From f486e45310823bc1b06f237a7cea400927a3062b Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Fri, 23 Jun 2023 10:36:18 -0400 Subject: [PATCH 1/2] Update wording on WAN fed and intermediate_pki_path --- website/content/docs/connect/ca/vault.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 34ad19226847..e02c2480101e 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -139,8 +139,10 @@ The key after the slash refers to the corresponding option name in the agent con path does not exist, Consul will attempt to mount and configure this automatically. - When WAN Federation is enabled, every secondary - datacenter must specify a unique `intermediate_pki_path`. + When WAN Federation is enabled, every secondary datacenter which shares a common Vault cluster + must specify a unique `intermediate_pki_path`. If a Vault cluster is not being used by more than + one Consul datacenter, then this is not required. However, it is still recommended to use a + unique `intermediate_pki_path` per datacenter for operational and diagnostic clarity. - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: `) - The absolute namespace that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3. From 5556b52458f9dbf69301c3504b047d00835531fa Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 27 Jun 2023 11:07:44 -0400 Subject: [PATCH 2/2] PR feedback --- website/content/docs/connect/ca/vault.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index e02c2480101e..828a6937cae1 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -139,10 +139,10 @@ The key after the slash refers to the corresponding option name in the agent con path does not exist, Consul will attempt to mount and configure this automatically. - When WAN Federation is enabled, every secondary datacenter which shares a common Vault cluster - must specify a unique `intermediate_pki_path`. If a Vault cluster is not being used by more than - one Consul datacenter, then this is not required. However, it is still recommended to use a - unique `intermediate_pki_path` per datacenter for operational and diagnostic clarity. + When WAN federation is enabled, every secondary datacenter that shares a common Vault cluster + must specify a unique `intermediate_pki_path`. If a Vault cluster is not used by more than one Consul datacenter, + then you do not need to specify a unique value for the `intermediate_pki_path`. We still recommend using a + unique `intermediate_pki_path` for each datacenter, however, to improve operational and diagnostic clarity. - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: `) - The absolute namespace that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3.