diff --git a/website/content/api-docs/auth/aws.mdx b/website/content/api-docs/auth/aws.mdx index 12bc598d3623..cb81a37e24ba 100644 --- a/website/content/api-docs/auth/aws.mdx +++ b/website/content/api-docs/auth/aws.mdx @@ -1057,7 +1057,7 @@ for more information on the signature types. when using the ec2 auth method. - `signature` `(string: )` - Base64-encoded SHA256 RSA signature of the instance identity document, which can usually be obtained from the - `http://169.254.169.254/latest/dynamic/instance-identity/document` endpoint. + `http://169.254.169.254/latest/dynamic/instance-identity/signature` endpoint. Either both this _AND_ `identity` must be set _OR_ `pkcs7` must be set when using the ec2 auth method. - `pkcs7` `(string: )` - PKCS#7 signature of the identity document diff --git a/website/content/docs/commands/operator/raft.mdx b/website/content/docs/commands/operator/raft.mdx index dd2a63f738a0..9b7f91da94ef 100644 --- a/website/content/docs/commands/operator/raft.mdx +++ b/website/content/docs/commands/operator/raft.mdx @@ -192,6 +192,20 @@ Usage: vault operator raft snapshot restore $ vault operator raft snapshot restore raft.snap ``` +### snapshot inspect + +Inspects a snapshot file taken from a Vault Raft cluster and prints a table showing the number of keys and the amount of space used. + +```text +Usage: vault operator raft snapshot inspect +``` + +For example: + +```shell-session +$ vault operator raft snapshot inspect raft.snap +``` + ## autopilot This command groups subcommands for operators interacting with the autopilot diff --git a/website/content/docs/configuration/storage/raft.mdx b/website/content/docs/configuration/storage/raft.mdx index 433f7e495371..dacd527690e0 100644 --- a/website/content/docs/configuration/storage/raft.mdx +++ b/website/content/docs/configuration/storage/raft.mdx @@ -49,7 +49,10 @@ set [`disable_mlock`](/vault/docs/configuration#disable_mlock) to `true`, and to This value can be overridden by setting the `VAULT_RAFT_PATH` environment variable. - `node_id` `(string: "")` - The identifier for the node in the Raft cluster. - This value can be overridden by setting the `VAULT_RAFT_NODE_ID` environment variable. + You can override `node_id` with the `VAULT_RAFT_NODE_ID` environment + variable. When `VAULT_RAFT_NODE_ID` is unset, Vault assigns a random + GUID during initialization and writes the value to `data/node-id` in the + directory specified by the `path` parameter. - `performance_multiplier` `(integer: 0)` - An integer multiplier used by servers to scale key Raft timing parameters, where each increment translates to approximately 1 – 2 seconds of delay. For example, setting the multiplier to "3" translates to 3 – 6 seconds of total delay. Tuning the multiplier affects the time it @@ -124,7 +127,7 @@ delay) mode. The maximum allowed value is 10. breaking a large value into chunks. By default, the chunk size is the same as Raft's max size log entry. The default value for this configuration is 1048576 -- two times the chunking size. - - **Note:** This option corresponds to [Consul's `kv_max_value_size` parameter](https://developer.hashicorp.com/consul/docs/agent/config/config-files#kv_max_value_size) for + - **Note:** This option corresponds to [Consul's `kv_max_value_size` parameter](/consul/docs/agent/config/config-files#kv_max_value_size) for Vault clusters using a Consul storage backend. If you are migrating from Consul storage to Raft Integrated Storage, and have changed this value in Consul from its default to a value larger than the Integrated Storage default of 1MB, then you will diff --git a/website/content/docs/sync/azurekv.mdx b/website/content/docs/sync/azurekv.mdx index d86ec901388c..329efc50a505 100644 --- a/website/content/docs/sync/azurekv.mdx +++ b/website/content/docs/sync/azurekv.mdx @@ -34,7 +34,7 @@ Prerequisites: 1. Configure a sync destination with the service principal credentials and Key Vault URI created in the previous steps. ```shell-session - $ vault write sys/sync/stores/azure-kv/my-azure-1 \ + $ vault write sys/sync/destinations/azure-kv/my-azure-1 \ key_vault_uri="$KEY_VAULT_URI" \ client_id="$CLIENT_ID" \ client_secret="$CLIENT_SECRET" \