diff --git a/command/server.go b/command/server.go
index 09658b94948a..6687b6b3bef4 100644
--- a/command/server.go
+++ b/command/server.go
@@ -173,8 +173,8 @@ func (c *ServerCommand) Run(args []string) int {
}
// Ensure that a backend is provided
- if config.Backend == nil {
- c.Ui.Output("A physical backend must be specified")
+ if config.Storage == nil {
+ c.Ui.Output("A storage backend must be specified")
return 1
}
@@ -194,11 +194,11 @@ func (c *ServerCommand) Run(args []string) int {
// Initialize the backend
backend, err := physical.NewBackend(
- config.Backend.Type, c.logger, config.Backend.Config)
+ config.Storage.Type, c.logger, config.Storage.Config)
if err != nil {
c.Ui.Output(fmt.Sprintf(
- "Error initializing backend of type %s: %s",
- config.Backend.Type, err))
+ "Error initializing storage of type %s: %s",
+ config.Storage.Type, err))
return 1
}
@@ -224,7 +224,7 @@ func (c *ServerCommand) Run(args []string) int {
coreConfig := &vault.CoreConfig{
Physical: backend,
- RedirectAddr: config.Backend.RedirectAddr,
+ RedirectAddr: config.Storage.RedirectAddr,
HAPhysical: nil,
Seal: seal,
AuditBackends: c.AuditBackends,
@@ -244,39 +244,39 @@ func (c *ServerCommand) Run(args []string) int {
var disableClustering bool
- // Initialize the separate HA physical backend, if it exists
+ // Initialize the separate HA storage backend, if it exists
var ok bool
- if config.HABackend != nil {
+ if config.HAStorage != nil {
habackend, err := physical.NewBackend(
- config.HABackend.Type, c.logger, config.HABackend.Config)
+ config.HAStorage.Type, c.logger, config.HAStorage.Config)
if err != nil {
c.Ui.Output(fmt.Sprintf(
- "Error initializing backend of type %s: %s",
- config.HABackend.Type, err))
+ "Error initializing HA storage of type %s: %s",
+ config.HAStorage.Type, err))
return 1
}
if coreConfig.HAPhysical, ok = habackend.(physical.HABackend); !ok {
- c.Ui.Output("Specified HA backend does not support HA")
+ c.Ui.Output("Specified HA storage does not support HA")
return 1
}
if !coreConfig.HAPhysical.HAEnabled() {
- c.Ui.Output("Specified HA backend has HA support disabled; please consult documentation")
+ c.Ui.Output("Specified HA storage has HA support disabled; please consult documentation")
return 1
}
- coreConfig.RedirectAddr = config.HABackend.RedirectAddr
- disableClustering = config.HABackend.DisableClustering
+ coreConfig.RedirectAddr = config.HAStorage.RedirectAddr
+ disableClustering = config.HAStorage.DisableClustering
if !disableClustering {
- coreConfig.ClusterAddr = config.HABackend.ClusterAddr
+ coreConfig.ClusterAddr = config.HAStorage.ClusterAddr
}
} else {
if coreConfig.HAPhysical, ok = backend.(physical.HABackend); ok {
- coreConfig.RedirectAddr = config.Backend.RedirectAddr
- disableClustering = config.Backend.DisableClustering
+ coreConfig.RedirectAddr = config.Storage.RedirectAddr
+ disableClustering = config.Storage.DisableClustering
if !disableClustering {
- coreConfig.ClusterAddr = config.Backend.ClusterAddr
+ coreConfig.ClusterAddr = config.Storage.ClusterAddr
}
}
}
@@ -378,12 +378,12 @@ CLUSTER_SYNTHESIS_COMPLETE:
c.reloadFuncsLock = coreConfig.ReloadFuncsLock
// Compile server information for output later
- info["backend"] = config.Backend.Type
+ info["storage"] = config.Storage.Type
info["log level"] = logLevel
info["mlock"] = fmt.Sprintf(
"supported: %v, enabled: %v",
mlock.Supported(), !config.DisableMlock && mlock.Supported())
- infoKeys = append(infoKeys, "log level", "mlock", "backend")
+ infoKeys = append(infoKeys, "log level", "mlock", "storage")
if coreConfig.ClusterAddr != "" {
info["cluster address"] = coreConfig.ClusterAddr
@@ -394,16 +394,16 @@ CLUSTER_SYNTHESIS_COMPLETE:
infoKeys = append(infoKeys, "redirect address")
}
- if config.HABackend != nil {
- info["HA backend"] = config.HABackend.Type
- infoKeys = append(infoKeys, "HA backend")
+ if config.HAStorage != nil {
+ info["HA storage"] = config.HAStorage.Type
+ infoKeys = append(infoKeys, "HA storage")
} else {
- // If the backend supports HA, then note it
+ // If the storage supports HA, then note it
if coreConfig.HAPhysical != nil {
if coreConfig.HAPhysical.HAEnabled() {
- info["backend"] += " (HA available)"
+ info["storage"] += " (HA available)"
} else {
- info["backend"] += " (HA disabled)"
+ info["storage"] += " (HA disabled)"
}
}
}
diff --git a/command/server/config.go b/command/server/config.go
index 4ff9116e7bc4..b766ea63b72a 100644
--- a/command/server/config.go
+++ b/command/server/config.go
@@ -21,8 +21,8 @@ import (
// Config is the configuration for the vault server.
type Config struct {
Listeners []*Listener `hcl:"-"`
- Backend *Backend `hcl:"-"`
- HABackend *Backend `hcl:"-"`
+ Storage *Storage `hcl:"-"`
+ HAStorage *Storage `hcl:"-"`
HSM *HSM `hcl:"-"`
@@ -51,7 +51,7 @@ func DevConfig(ha, transactional bool) *Config {
DisableCache: false,
DisableMlock: true,
- Backend: &Backend{
+ Storage: &Storage{
Type: "inmem",
},
@@ -75,11 +75,11 @@ func DevConfig(ha, transactional bool) *Config {
switch {
case ha && transactional:
- ret.Backend.Type = "inmem_transactional_ha"
+ ret.Storage.Type = "inmem_transactional_ha"
case !ha && transactional:
- ret.Backend.Type = "inmem_transactional"
+ ret.Storage.Type = "inmem_transactional"
case ha && !transactional:
- ret.Backend.Type = "inmem_ha"
+ ret.Storage.Type = "inmem_ha"
}
return ret
@@ -95,8 +95,8 @@ func (l *Listener) GoString() string {
return fmt.Sprintf("*%#v", *l)
}
-// Backend is the backend configuration for the server.
-type Backend struct {
+// Storage is the underlying storage configuration for the server.
+type Storage struct {
Type string
RedirectAddr string
ClusterAddr string
@@ -104,7 +104,7 @@ type Backend struct {
Config map[string]string
}
-func (b *Backend) GoString() string {
+func (b *Storage) GoString() string {
return fmt.Sprintf("*%#v", *b)
}
@@ -215,14 +215,14 @@ func (c *Config) Merge(c2 *Config) *Config {
result.Listeners = append(result.Listeners, l)
}
- result.Backend = c.Backend
- if c2.Backend != nil {
- result.Backend = c2.Backend
+ result.Storage = c.Storage
+ if c2.Storage != nil {
+ result.Storage = c2.Storage
}
- result.HABackend = c.HABackend
- if c2.HABackend != nil {
- result.HABackend = c2.HABackend
+ result.HAStorage = c.HAStorage
+ if c2.HAStorage != nil {
+ result.HAStorage = c2.HAStorage
}
result.HSM = c.HSM
@@ -349,6 +349,8 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
valid := []string{
"atlas",
+ "storage",
+ "ha_storage",
"backend",
"ha_backend",
"hsm",
@@ -366,15 +368,28 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
return nil, err
}
- if o := list.Filter("backend"); len(o.Items) > 0 {
- if err := parseBackends(&result, o); err != nil {
- return nil, fmt.Errorf("error parsing 'backend': %s", err)
+ // Look for storage but still support old backend
+ if o := list.Filter("storage"); len(o.Items) > 0 {
+ if err := parseStorage(&result, o, "storage"); err != nil {
+ return nil, fmt.Errorf("error parsing 'storage': %s", err)
+ }
+ } else {
+ if o := list.Filter("backend"); len(o.Items) > 0 {
+ if err := parseStorage(&result, o, "backend"); err != nil {
+ return nil, fmt.Errorf("error parsing 'backend': %s", err)
+ }
}
}
- if o := list.Filter("ha_backend"); len(o.Items) > 0 {
- if err := parseHABackends(&result, o); err != nil {
- return nil, fmt.Errorf("error parsing 'ha_backend': %s", err)
+ if o := list.Filter("ha_storage"); len(o.Items) > 0 {
+ if err := parseHAStorage(&result, o, "ha_storage"); err != nil {
+ return nil, fmt.Errorf("error parsing 'ha_storage': %s", err)
+ }
+ } else {
+ if o := list.Filter("ha_backend"); len(o.Items) > 0 {
+ if err := parseHAStorage(&result, o, "ha_backend"); err != nil {
+ return nil, fmt.Errorf("error parsing 'ha_backend': %s", err)
+ }
}
}
@@ -476,22 +491,22 @@ func isTemporaryFile(name string) bool {
(strings.HasPrefix(name, "#") && strings.HasSuffix(name, "#")) // emacs
}
-func parseBackends(result *Config, list *ast.ObjectList) error {
+func parseStorage(result *Config, list *ast.ObjectList, name string) error {
if len(list.Items) > 1 {
- return fmt.Errorf("only one 'backend' block is permitted")
+ return fmt.Errorf("only one %q block is permitted", name)
}
// Get our item
item := list.Items[0]
- key := "backend"
+ key := name
if len(item.Keys) > 0 {
key = item.Keys[0].Token.Value().(string)
}
var m map[string]string
if err := hcl.DecodeObject(&m, item.Val); err != nil {
- return multierror.Prefix(err, fmt.Sprintf("backend.%s:", key))
+ return multierror.Prefix(err, fmt.Sprintf("%s.%s:", name, key))
}
// Pull out the redirect address since it's common to all backends
@@ -516,12 +531,12 @@ func parseBackends(result *Config, list *ast.ObjectList) error {
if v, ok := m["disable_clustering"]; ok {
disableClustering, err = strconv.ParseBool(v)
if err != nil {
- return multierror.Prefix(err, fmt.Sprintf("backend.%s:", key))
+ return multierror.Prefix(err, fmt.Sprintf("%s.%s:", name, key))
}
delete(m, "disable_clustering")
}
- result.Backend = &Backend{
+ result.Storage = &Storage{
RedirectAddr: redirectAddr,
ClusterAddr: clusterAddr,
DisableClustering: disableClustering,
@@ -531,22 +546,22 @@ func parseBackends(result *Config, list *ast.ObjectList) error {
return nil
}
-func parseHABackends(result *Config, list *ast.ObjectList) error {
+func parseHAStorage(result *Config, list *ast.ObjectList, name string) error {
if len(list.Items) > 1 {
- return fmt.Errorf("only one 'ha_backend' block is permitted")
+ return fmt.Errorf("only one %q block is permitted", name)
}
// Get our item
item := list.Items[0]
- key := "backend"
+ key := name
if len(item.Keys) > 0 {
key = item.Keys[0].Token.Value().(string)
}
var m map[string]string
if err := hcl.DecodeObject(&m, item.Val); err != nil {
- return multierror.Prefix(err, fmt.Sprintf("ha_backend.%s:", key))
+ return multierror.Prefix(err, fmt.Sprintf("%s.%s:", name, key))
}
// Pull out the redirect address since it's common to all backends
@@ -571,12 +586,12 @@ func parseHABackends(result *Config, list *ast.ObjectList) error {
if v, ok := m["disable_clustering"]; ok {
disableClustering, err = strconv.ParseBool(v)
if err != nil {
- return multierror.Prefix(err, fmt.Sprintf("backend.%s:", key))
+ return multierror.Prefix(err, fmt.Sprintf("%s.%s:", name, key))
}
delete(m, "disable_clustering")
}
- result.HABackend = &Backend{
+ result.HAStorage = &Storage{
RedirectAddr: redirectAddr,
ClusterAddr: clusterAddr,
DisableClustering: disableClustering,
diff --git a/command/server/config_test.go b/command/server/config_test.go
index 1a40f6d944ea..789be400f4e3 100644
--- a/command/server/config_test.go
+++ b/command/server/config_test.go
@@ -37,7 +37,7 @@ func TestLoadConfigFile(t *testing.T) {
},
},
- Backend: &Backend{
+ Storage: &Storage{
Type: "consul",
RedirectAddr: "foo",
Config: map[string]string{
@@ -45,7 +45,7 @@ func TestLoadConfigFile(t *testing.T) {
},
},
- HABackend: &Backend{
+ HAStorage: &Storage{
Type: "consul",
RedirectAddr: "snafu",
Config: map[string]string{
@@ -105,7 +105,7 @@ func TestLoadConfigFile_json(t *testing.T) {
},
},
- Backend: &Backend{
+ Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
@@ -171,7 +171,7 @@ func TestLoadConfigFile_json2(t *testing.T) {
},
},
- Backend: &Backend{
+ Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
@@ -179,7 +179,7 @@ func TestLoadConfigFile_json2(t *testing.T) {
DisableClustering: true,
},
- HABackend: &Backend{
+ HAStorage: &Storage{
Type: "consul",
Config: map[string]string{
"bar": "baz",
@@ -234,7 +234,7 @@ func TestLoadConfigDir(t *testing.T) {
},
},
- Backend: &Backend{
+ Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
diff --git a/command/server/test-fixtures/config.hcl.json b/command/server/test-fixtures/config.hcl.json
index 6e37c9a3a13f..70e7e149cc60 100644
--- a/command/server/test-fixtures/config.hcl.json
+++ b/command/server/test-fixtures/config.hcl.json
@@ -11,7 +11,7 @@
"node_id": "foo_node"
}
}],
- "backend": {
+ "storage": {
"consul": {
"foo": "bar",
"disable_clustering": "true"
diff --git a/command/server/test-fixtures/config2.hcl.json b/command/server/test-fixtures/config2.hcl.json
index fd3ab6e62265..5279d637954a 100644
--- a/command/server/test-fixtures/config2.hcl.json
+++ b/command/server/test-fixtures/config2.hcl.json
@@ -12,12 +12,12 @@
}
}
],
- "backend":{
+ "storage":{
"consul":{
"foo":"bar"
}
},
- "ha_backend":{
+ "ha_storage":{
"consul":{
"bar":"baz",
"disable_clustering": "true"
diff --git a/command/server_ha_test.go b/command/server_ha_test.go
index 26dc00878fca..5562191eb579 100644
--- a/command/server_ha_test.go
+++ b/command/server_ha_test.go
@@ -64,8 +64,8 @@ func TestServer_GoodSeparateHA(t *testing.T) {
t.Fatalf("bad: %d\n\n%s\n\n%s", code, ui.ErrorWriter.String(), ui.OutputWriter.String())
}
- if !strings.Contains(ui.OutputWriter.String(), "HA Backend:") {
- t.Fatalf("did not find HA Backend: %s", ui.OutputWriter.String())
+ if !strings.Contains(ui.OutputWriter.String(), "HA Storage:") {
+ t.Fatalf("did not find HA Storage: %s", ui.OutputWriter.String())
}
}
diff --git a/website/source/docs/configuration/index.html.md b/website/source/docs/configuration/index.html.md
index d71c3eea8a69..3a59e118aefb 100644
--- a/website/source/docs/configuration/index.html.md
+++ b/website/source/docs/configuration/index.html.md
@@ -13,7 +13,7 @@ The format of this file is [HCL](https://github.com/hashicorp/hcl) or JSON.
An example configuration is shown below:
```javascript
-backend "consul" {
+storage "consul" {
address = "127.0.0.1:8500"
path = "vault"
}
@@ -37,15 +37,15 @@ sending a SIGHUP to the server process. These are denoted below.
## Parameters
-- `backend` ([StorageBackend][storage-backend]: \) -
+- `storage` ([StorageBackend][storage-backend]: \) -
Configures the storage backend where Vault data is stored. Please see the
[storage backends documentation][storage-backend] for the full list of
available storage backends.
-- `ha_backend` ([StorageBackend][storage-backend]: nil) - Configures
+- `ha_storage` ([StorageBackend][storage-backend]: nil) - Configures
the storage backend where Vault HA coordination will take place. This must be
an HA-supporting backend. If not set, HA will be attempted on the backend
- given in the `backend` parameter.
+ given in the `storage` parameter.
- `cluster_name` `(string: )` – Specifies the identifier for the
Vault cluster. If omitted, Vault will generate a value. When connecting to
diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md
index c21cf699119c..4bb9468066e1 100644
--- a/website/source/docs/configuration/storage/azure.html.md
+++ b/website/source/docs/configuration/storage/azure.html.md
@@ -24,7 +24,7 @@ to the storage container.
you may be referred to the original author.
```hcl
-backend "azure" {
+storage "azure" {
accountName = "my-storage-account"
accountKey = "abcd1234"
container = "container-efgh5678"
@@ -52,7 +52,7 @@ This example shows configuring the Azure storage backend with a custom number of
maximum parallel connections.
```hcl
-backend "azure" {
+storage "azure" {
accountName = "my-storage-account"
accountKey = "abcd1234"
container = "container-efgh5678"
diff --git a/website/source/docs/configuration/storage/consul.html.md b/website/source/docs/configuration/storage/consul.html.md
index b5a6f5bf1b74..edd4f5f8d596 100644
--- a/website/source/docs/configuration/storage/consul.html.md
+++ b/website/source/docs/configuration/storage/consul.html.md
@@ -22,7 +22,7 @@ check.
by HashiCorp.
```hcl
-backend "consul" {
+storage "consul" {
address = "127.0.0.1:8500"
path = "vault"
}
@@ -139,7 +139,7 @@ This example shows a sample physical backend configuration which communicates
with a local Consul agent running on `127.0.0.1:8500`.
```hcl
-backend "consul" {}
+storage "consul" {}
```
### Detailed Customization
@@ -148,7 +148,7 @@ This example shows communicating with Consul on a custom address with an ACL
token.
```hcl
-backend "consul" {
+storage "consul" {
address = "10.5.7.92:8194"
token = "abcd1234"
}
@@ -161,7 +161,7 @@ This path must be readable and writable by the Consul ACL token, if Consul
configured to use ACLs.
```hcl
-backend "consul" {
+storage "consul" {
path = "vault/"
}
```
@@ -171,7 +171,7 @@ backend "consul" {
This example shows communicating with Consul over a local unix socket.
```hcl
-backend "consul" {
+storage "consul" {
address = "unix:///tmp/.consul.http.sock"
}
```
@@ -182,7 +182,7 @@ This example shows using a custom CA, certificate, and key file to securely
communicate with Consul over TLS.
```hcl
-backend "consul" {
+storage "consul" {
scheme = "https"
tls_ca_file = "/etc/pem/vault.ca"
tls_cert_file = "/etc/pem/vault.cert"
diff --git a/website/source/docs/configuration/storage/dynamodb.html.md b/website/source/docs/configuration/storage/dynamodb.html.md
index 48ae6522ec04..3dc21fb57d02 100644
--- a/website/source/docs/configuration/storage/dynamodb.html.md
+++ b/website/source/docs/configuration/storage/dynamodb.html.md
@@ -23,7 +23,7 @@ The DynamoDB storage backend is used to persist Vault's data in
you may be referred to the original author.
```hcl
-backend "dynamodb" {
+storage "dynamodb" {
ha_enabled = true
region = "us-west-2"
table = "vault-data"
@@ -99,7 +99,7 @@ discussed in more detail in the [HA concepts page](/docs/concepts/ha.html).
This example shows using a custom table name and read/write capacity.
```hcl
-backend "dynamodb" {
+storage "dynamodb" {
table = "my-vault-data"
read_capacity = 10
@@ -112,7 +112,7 @@ backend "dynamodb" {
This example show enabling high availability for the DynamoDB storage backend.
```hcl
-backend "dynamodb" {
+storage "dynamodb" {
ha_enabled = true
redirect_addr = "vault-leader.my-company.internal"
}
diff --git a/website/source/docs/configuration/storage/etcd.html.md b/website/source/docs/configuration/storage/etcd.html.md
index 098547447e97..68282b0e78ff 100644
--- a/website/source/docs/configuration/storage/etcd.html.md
+++ b/website/source/docs/configuration/storage/etcd.html.md
@@ -18,13 +18,13 @@ based on the version of the Etcd cluster.
The v2 API has known issues with HA support and should not be used in HA
scenarios.
-- **Community Supported** – the Etcd storage backend is supported by the
- community. While it has undergone review by HashiCorp employees, they may not
- be as knowledgeable about the technology. If you encounter problems with them,
- you may be referred to the original author.
+- **Community Supported** – the Etcd storage backend is supported by CoreOS.
+ While it has undergone review by HashiCorp employees, they may not be as
+ knowledgeable about the technology. If you encounter problems with them, you
+ may be referred to the original author.
```hcl
-backend "etcd" {
+storage "etcd" {
address = "http://localhost:2379"
etcd_api = "v3"
}
@@ -92,7 +92,7 @@ discussed in more detail in the [HA concepts page](/docs/concepts/ha.html).
This example shows connecting to the Etcd cluster using a username and password.
```hcl
-backend "etcd" {
+storage "etcd" {
username = "user1234"
password = "pass5678"
}
@@ -103,7 +103,7 @@ backend "etcd" {
This example shows storing data in a custom path.
```hcl
-backend "etcd" {
+storage "etcd" {
path = "my-vault-data/"
}
```
@@ -113,7 +113,7 @@ backend "etcd" {
This example show enabling high availability for the Etcd storage backend.
```hcl
-backend "etcd" {
+storage "etcd" {
ha_enabled = true
redirect_addr = "vault-leader.my-company.internal"
}
diff --git a/website/source/docs/configuration/storage/filesystem.html.md b/website/source/docs/configuration/storage/filesystem.html.md
index a33e3be3eb29..d08c9211e33a 100644
--- a/website/source/docs/configuration/storage/filesystem.html.md
+++ b/website/source/docs/configuration/storage/filesystem.html.md
@@ -21,7 +21,7 @@ situations, or to develop locally where durability is not critical.
HashiCorp.
```hcl
-backend "file" {
+storage "file" {
path = "/mnt/vault/data"
}
```
@@ -41,7 +41,7 @@ This example shows the Filesytem storage backend being mounted at
`/mnt/vault/data`.
```hcl
-backend "file" {
+storage "file" {
path = "/mnt/vault/data"
}
```
diff --git a/website/source/docs/configuration/storage/google-cloud.html.md b/website/source/docs/configuration/storage/google-cloud.html.md
index baea60e6ebe1..e19f1c2f1c7c 100644
--- a/website/source/docs/configuration/storage/google-cloud.html.md
+++ b/website/source/docs/configuration/storage/google-cloud.html.md
@@ -21,7 +21,7 @@ The Google Cloud storage backend is used to persist Vault's data in
you may be referred to the original author.
```hcl
-backend "gcs" {
+storage "gcs" {
bucket = "my-storage-bucket"
credentials_file = "/tmp/credentials.json"
}
@@ -49,7 +49,7 @@ backend "gcs" {
This example shows a default configuration for the Google Cloud Storage backend.
```hcl
-backend "gcs" {
+storage "gcs" {
bucket = "my-storage-bucket"
credentials_file = "/tmp/credentials.json"
}
diff --git a/website/source/docs/configuration/storage/in-memory.html.md b/website/source/docs/configuration/storage/in-memory.html.md
index f526220bf1ff..5a9efea389af 100644
--- a/website/source/docs/configuration/storage/in-memory.html.md
+++ b/website/source/docs/configuration/storage/in-memory.html.md
@@ -6,7 +6,7 @@ description: |-
The In-Memory storage backend is used to persist Vault's data entirely
in-memory on the same machine in which Vault is running. This is useful for
development and experimentation, but use of this backend is highly discouraged
- in production.
+ in production except in very specific use-cases.
---
# In-Memory Storage Backend
@@ -27,7 +27,7 @@ is restarted.
HashiCorp.
```hcl
-backend "inmem" {}
+storage "inmem" {}
```
## `inmem` Parameters
@@ -39,5 +39,5 @@ The In-Memory storage backend has no configuration parameters.
This example shows activating the In-Memory storage backend.
```hcl
-backend "inmem" {}
+storage "inmem" {}
```
diff --git a/website/source/docs/configuration/storage/index.html.md b/website/source/docs/configuration/storage/index.html.md
index 3f6f13fbc192..1163fb196265 100644
--- a/website/source/docs/configuration/storage/index.html.md
+++ b/website/source/docs/configuration/storage/index.html.md
@@ -20,10 +20,10 @@ choose one from the navigation on the left.
## Configuration
Storage backend configuration is done through the Vault configuration file using
-the `backend` stanza:
+the `storage` stanza:
```hcl
-backend [NAME] {
+storage [NAME] {
[PARAMETERS...]
}
```
@@ -31,7 +31,7 @@ backend [NAME] {
For example:
```hcl
-backend "file" {
+storage "file" {
path = "/mnt/vault/data"
}
```
diff --git a/website/source/docs/configuration/storage/mysql.html.md b/website/source/docs/configuration/storage/mysql.html.md
index 2df1b904ea29..a71f8273757d 100644
--- a/website/source/docs/configuration/storage/mysql.html.md
+++ b/website/source/docs/configuration/storage/mysql.html.md
@@ -21,7 +21,7 @@ server or cluster.
you may be referred to the original author.
```hcl
-backend "mysql" {
+storage "mysql" {
username = "user1234"
password = "secret123!"
database = "vault"
@@ -58,7 +58,7 @@ This example shows configuring the MySQL backend to use a custom database and
table name.
```hcl
-backend "mysql" {
+storage "mysql" {
database = "my-vault"
table = "vault-data"
username = "user1234"
diff --git a/website/source/docs/configuration/storage/postgresql.html.md b/website/source/docs/configuration/storage/postgresql.html.md
index bc56ac36b695..a127d9e59d0f 100644
--- a/website/source/docs/configuration/storage/postgresql.html.md
+++ b/website/source/docs/configuration/storage/postgresql.html.md
@@ -21,7 +21,7 @@ The PostgreSQL storage backend is used to persist Vault's data in a
you may be referred to the original author.
```hcl
-backend "postgresql" {
+storage "postgresql" {
connection_url = "postgres://user123:secret123!@localhost:5432/vault"
}
```
@@ -60,7 +60,7 @@ This example shows connecting to a PostgresSQL cluster using full SSL
verification (recommended).
```hcl
-backend "postgresql" {
+storage "postgresql" {
connection_url = "postgres://user:pass@localhost:5432/database?sslmode=verify-full"
}
```
@@ -69,7 +69,7 @@ To disable SSL verification (not recommended), replace `verify-full` with
`disable`:
```hcl
-backend "postgresql" {
+storage "postgresql" {
connection_url = "postgres://user:pass@localhost:5432/database?sslmode=disable"
}
```
diff --git a/website/source/docs/configuration/storage/s3.html.md b/website/source/docs/configuration/storage/s3.html.md
index 906c97c46114..cbd0acff658b 100644
--- a/website/source/docs/configuration/storage/s3.html.md
+++ b/website/source/docs/configuration/storage/s3.html.md
@@ -21,7 +21,7 @@ bucket.
you may be referred to the original author.
```hcl
-backend "s3" {
+storage "s3" {
access_key = "abcd1234"
secret_key = "defg5678"
bucket = "my-bucket"
@@ -62,7 +62,7 @@ cause Vault to attempt to retrieve credentials from the AWS metadata service.
This example shows using Amazon S3 as a storage backed.
```hcl
-backend "s3" {
+storage "s3" {
access_key = "abcd1234"
secret_key = "defg5678"
bucket = "my-bucket"
diff --git a/website/source/docs/configuration/storage/swift.html.md b/website/source/docs/configuration/storage/swift.html.md
index 8d974c0ed38c..a78678ab8cd9 100644
--- a/website/source/docs/configuration/storage/swift.html.md
+++ b/website/source/docs/configuration/storage/swift.html.md
@@ -22,7 +22,7 @@ The Swift storage backend is used to persist Vault's data in an
you may be referred to the original author.
```hcl
-backend "swift" {
+storage "swift" {
auth_url = "https://..."
username = "admin"
password = "secret123!"
@@ -59,7 +59,7 @@ backend "swift" {
This example shows a default configuration for Swift.
```hcl
-backend "swift" {
+storage "swift" {
auth_url = "https://os.initernal/v1/auth"
container = "container-239"
diff --git a/website/source/docs/configuration/storage/zookeeper.html.md b/website/source/docs/configuration/storage/zookeeper.html.md
index 11b9d886595f..6889927aeb28 100644
--- a/website/source/docs/configuration/storage/zookeeper.html.md
+++ b/website/source/docs/configuration/storage/zookeeper.html.md
@@ -20,7 +20,7 @@ The Zookeeper storage backend is used to persist Vault's data in
you may be referred to the original author.
```hcl
-backend "zookeeper" {
+storage "zookeeper" {
address = "localhost:2181"
path = "vault/"
}
@@ -89,7 +89,7 @@ This example shows configuring Vault to communicate with a Zookeeper
installation running on a custom port and to store data at a custom path.
```hcl
-backend "zookeeper" {
+storage "zookeeper" {
address = "localhost:3253"
path = "my-vault-data/"
}
@@ -102,7 +102,7 @@ access only to the user "vaultUser". As per Zookeeper's ACL model, the digest
value in `znode_owner` must match the user in `znode_owner`.
```hcl
-backend "zookeeper" {
+storage "zookeeper" {
znode_owner = "digest:vaultUser:raxgVAfnDRljZDAcJFxznkZsExs="
auth_info = "digest:vaultUser:abc"
}
@@ -115,7 +115,7 @@ This example instructs Vault to only allow access from localhost. As this is the
for the ACL check.
```hcl
-backend "zookeeper" {
+storage "zookeeper" {
znode_owner = "ip:127.0.0.1"
}
```