Skip to content

Commit

Permalink
backport of commit f975259
Browse files Browse the repository at this point in the history
  • Loading branch information
yhyakuna authored Dec 18, 2024
1 parent ed60501 commit 3e47a6b
Show file tree
Hide file tree
Showing 19 changed files with 65 additions and 75 deletions.
7 changes: 2 additions & 5 deletions website/content/docs/secrets/alicloud.mdx
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
---
layout: docs
page_title: AliCloud - Secrets Engines
page_title: AliCloud secrets engine
description: >-
The AliCloud secrets engine for Vault generates access tokens or STS
credentials
dynamically based on RAM policies or roles.
Dynamically generate access tokens or STS credentials based on RAM policies or roles with the AliCloud secrets engine plugin.
---

# AliCloud secrets engine
Expand Down
7 changes: 3 additions & 4 deletions website/content/docs/secrets/aws.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: AWS - Secrets Engines
description: |-
The AWS secrets engine for Vault generates access keys dynamically based on
IAM policies.
page_title: AWS secrets engine
description: >-
Dynamically generate access keys based on IAM policies with the AWS secrets engine plugin.
---

# AWS secrets engine
Expand Down
7 changes: 3 additions & 4 deletions website/content/docs/secrets/azure.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: Azure - Secrets Engine
description: |-
The Azure Vault secrets engine dynamically generates Azure
service principals and role assignments.
page_title: Azure secrets engine
description: >-
Dynamically generate Azure service principals and role assignments with the Azure secrets engine plugin.
---

# Azure secrets engine
Expand Down
4 changes: 2 additions & 2 deletions website/content/docs/secrets/consul.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: docs
page_title: Consul - Secrets Engines
description: The Consul secrets engine for Vault generates tokens for Consul dynamically.
page_title: Consul secrets engine
description: Dynamically generate Consul tokens with the Consul secrets engine plugin.
---

# Consul secrets engine
Expand Down
5 changes: 2 additions & 3 deletions website/content/docs/secrets/cubbyhole.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: Cubbyhole - Secrets Engines
page_title: Cubbyhole secrets engine
description: >-
The cubbyhole secrets engine can store arbitrary secrets scoped to a single
token.
Store arbitrary secrets scoped to a single client token with the Cubbyhole secrets engine plugin.
---

# Cubbyhole secrets engine
Expand Down
7 changes: 3 additions & 4 deletions website/content/docs/secrets/gcp.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: Google Cloud - Secrets Engines
description: |-
The Google Cloud secrets engine for Vault dynamically generates Google Cloud
service account keys and OAuth tokens based on IAM policies.
page_title: Google Cloud secrets engine
description: >-
Dynamically generate Google Cloud service account keys and OAuth tokens based on IAM policies with the Google Cloud secrets engine plugin.
---

# Google Cloud secrets engine
Expand Down
6 changes: 3 additions & 3 deletions website/content/docs/secrets/gcpkms.mdx
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
layout: docs
page_title: Google Cloud KMS - Secrets Engines
description: |-
The Google Cloud KMS secrets engine for Vault interfaces with Google Cloud
page_title: Google Cloud KMS secrets engine
description: >-
The Google Cloud KMS secrets engine plugin interfaces with Google Cloud
KMS for encryption/decryption of data and KMS key management through Vault.
---

Expand Down
4 changes: 2 additions & 2 deletions website/content/docs/secrets/index.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: docs
page_title: Secrets Engines
description: Secrets engines are mountable engines that store or generate secrets in Vault.
page_title: Secrets engines
description: Secrets engines are mountable plugins that store or generate secrets in Vault.
---

# Secrets engines
Expand Down
2 changes: 1 addition & 1 deletion website/content/docs/secrets/kmip-profiles.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: docs
page_title: KMIP - Profiles Support
description: |-
description: >-
The KMIP profiles define the use of KMIP objects, attributes, operations, message elements
and authentication methods within specific contexts of KMIP server and client interaction.
These profiles define a set of normative constraints for employing KMIP within a particular
Expand Down
4 changes: 2 additions & 2 deletions website/content/docs/secrets/kmip.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
layout: docs
page_title: KMIP - Secrets Engines
description: |-
page_title: KMIP secrets engine
description: >-
The KMIP secrets engine allows Vault to act as a KMIP server provider and
handle the lifecycle of its KMIP managed objects.
---
Expand Down
5 changes: 2 additions & 3 deletions website/content/docs/secrets/kubernetes.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: Kubernetes - Secrets Engines
page_title: Kubernetes secrets engine
description: >-
The Kubernetes secrets engine for Vault generates Kubernetes service account
tokens, service accounts, role bindings, and roles dynamically.
Dynamically generate Kubernetes service account tokens, service accounts, role bindings, and roles with the Kubernetes secrets engine plugin.
---

# Kubernetes secrets engine
Expand Down
4 changes: 2 additions & 2 deletions website/content/docs/secrets/ldap.mdx
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
layout: docs
page_title: LDAP - Secrets Engine
page_title: LDAP secrets engine
description: >-
The LDAP secret engine manages LDAP entry passwords.
Dynamically create and manage LDAP entry passwords with the LDAP secret engine plugin.
---

# LDAP secrets engine
Expand Down
7 changes: 3 additions & 4 deletions website/content/docs/secrets/mongodbatlas.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: MongoDB Atlas - Secrets Engines
description: |-
The MongoDB Atlas secrets engine for Vault generates MongoDB Atlas
Programmatic API Keys dynamically.
page_title: MongoDB atlas secrets engine
description: >-
Dynamically generate MongoDB Atlas Programmatic API Keys with the MongoDB Atlas secrets engine plugin.
---

# MongoDB atlas secrets engine
Expand Down
7 changes: 3 additions & 4 deletions website/content/docs/secrets/nomad.mdx
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
---
layout: docs
page_title: Nomad Secrets Engine
description: The Nomad secrets engine for Vault generates tokens for Nomad dynamically.
page_title: Nomad secrets engine
description: >-
Dynamically generate Nomad tokens with the Nomad secrets engine plugin.
---

# Nomad secrets engine

@include 'x509-sha1-deprecation.mdx'

Name: `Nomad`

Nomad is a simple, flexible scheduler and workload orchestrator. The Nomad secrets engine for Vault generates [Nomad](https://www.nomadproject.io/)
ACL tokens dynamically based on pre-existing Nomad ACL policies.

Expand Down
5 changes: 2 additions & 3 deletions website/content/docs/secrets/rabbitmq.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
layout: docs
page_title: RabbitMQ - Secrets Engines
page_title: RabbitMQ secrets engine
description: >-
The RabbitMQ secrets engine for Vault generates user credentials to access
RabbitMQ.
Dynamically generate user credentials to access RabbitMQ with the RabbitMQ secrets engine plugin.
---

# RabbitMQ secrets engine
Expand Down
45 changes: 22 additions & 23 deletions website/content/docs/secrets/terraform.mdx
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
---
layout: docs
page_title: Terraform Cloud Secret Backend
description: The Terraform Cloud secret backend for Vault generates tokens for Terraform Cloud dynamically.
page_title: HCP Terraform secrets engine
description: >-
Dynamically generate HCP Terraform API tokens with the HCP Terraform secrets engine plugin.
---

# Terraform Cloud secret backend
# HCP Terraform secrets engine

Name: `Terraform Cloud`

The Terraform Cloud secret backend for Vault generates
[Terraform Cloud](https://cloud.hashicorp.com/products/terraform)
The HCP Terraform secrets engine for Vault generates
[HCP Terraform](https://cloud.hashicorp.com/products/terraform)
API tokens dynamically for Organizations, Teams, and Users.

This page will show a quick start for this backend. For detailed documentation
Expand All @@ -26,35 +25,35 @@ Most secrets engines must be configured in advance before they can perform their
functions. These steps are usually completed by an operator or configuration
management tool.

1. Enable the Terraform Cloud secrets engine:
1. Enable the HCP Terraform secrets engine:

```shell-session
$ vault secrets enable terraform
Success! Enabled the terraform cloud secrets engine at: terraform/
Success! Enabled the terraform secrets engine at: terraform/
```

By default, the secrets engine will mount at the name of the engine. To
enable the secrets engine at a different path, use the `-path` argument.

2. Configure Vault to connect and authenticate to Terraform Cloud:
2. Configure Vault to connect and authenticate to HCP Terraform:

```shell-session
$ vault write terraform/config \
token=Vhz7652ba4c-0f6e-8e75-5724-5e083d72cfe4
Success! Data written to: terraform/config
```

See [Terraform Cloud's documentation on API
See [HCP Terraform's documentation on API
tokens](/terraform/cloud-docs/users-teams-organizations/api-tokens)
to determine the appropriate API token for use with the secret engine. In
order to perform all operations, a User API token is recommended.

3. Configure a role that maps a name in Vault to a Terraform Cloud User. At
this time the Terraform Cloud API does not allow dynamic user generation. As
3. Configure a role that maps a name in Vault to a HCP Terraform user. At
this time the HCP Terraform API does not allow dynamic user generation. As
a result this secret engine creates dynamic API tokens for an existing user,
and manages the lifecycle of that API token. You will need to know the User
ID in order to generate User API tokens for that user. You can use the
Terraform Cloud [Account
HCP Terraform [Account
API](/terraform/cloud-docs/api-docs/account) to find the
desired User ID.

Expand Down Expand Up @@ -84,14 +83,14 @@ token_id at-123acbdfask

## Organization, team, and user roles

Terraform Cloud supports three distinct types of API tokens; Organizations,
HCP Terraform supports three distinct types of API tokens; Organizations,
Teams, and Users. Each token type has distinct access levels and generation
workflows. A given Vault role can manage any one of the three types at a time,
however there are important differences to be aware of.

### Organization and team roles

The Terraform Cloud API limits both Organization and Team roles to **one active
The HCP Terraform API limits both Organization and Team roles to **one active
token at any given time**. Generating a new Organization or Team API token by
reading the credentials in Vault or otherwise generating them on
[app.terraform.io](https://app.terraform.io/session) will effectively revoke **any**
Expand Down Expand Up @@ -128,10 +127,10 @@ token_id at-fqvtdTQ5kQWcjUfG
### User roles

Traditionally, Vault secret engines create dynamic users and dynamic credentials
along with them. At the time of writing, the Terraform Cloud API does not allow
for creating dynamic users. Instead, the Terraform Cloud secret engine creates
along with them. At the time of writing, the HCP Terraform API does not allow
for creating dynamic users. Instead, the HCP Terraform secret engine creates
dynamic User API tokens by configuring a Vault role to manage an existing
Terraform Cloud user. The lifecycle of these tokens is managed by Vault and
HCP Terraform user. The lifecycle of these tokens is managed by Vault and
will auto expire according to the configured TTL and max TTL of the Vault
role.

Expand All @@ -154,18 +153,18 @@ token <example token>
token_id at-fqvtdTQ5kQWcjUfG
```

Please see the [Terraform Cloud API
Please see the [HCP Terraform API
Token documentation for more
information](/terraform/cloud-docs/users-teams-organizations/api-tokens).

## Tutorial

Refer to [Terraform Cloud Secrets
Refer to [HCP Terraform Secrets
Engine](/vault/tutorials/secrets-management/terraform-secrets-engine)
for a step-by-step tutorial.

## API

The Terraform Cloud secrets engine has a full HTTP API. Please see the
[Terraform Cloud secrets engine API](/vault/api-docs/secret/terraform) for more
The HCP Terraform secrets engine has a full HTTP API. Please see the
[HCP Terraform secrets engine API](/vault/api-docs/secret/terraform) for more
details.
5 changes: 3 additions & 2 deletions website/content/docs/secrets/totp.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
layout: docs
page_title: TOTP - Secrets Engines
description: The TOTP secrets engine for Vault generates time-based one-time use passwords.
page_title: TOTP secrets engine
description: >-
Generate time-based one-time use passwords with the TOTP secrets engine plugin.
---

# TOTP secrets engine
Expand Down
7 changes: 4 additions & 3 deletions website/content/docs/secrets/venafi.mdx
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
---
layout: docs
page_title: Venafi - Secrets Engines
description: The Venafi integrated secrets engine for Vault.
page_title: Venafi secrets engine
description: >-
Dynamically generate short-lived SSL/TLS certificates using Venafi secrets engine.
---

# Venafi secrets engine for HashiCorp Vault
# Venafi secrets engine

The Venafi Machine Identity Secrets Engine provides applications with the
ability to dynamically generate SSL/TLS certificates that serve as machine
Expand Down
2 changes: 1 addition & 1 deletion website/data/docs-nav-data.json
Original file line number Diff line number Diff line change
Expand Up @@ -1768,7 +1768,7 @@
]
},
{
"title": "Terraform Cloud",
"title": "HCP Terraform",
"path": "secrets/terraform"
},
{
Expand Down

0 comments on commit 3e47a6b

Please sign in to comment.