[VAULT] GA to RC sync 20251002 #1052
Merged
+3,422
−612
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…into bot/vault-ga-to-rc-sync-20251002
github-actions
bot
added
Vault
Vercel Previews Deployed
|
yhyakuna
approved these changes
Oct 6, 2025
Dan-Heath
approved these changes
Oct 6, 2025
| - `root_password_ttl` `(string: 182d)` - Specifies how long the root password is valid for in Azure when | ||
| rotate-root generates a new client secret. Uses [duration format strings](/vault/docs/concepts/duration-format). | ||
|
|
||
| - `metadata` (`map[string]string: {}`) - A map of string to string key/value pairs that will be stored |
There was a problem hiding this comment.
This metadata field looks like a new addition. It's not in v1.20.x, but the rest of these updates are.
| ### Headers | ||
|
|
||
| - `X-Vault-Recover-Snapshot-Id` `(string: <required>)` - The ID of a snapshot previously loaded into Vault that contains SSH CA information. | ||
| - `X-Vault-Recover-Snapshot-Id` `(string: <required>)` - The ID of a snapshot |
There was a problem hiding this comment.
The X-Vault-Recover-Snapshot-Id header looks like new content. I don't see it on the v1.20.x branch, but the other change above is.
| - `key_version` `(int: 0)` – Specifies the version of the key to use for | ||
| encryption. If not set, uses the latest version. Must be greater than or | ||
| equal to the key's `min_encryption_version`, if set. | ||
| encryption. Leave `key_version` unset to use the latest version. `key_version` |
There was a problem hiding this comment.
The version on the v1.20.x branch has slightly different phrasing "Specifies the version of the key to use for the operation.." The rest of the changes in this file are there.
There was a problem hiding this comment.
Yeah, the previous edit had a copy/paste error that I fixed in the 1.21 docs as part of the sync
| - `start_time` `(string, optional)` - An RFC3339 timestamp or Unix epoch time. Specifies the start of the | ||
| period for which client counts will be reported. If no start time is specified, the billing start date will be used. | ||
| The [billing start date](/vault/docs/concepts/billing-start-date) automatically rolls over to the latest billing year at the end of the last cycle. | ||
| - `start_time` `(string, optional)` - An RFC3339 timestamp or Unix epoch time. |
There was a problem hiding this comment.
This revision might be a new change, on v1.20.x it is still the old text.
|
|
||
| - `start_time` `(string, optional)` - An RFC3339 timestamp or Unix epoch time. Specifies the start of the | ||
| period for which client counts will be reported. If no start time is specified, the billing start time will be used. | ||
| - `start_time` `(string, optional)` - An RFC3339 timestamp or Unix epoch time. |
There was a problem hiding this comment.
This revision might be a new change, on v1.20.x it is still the old text.
| The root bindpass can be rotated to a Vault-generated value that is not accessible by the operator. | ||
| This will ensure that only Vault is able to access the "root" user that Vault uses to manipulate credentials. | ||
|
|
||
| Manual root rotations will be logged to the vault.log and state that the rotation was `on user request`. |
There was a problem hiding this comment.
I don't see this line on v1.20.x, it might be new content.
| | Field | Description | Default | Validation | | ||
| | --- | --- | --- | --- | | ||
| | `name` _string_ | Name of the VaultAuthGlobal resource. | | Pattern: `^([a-z0-9.-]{1,253})$` <br /> | | ||
| | `namespace` _string_ | Namespace of the VaultAuthGlobal resource. If not provided, the namespace of<br />the referring VaultAuth resource is used. | | Pattern: `^([a-z0-9.-]{1,253})$` <br /> | |
There was a problem hiding this comment.
This looks like it could be a new change. The v1.20x branch still has the old pattern.
| | `vault.secret.engine.activedirectory.count` | The total number of Active Directory secret engines in Vault. | | ||
| | `vault.secret.engine.alicloud.count` | The total number of Alicloud secret engines in Vault. | | ||
| | `vault.secret.engine.aws.count` | The total number of AWS secret engines in Vault. | | ||
| | `vault.secret.engine.aws.dynamic.role.count` | The total number of AWS dynamic roles in Vault. | |
There was a problem hiding this comment.
These all look like new changes on this file, I don't see them on the v1.20.x branch.
Comment on lines
+6
to
+7
| | databases | `/static-roles/:role_name` | `recover`, `read`, `list` | 1.20.4 | ||
| | databases | `/static-creds/:role_name` | `read` | 1.20.4 |
There was a problem hiding this comment.
It looks like these last 2 lines might be new content, I don't see them on the v1.20.x branch.
Comment on lines
+1
to
+7
| <Tip> | ||
|
|
||
| If you cannot use the explicit `RECOVER` HTTP method, you can also use `PUT` or | ||
| `POST` for recover operations if you include the `X-Vault-Recover-Snapshot-Id` | ||
| header and set it to the relevant snapshot ID. | ||
|
|
||
| </Tip> |
There was a problem hiding this comment.
This tip looks like new content, I don't see it on the v1.20.x branch.
schavis
added a commit
that referenced
this pull request
Oct 9, 2025
* Create 1.21 docset * Rename 1.21 folder to mark it as an rc docset * Add documentation for new secret list parameter * Add role count product usage metrics * Add docs for client first used time * Add api-docs field description and docs feature explanation * Change description for token creation time * Add docs for AES-CBC * Add api docs for derivedkeys * Add field documentation and info * Fix LDAP docs referencing Azure by mistake * Add reference * Add more info about setting up CMEK for GCP sync * Add section to api docs on batch-fetch certificates. * VAULT-37634, VAULT-36946: Census metrics for recover capability and auto snapshot config counts (#864) * VAULT-37633: Database static role recover (#884) * VAULT-38654: Docs for autoloading snapshots (#890) * Update gcpsm.mdx * Add docs & api-docs for Azure Secrets Static Roles * VAULT-37037 docs for Vault proxy update (#923) * Add docs for KV v2 Version Attribution * [VAULT-39627] Add GUI steps for Secret Engine mount tune. * Prep update docs for 1.21 * Add missing version table * Add SPIFFE auth plugin docs * add docs to Setup login MFA * cumulative api docs * add missing partial * Correct partial paths for summary tables * Add metrics docs changes * add documentation for oracle * add TOTP support to login MFA types * create a partial alert for tech preview, add another sample request and response * Add missing important change info and remove empty release notes * [VAULT] GA to RC sync 20251002 (#1052) * Fix endpoint_url description within https_spiffe_bundle section in API docs * Clarify only one enforcement can be configured for web UI self-enroll * Update metadata docs * Final pre-publication sync (#1076) * Fix important changes pages --------- Co-authored-by: Sarah Chavis <[email protected]> Co-authored-by: Eleonore Carpentier <[email protected]> Co-authored-by: Ellie Sterner <[email protected]> Co-authored-by: akshya96 <[email protected]> Co-authored-by: robmonte <[email protected]> Co-authored-by: akshya96 <[email protected]> Co-authored-by: rculpepper <[email protected]> Co-authored-by: Kit Haines <[email protected]> Co-authored-by: Rachel Culpepper <[email protected]> Co-authored-by: miagilepner <[email protected]> Co-authored-by: Milena Zlaticanin <[email protected]> Co-authored-by: Zlaticanin <[email protected]> Co-authored-by: Violet Hynes <[email protected]> Co-authored-by: Yoko Hyakuna <[email protected]> Co-authored-by: Mike Palmiotto <[email protected]> Co-authored-by: Jaired Jawed <[email protected]> Co-authored-by: Jaired Jawed <[email protected]> Co-authored-by: Vinay Gopalan <[email protected]> Co-authored-by: vinay-gopalan <[email protected]> Co-authored-by: Shannon Roberts <[email protected]> Co-authored-by: Steven Clark <[email protected]> Co-authored-by: Shannon Roberts (Beagin) <[email protected]> Co-authored-by: claire bontempo <[email protected]> Co-authored-by: Jenny Deng <[email protected]> Co-authored-by: Kuba Wieczorek <[email protected]> Co-authored-by: Guilherme Santos <[email protected]> Co-authored-by: claire bontempo <[email protected]> Co-authored-by: divyaac <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync GA changes to RC docs