hashicorp · schavis · Aug 16, 2023 · Nov 17, 2021 · Nov 17, 2021 · Nov 18, 2021
diff --git a/website/content/docs/agent/index.mdx b/website/content/docs/agent/index.mdx
@@ -61,7 +61,6 @@ func getSecretWithAppRole() (string, error) {
     }
 
     data := secret.Data["data"].(map[string]interface{})
-
     ...snip...
 }
 ```

diff --git a/website/content/docs/auth/approle.mdx b/website/content/docs/auth/approle.mdx
@@ -341,12 +341,12 @@ using VaultSharp.V1.AuthMethods.AppRole;
 using VaultSharp.V1.AuthMethods.Token;
 using VaultSharp.V1.Commons;
 
-namespace Examples
+namespace Examples 
 {
     public class ApproleAuthExample
     {
         const string DefaultTokenPath = "../../../path/to/wrapping-token";
-
+        
         /// <summary>
         /// Fetches a key-value secret (kv-v2) after authenticating to Vault via AppRole authentication
         /// </summary>
@@ -356,7 +356,7 @@ namespace Examples
 	        // The Secret ID is a value that needs to be protected, so instead of the app having knowledge of the secret ID directly,
 	        // we have a trusted orchestrator (https://learn.hashicorp.com/tutorials/vault/secure-introduction?in=vault/app-integration#trusted-orchestrator)
 	        // give the app access to a short-lived response-wrapping token (https://www.vaultproject.io/docs/concepts/response-wrapping).
-	        // Read more at: https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices
+	        // Read more at: https://learn.hashicorp.com/tutorials/vault/approle-best-practices?in=vault/auth-methods#secretid-delivery-best-practices             
             var vaultAddr = Environment.GetEnvironmentVariable("VAULT_ADDR");
             if(String.IsNullOrEmpty(vaultAddr))
             {
@@ -382,9 +382,9 @@ namespace Examples
             // We pass null here instead of the wrapping token to avoid depleting its single usage
             // given that we already initialized our client with the wrapping token
             Secret<Dictionary<string, object>> secretIdData =  vaultClientForUnwrapping.V1.System
-                .UnwrapWrappedResponseDataAsync<Dictionary<string, object>>(null).Result;
+                .UnwrapWrappedResponseDataAsync<Dictionary<string, object>>(null).Result; 
 
-            var secretId = secretIdData.Data["secret_id"]; // Grab the secret_id
+            var secretId = secretIdData.Data["secret_id"]; // Grab the secret_id 
 
             // We create a second VaultClient and initialize it with the AppRole auth method and our new credentials.
             IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(roleId, secretId.ToString());
@@ -395,9 +395,9 @@ namespace Examples
             // We can retrieve the secret from VaultClient
             Secret<SecretData> kv2Secret = null;
             kv2Secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "/creds").Result;
-
+            
             var password = kv2Secret.Data.Data["password"];
-
+            
             return password.ToString();
         }
     }

diff --git a/website/content/docs/auth/aws.mdx b/website/content/docs/auth/aws.mdx
@@ -834,9 +834,9 @@ using VaultSharp.V1.SecretsEngines.AWS;
 
 namespace Examples
 {
-    public class AwsAuthExample
+    public class AwsAuthExample 
     {
-        /// <summary>
+        /// <summary> 
         /// Fetches a key-value secret (kv-v2) after authenticating to Vault via AWS IAM,
         /// one of two auth methods used to authenticate with AWS (the other is EC2 auth).
         /// </summary>
@@ -857,12 +857,12 @@ namespace Examples
             var amazonSecurityTokenServiceConfig = new AmazonSecurityTokenServiceConfig();
 
             // Initialize BasicAWS Credentials w/ an accessKey and secretKey
-            Amazon.Runtime.AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey: Environment.GetEnvironmentVariable("AWS_ACCESS_KEY_ID"),
+            Amazon.Runtime.AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey: Environment.GetEnvironmentVariable("AWS_ACCESS_KEY_ID"), 
                                                                 secretKey: Environment.GetEnvironmentVariable("AWS_SECRET_ACCESS_KEY"));
-
+            
             // Construct the IAM Request and add necessary headers
             var iamRequest = GetCallerIdentityRequestMarshaller.Instance.Marshall(new GetCallerIdentityRequest());
-
+            
             iamRequest.Endpoint = new Uri(amazonSecurityTokenServiceConfig.DetermineServiceURL());
             iamRequest.ResourcePath = "/";
 
@@ -884,9 +884,9 @@ namespace Examples
             // We can retrieve the secret from the VaultClient object
             Secret<SecretData> kv2Secret = null;
             kv2Secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "/creds").Result;
-
+            
             var password = kv2Secret.Data.Data["password"];
-
+            
             return password.ToString();
         }
     }

diff --git a/website/content/docs/configuration/listener/tcp.mdx b/website/content/docs/configuration/listener/tcp.mdx
@@ -22,7 +22,6 @@ specify [`api_addr`][api-addr] and [`cluster_addr`][cluster-addr] so Vault will
 advertise the correct address to other nodes.
 
 ## Listener's custom response headers
-
 As of version 1.9, Vault supports defining custom HTTP response headers for the root path (`/`) and also on API endpoints (`/v1/*`).
 The headers are defined based on the returned status code. For example, a user can define a list of
 custom response headers for the `200` status code, and another list of custom response headers for

diff --git a/website/content/docs/internals/security.mdx b/website/content/docs/internals/security.mdx
@@ -60,21 +60,6 @@ The following are not parts of the Vault threat model:
   to inspect the memory state of a running Vault instance then the confidentiality
   of data may be compromised.
 
-- Protecting against flaws in external systems or services used by Vault.
-  Some authentication methods or secrets engines delegate sensitive operations to
-  systems external to Vault. If an attacker can compromise credentials or otherwise
-  exploit a vulnerability in these external systems, then the confidentiality or
-  integrity of data may be compromised.
-
-- Protecting against malicious plugins or code execution on the underlying host.
-  If an attacker can gain code execution or write privileges to the underlying host,
-  then the confidentiality or the integrity of data may be compromised.
-
-- Protecting against flaws in clients or systems that access Vault. If an attacker
-  can compromise a Vault client (e.g., system, browser) and obtain this client’s Vault
-  credentials, they can access Vault with the level of privilege associated with this
-  client.
-
 # External Threat Overview
 
 Given the architecture of Vault, there are 3 distinct systems we are concerned

diff --git a/website/next.config.js b/website/next.config.js
@@ -8,6 +8,13 @@ console.log(`VERCEL_ENV: ${process.env.VERCEL_ENV}`)
 console.log(`MKTG_CONTENT_API: ${process.env.MKTG_CONTENT_API}`)
 console.log(`ENABLE_VERSIONED_DOCS: ${process.env.ENABLE_VERSIONED_DOCS}`)
 
+// log out our primary environment variables for clarity in build logs
+console.log(`HASHI_ENV: ${process.env.HASHI_ENV}`)
+console.log(`NODE_ENV: ${process.env.NODE_ENV}`)
+console.log(`VERCEL_ENV: ${process.env.VERCEL_ENV}`)
+console.log(`MKTG_CONTENT_API: ${process.env.MKTG_CONTENT_API}`)
+console.log(`ENABLE_VERSIONED_DOCS: ${process.env.ENABLE_VERSIONED_DOCS}`)
+
 module.exports = withHashicorp({
   dato: {
     // This token is safe to be in this public repository, it only has access to content that is publicly viewable on the website
-Original file line number
+Diff line change
@@ Expand Up / @@ -61,7 +61,6 @@ func getSecretWithAppRole() (string, error) { @@
         }
         data := secret.Data["data"].(map[string]interface{})
         ...snip...
     }
     ```
@@ Expand Down @@