From 8655b7d992cbdb69e1fc79267175f469b2a3686c Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Fri, 23 Jun 2023 10:36:18 -0400 Subject: [PATCH] Update wording on WAN fed and intermediate_pki_path --- website/content/docs/connect/ca/vault.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 34ad19226847..e02c2480101e 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -139,8 +139,10 @@ The key after the slash refers to the corresponding option name in the agent con path does not exist, Consul will attempt to mount and configure this automatically. - When WAN Federation is enabled, every secondary - datacenter must specify a unique `intermediate_pki_path`. + When WAN Federation is enabled, every secondary datacenter which shares a common Vault cluster + must specify a unique `intermediate_pki_path`. If a Vault cluster is not being used by more than + one Consul datacenter, then this is not required. However, it is still recommended to use a + unique `intermediate_pki_path` per datacenter for operational and diagnostic clarity. - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: `) - The absolute namespace that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3.