaultAddr = Environment.GetEnvironmentVariable("VAULT_ADDR");
if(String.IsNullOrEmpty(vaultAddr))
{
@@ -382,9 +382,9 @@ namespace Examples
// We pass null here instead of the wrapping token to avoid depleting its single usage
// given that we already initialized our client with the wrapping token
Secret> secretIdData = vaultClientForUnwrapping.V1.System
- .UnwrapWrappedResponseDataAsync>(null).Result;
+ .UnwrapWrappedResponseDataAsync>(null).Result;
- var secretId = secretIdData.Data["secret_id"]; // Grab the secret_id
+ var secretId = secretIdData.Data["secret_id"]; // Grab the secret_id
// We create a second VaultClient and initialize it with the AppRole auth method and our new credentials.
IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(roleId, secretId.ToString());
@@ -395,9 +395,9 @@ namespace Examples
// We can retrieve the secret from VaultClient
Secret kv2Secret = null;
kv2Secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "/creds").Result;
-
+
var password = kv2Secret.Data.Data["password"];
-
+
return password.ToString();
}
}
diff --git a/website/content/docs/auth/aws.mdx b/website/content/docs/auth/aws.mdx
index a91a8ee5d52d..438cc3c3ff14 100644
--- a/website/content/docs/auth/aws.mdx
+++ b/website/content/docs/auth/aws.mdx
@@ -834,9 +834,9 @@ using VaultSharp.V1.SecretsEngines.AWS;
namespace Examples
{
- public class AwsAuthExample
+ public class AwsAuthExample
{
- ///
+ ///
/// Fetches a key-value secret (kv-v2) after authenticating to Vault via AWS IAM,
/// one of two auth methods used to authenticate with AWS (the other is EC2 auth).
///
@@ -857,12 +857,12 @@ namespace Examples
var amazonSecurityTokenServiceConfig = new AmazonSecurityTokenServiceConfig();
// Initialize BasicAWS Credentials w/ an accessKey and secretKey
- Amazon.Runtime.AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey: Environment.GetEnvironmentVariable("AWS_ACCESS_KEY_ID"),
+ Amazon.Runtime.AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey: Environment.GetEnvironmentVariable("AWS_ACCESS_KEY_ID"),
secretKey: Environment.GetEnvironmentVariable("AWS_SECRET_ACCESS_KEY"));
-
+
// Construct the IAM Request and add necessary headers
var iamRequest = GetCallerIdentityRequestMarshaller.Instance.Marshall(new GetCallerIdentityRequest());
-
+
iamRequest.Endpoint = new Uri(amazonSecurityTokenServiceConfig.DetermineServiceURL());
iamRequest.ResourcePath = "/";
@@ -884,9 +884,9 @@ namespace Examples
// We can retrieve the secret from the VaultClient object
Secret kv2Secret = null;
kv2Secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "/creds").Result;
-
+
var password = kv2Secret.Data.Data["password"];
-
+
return password.ToString();
}
}
diff --git a/website/content/docs/configuration/listener/tcp.mdx b/website/content/docs/configuration/listener/tcp.mdx
index a6fee9861027..7a3966095173 100644
--- a/website/content/docs/configuration/listener/tcp.mdx
+++ b/website/content/docs/configuration/listener/tcp.mdx
@@ -22,7 +22,6 @@ specify [`api_addr`][api-addr] and [`cluster_addr`][cluster-addr] so Vault will
advertise the correct address to other nodes.
## Listener's custom response headers
-
As of version 1.9, Vault supports defining custom HTTP response headers for the root path (`/`) and also on API endpoints (`/v1/*`).
The headers are defined based on the returned status code. For example, a user can define a list of
custom response headers for the `200` status code, and another list of custom response headers for
diff --git a/website/content/docs/internals/security.mdx b/website/content/docs/internals/security.mdx
index 3abe8499fef2..0ddbb6bde858 100644
--- a/website/content/docs/internals/security.mdx
+++ b/website/content/docs/internals/security.mdx
@@ -60,21 +60,6 @@ The following are not parts of the Vault threat model:
to inspect the memory state of a running Vault instance then the confidentiality
of data may be compromised.
-- Protecting against flaws in external systems or services used by Vault.
- Some authentication methods or secrets engines delegate sensitive operations to
- systems external to Vault. If an attacker can compromise credentials or otherwise
- exploit a vulnerability in these external systems, then the confidentiality or
- integrity of data may be compromised.
-
-- Protecting against malicious plugins or code execution on the underlying host.
- If an attacker can gain code execution or write privileges to the underlying host,
- then the confidentiality or the integrity of data may be compromised.
-
-- Protecting against flaws in clients or systems that access Vault. If an attacker
- can compromise a Vault client (e.g., system, browser) and obtain this client’s Vault
- credentials, they can access Vault with the level of privilege associated with this
- client.
-
# External Threat Overview
Given the architecture of Vault, there are 3 distinct systems we are concerned
diff --git a/website/next.config.js b/website/next.config.js
index e32022e3a7fb..02ef70c32dc2 100644
--- a/website/next.config.js
+++ b/website/next.config.js
@@ -8,6 +8,13 @@ console.log(`VERCEL_ENV: ${process.env.VERCEL_ENV}`)
console.log(`MKTG_CONTENT_API: ${process.env.MKTG_CONTENT_API}`)
console.log(`ENABLE_VERSIONED_DOCS: ${process.env.ENABLE_VERSIONED_DOCS}`)
+// log out our primary environment variables for clarity in build logs
+console.log(`HASHI_ENV: ${process.env.HASHI_ENV}`)
+console.log(`NODE_ENV: ${process.env.NODE_ENV}`)
+console.log(`VERCEL_ENV: ${process.env.VERCEL_ENV}`)
+console.log(`MKTG_CONTENT_API: ${process.env.MKTG_CONTENT_API}`)
+console.log(`ENABLE_VERSIONED_DOCS: ${process.env.ENABLE_VERSIONED_DOCS}`)
+
module.exports = withHashicorp({
dato: {
// This token is safe to be in this public repository, it only has access to content that is publicly viewable on the website