From 0938428216d1e5fdceae2b55240344291eb0fe0b Mon Sep 17 00:00:00 2001
From: Jaired Jawed <jaired.jawed@hashicorp.com>
Date: Sat, 4 Oct 2025 18:38:54 -0700
Subject: [PATCH 1/4] doc changes

---
 .idea/.gitignore                                 |  8 ++++++++
 .idea/inspectionProfiles/Project_Default.xml     |  6 ++++++
 .idea/modules.xml                                |  8 ++++++++
 .idea/prettier.xml                               |  6 ++++++
 .idea/vcs.xml                                    |  6 ++++++
 .idea/web-unified-docs.iml                       |  9 +++++++++
 .../v1.20.x/content/api-docs/auth/kubernetes.mdx |  2 +-
 .../v1.20.x/content/docs/auth/kubernetes.mdx     |  3 ---
 .../content/docs/updates/important-changes.mdx   | 16 ++++++++++++----
 9 files changed, 56 insertions(+), 8 deletions(-)
 create mode 100644 .idea/.gitignore
 create mode 100644 .idea/inspectionProfiles/Project_Default.xml
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/prettier.xml
 create mode 100644 .idea/vcs.xml
 create mode 100644 .idea/web-unified-docs.iml

diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000000..13566b81b0
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000000..03d9549ea8
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
+  </profile>
+</component>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000000..943ca6e623
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/web-unified-docs.iml" filepath="$PROJECT_DIR$/.idea/web-unified-docs.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/prettier.xml b/.idea/prettier.xml
new file mode 100644
index 0000000000..b0c1c68fbb
--- /dev/null
+++ b/.idea/prettier.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PrettierConfiguration">
+    <option name="myConfigurationMode" value="AUTOMATIC" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000000..35eb1ddfbb
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/web-unified-docs.iml b/.idea/web-unified-docs.iml
new file mode 100644
index 0000000000..5e764c4f0b
--- /dev/null
+++ b/.idea/web-unified-docs.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/content/vault/v1.20.x/content/api-docs/auth/kubernetes.mdx b/content/vault/v1.20.x/content/api-docs/auth/kubernetes.mdx
index 111bb918eb..4337123e69 100644
--- a/content/vault/v1.20.x/content/api-docs/auth/kubernetes.mdx
+++ b/content/vault/v1.20.x/content/api-docs/auth/kubernetes.mdx
@@ -146,7 +146,7 @@ entities attempting to login.
   [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta). Currently, label selectors with `matchExpressions` are not supported.
   To use label selectors, **Vault must have permission to read namespaces** on the Kubernetes
   cluster. If set with `bound_service_account_namespaces`, the conditions are `OR`ed.
-- `audience` `(string: "")` - Audience claim to verify in the JWT. Will be required in Vault 1.21+.
+- `audience` `(string: "")` - Audience claim to verify in the JWT.
 - `alias_name_source` `(string: "serviceaccount_uid")` - Configures how identity aliases are generated.
   Valid choices are: `serviceaccount_uid` and `serviceaccount_name`.
 
diff --git a/content/vault/v1.20.x/content/docs/auth/kubernetes.mdx b/content/vault/v1.20.x/content/docs/auth/kubernetes.mdx
index a7432811ed..b9909783f1 100644
--- a/content/vault/v1.20.x/content/docs/auth/kubernetes.mdx
+++ b/content/vault/v1.20.x/content/docs/auth/kubernetes.mdx
@@ -111,9 +111,6 @@ management tool.
       ttl=1h
   ```
 
-  !> **Note:** `audience` will be a required field in Vault 1.21+. This field is used
-  to verify the JWT token's audience claim.
-
   This role authorizes the "myapp" service account in the default
   namespace and it gives it the default policy.
 
diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
index 533d764a19..f33b10ab8a 100644
--- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
@@ -192,19 +192,27 @@ audience.
 
 #### Recommendation
 
-We recommend updating your policies before Vault makes the audience value
-required for all Kubernetes authentication roles so Vault can explicitly
-validate that the audience claim in JWT tokens (`aud`) is intended for Vault and
-not another service. For example:
+We recommend configuring an audience value for Kubernetes authentication roles when possible.
+This enables Vault to validate that the aud (audience) claim in JWT tokens is explicitly intended for Vault,
+reducing the risk of token misuse by other services. While not required, setting an audience is considered a security
+best practice and is encouraged when it doesn't interfere with your workflow. For example, tokens created using
+kubernetes.io/service-account-token do not include an aud claim, so it's appropriate to omit the audience field in this case.
+Here's an example configuration.
 
 ```shell-session
 $ vault write auth/kubernetes/role/demo      \
     bound_service_account_names=myapp        \
     bound_service_account_namespaces=default \
     policies=default                         \
+    audience="my_audience"                   \
     ttl=1h
 ```
 
+You would then authenticate with the command below.
+
+```
+vault write auth/kubernetes/login role=demo audience="my_audience" jwt=...
+```
 
 ---
 

From dda03cf7ec47488c206d79ac52edd886ccd9a903 Mon Sep 17 00:00:00 2001
From: Jaired Jawed <jaired.jawed@hashicorp.com>
Date: Mon, 6 Oct 2025 09:34:10 -0700
Subject: [PATCH 2/4] Removed the idea gitignore file

---
 .idea/.gitignore    |  8 -----
 .idea/workspace.xml | 84 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 8 deletions(-)
 delete mode 100644 .idea/.gitignore
 create mode 100644 .idea/workspace.xml

diff --git a/.idea/.gitignore b/.idea/.gitignore
deleted file mode 100644
index 13566b81b0..0000000000
--- a/.idea/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000000..837b7a9475
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="AutoImportSettings">
+    <option name="autoReloadType" value="ALL" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="3e255f4a-374a-49c2-a2a7-259a23e42c97" name="Changes" comment="" />
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="GOROOT" url="file://$USER_HOME$/go/1.24.4/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.darwin-arm64" />
+  <component name="Git.Settings">
+    <option name="RECENT_BRANCH_BY_REPOSITORY">
+      <map>
+        <entry key="$PROJECT_DIR$" value="VAULT-39486-add-metadata-field" />
+      </map>
+    </option>
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="GitHubPullRequestSearchHistory"><![CDATA[{
+  "lastFilter": {
+    "state": "OPEN",
+    "assignee": "jaireddjawed"
+  }
+}]]></component>
+  <component name="GithubPullRequestsUISettings"><![CDATA[{
+  "selectedUrlAndAccountId": {
+    "url": "https://github.com/hashicorp/web-unified-docs/",
+    "accountId": "0eb89cda-a885-4058-beab-643a4d5ca746"
+  }
+}]]></component>
+  <component name="ProjectColorInfo"><![CDATA[{
+  "associatedIndex": 2
+}]]></component>
+  <component name="ProjectId" id="33clMDLL9VklmdqIuW3jHnrFrg0" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+  </component>
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "RunOnceActivity.git.unshallow": "true",
+    "RunOnceActivity.go.formatter.settings.were.checked": "true",
+    "RunOnceActivity.go.migrated.go.modules.settings": "true",
+    "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
+    "git-widget-placeholder": "jaireddjawed/remove-k8s-audience-requirement",
+    "go.import.settings.migrated": "true",
+    "go.sdk.automatically.set": "true",
+    "last_opened_file_path": "/Users/jaired.jawed/Documents/hashicorp/web-unified-docs",
+    "node.js.detected.package.eslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm"
+  }
+}]]></component>
+  <component name="SharedIndexes">
+    <attachedChunks>
+      <set>
+        <option value="bundled-gosdk-d297c17c1fbd-57c114c3cede-org.jetbrains.plugins.go.sharedIndexes.bundled-GO-243.26053.20" />
+        <option value="bundled-js-predefined-d6986cc7102b-1632447f56bf-JavaScript-GO-243.26053.20" />
+      </set>
+    </attachedChunks>
+  </component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="3" />
+  </component>
+  <component name="Vcs.Log.Tabs.Properties">
+    <option name="TAB_STATES">
+      <map>
+        <entry key="MAIN">
+          <value>
+            <State />
+          </value>
+        </entry>
+      </map>
+    </option>
+  </component>
+  <component name="VgoProject">
+    <settings-migrated>true</settings-migrated>
+  </component>
+</project>
\ No newline at end of file

From 1878a189ade8b0e84bf05e89e853249f7b8e8839 Mon Sep 17 00:00:00 2001
From: Jaired Jawed <jaired.jawed@hashicorp.com>
Date: Mon, 6 Oct 2025 09:34:57 -0700
Subject: [PATCH 3/4] remove idea folder

---
 .idea/inspectionProfiles/Project_Default.xml |  6 --
 .idea/modules.xml                            |  8 --
 .idea/prettier.xml                           |  6 --
 .idea/vcs.xml                                |  6 --
 .idea/web-unified-docs.iml                   |  9 ---
 .idea/workspace.xml                          | 84 --------------------
 6 files changed, 119 deletions(-)
 delete mode 100644 .idea/inspectionProfiles/Project_Default.xml
 delete mode 100644 .idea/modules.xml
 delete mode 100644 .idea/prettier.xml
 delete mode 100644 .idea/vcs.xml
 delete mode 100644 .idea/web-unified-docs.iml
 delete mode 100644 .idea/workspace.xml

diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
deleted file mode 100644
index 03d9549ea8..0000000000
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <profile version="1.0">
-    <option name="myName" value="Project Default" />
-    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
-  </profile>
-</component>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index 943ca6e623..0000000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/web-unified-docs.iml" filepath="$PROJECT_DIR$/.idea/web-unified-docs.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/prettier.xml b/.idea/prettier.xml
deleted file mode 100644
index b0c1c68fbb..0000000000
--- a/.idea/prettier.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="PrettierConfiguration">
-    <option name="myConfigurationMode" value="AUTOMATIC" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
deleted file mode 100644
index 35eb1ddfbb..0000000000
--- a/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="" vcs="Git" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/web-unified-docs.iml b/.idea/web-unified-docs.iml
deleted file mode 100644
index 5e764c4f0b..0000000000
--- a/.idea/web-unified-docs.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="Go" enabled="true" />
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
deleted file mode 100644
index 837b7a9475..0000000000
--- a/.idea/workspace.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="AutoImportSettings">
-    <option name="autoReloadType" value="ALL" />
-  </component>
-  <component name="ChangeListManager">
-    <list default="true" id="3e255f4a-374a-49c2-a2a7-259a23e42c97" name="Changes" comment="" />
-    <option name="SHOW_DIALOG" value="false" />
-    <option name="HIGHLIGHT_CONFLICTS" value="true" />
-    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
-    <option name="LAST_RESOLUTION" value="IGNORE" />
-  </component>
-  <component name="GOROOT" url="file://$USER_HOME$/go/1.24.4/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.darwin-arm64" />
-  <component name="Git.Settings">
-    <option name="RECENT_BRANCH_BY_REPOSITORY">
-      <map>
-        <entry key="$PROJECT_DIR$" value="VAULT-39486-add-metadata-field" />
-      </map>
-    </option>
-    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
-  </component>
-  <component name="GitHubPullRequestSearchHistory"><![CDATA[{
-  "lastFilter": {
-    "state": "OPEN",
-    "assignee": "jaireddjawed"
-  }
-}]]></component>
-  <component name="GithubPullRequestsUISettings"><![CDATA[{
-  "selectedUrlAndAccountId": {
-    "url": "https://github.com/hashicorp/web-unified-docs/",
-    "accountId": "0eb89cda-a885-4058-beab-643a4d5ca746"
-  }
-}]]></component>
-  <component name="ProjectColorInfo"><![CDATA[{
-  "associatedIndex": 2
-}]]></component>
-  <component name="ProjectId" id="33clMDLL9VklmdqIuW3jHnrFrg0" />
-  <component name="ProjectViewState">
-    <option name="hideEmptyMiddlePackages" value="true" />
-    <option name="showLibraryContents" value="true" />
-  </component>
-  <component name="PropertiesComponent"><![CDATA[{
-  "keyToString": {
-    "RunOnceActivity.ShowReadmeOnStart": "true",
-    "RunOnceActivity.git.unshallow": "true",
-    "RunOnceActivity.go.formatter.settings.were.checked": "true",
-    "RunOnceActivity.go.migrated.go.modules.settings": "true",
-    "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
-    "git-widget-placeholder": "jaireddjawed/remove-k8s-audience-requirement",
-    "go.import.settings.migrated": "true",
-    "go.sdk.automatically.set": "true",
-    "last_opened_file_path": "/Users/jaired.jawed/Documents/hashicorp/web-unified-docs",
-    "node.js.detected.package.eslint": "true",
-    "node.js.selected.package.eslint": "(autodetect)",
-    "nodejs_package_manager_path": "npm"
-  }
-}]]></component>
-  <component name="SharedIndexes">
-    <attachedChunks>
-      <set>
-        <option value="bundled-gosdk-d297c17c1fbd-57c114c3cede-org.jetbrains.plugins.go.sharedIndexes.bundled-GO-243.26053.20" />
-        <option value="bundled-js-predefined-d6986cc7102b-1632447f56bf-JavaScript-GO-243.26053.20" />
-      </set>
-    </attachedChunks>
-  </component>
-  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
-  <component name="TypeScriptGeneratedFilesManager">
-    <option name="version" value="3" />
-  </component>
-  <component name="Vcs.Log.Tabs.Properties">
-    <option name="TAB_STATES">
-      <map>
-        <entry key="MAIN">
-          <value>
-            <State />
-          </value>
-        </entry>
-      </map>
-    </option>
-  </component>
-  <component name="VgoProject">
-    <settings-migrated>true</settings-migrated>
-  </component>
-</project>
\ No newline at end of file

From 0ae2cd8d1c6c5acfb92b2258d3132e4c9f4f680e Mon Sep 17 00:00:00 2001
From: Jaired Jawed <jaired.jawed@hashicorp.com>
Date: Mon, 6 Oct 2025 09:38:27 -0700
Subject: [PATCH 4/4] Update
 content/vault/v1.20.x/content/docs/updates/important-changes.mdx

Co-authored-by: Yoko Hyakuna <yoko.hyakuna1@ibm.com>
---
 .../vault/v1.20.x/content/docs/updates/important-changes.mdx  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
index c9b3997d54..de8d053105 100644
--- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
@@ -210,8 +210,8 @@ $ vault write auth/kubernetes/role/demo      \
 
 You would then authenticate with the command below.
 
-```
-vault write auth/kubernetes/login role=demo audience="my_audience" jwt=...
+```shell-session
+$ vault write auth/kubernetes/login role=demo audience="my_audience" jwt=...
 ```
 
 ---