Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs/multiplexing: overhaul plugin documentation #14509

Merged
merged 30 commits into from
Mar 22, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
4aaf970
docs/multiplexing: overhaul plugin documentation
fairclothjm Mar 15, 2022
d26dfb4
update nav data
fairclothjm Mar 15, 2022
2d5daae
remove dupe nav data
fairclothjm Mar 15, 2022
68db86c
add external plugin section to index
fairclothjm Mar 17, 2022
36fe5b9
move custom plugin backends under internals/plugins
fairclothjm Mar 17, 2022
e4be5ff
remove ref to moved page
fairclothjm Mar 17, 2022
958deba
revert moving custom plugin backends
fairclothjm Mar 17, 2022
4130ad7
add building plugins from source section to plug dev
fairclothjm Mar 17, 2022
ae9f170
add mux section to plugin arch
fairclothjm Mar 18, 2022
a136fed
add mux section to custom plugin page
fairclothjm Mar 18, 2022
460a1a2
reorder custom database page
fairclothjm Mar 18, 2022
3343983
use 'external plugin' where appropriate
fairclothjm Mar 18, 2022
fca1cf5
add link to plugin multiplexing
fairclothjm Mar 18, 2022
4bad008
fix example serve multiplex func call
fairclothjm Mar 18, 2022
c7b7940
address review comments
fairclothjm Mar 18, 2022
d2da32a
address review comments
fairclothjm Mar 18, 2022
a3889e0
Minor format updates (#14590)
yhyakuna Mar 18, 2022
11799c4
mv Plugins to top-level; update upgrading plugins
fairclothjm Mar 21, 2022
7e885c4
update links after changing paths
fairclothjm Mar 21, 2022
9f08bb0
add section on external plugin scaling characteristics
fairclothjm Mar 21, 2022
d77a2b3
add updates on plugin registration in plugin management page
fairclothjm Mar 21, 2022
699b4f4
add plugin learn resource
fairclothjm Mar 21, 2022
7ed8678
be more explicit about mux upgrade steps; add notes on when to avoid …
fairclothjm Mar 21, 2022
273aafb
add plugin upgrade built-in section
fairclothjm Mar 21, 2022
58888df
add caveats to built-in plugin upgrade
fairclothjm Mar 21, 2022
e8ce5b0
improvements to built-in plugin override
fairclothjm Mar 21, 2022
70db926
formatting, add redirects, correct multiplexing use case
fairclothjm Mar 22, 2022
728fead
fix go-plugin link
fairclothjm Mar 22, 2022
fd84035
Apply suggestions from code review
fairclothjm Mar 22, 2022
5e3b349
remove single item list; add link to Database interface
fairclothjm Mar 22, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion website/content/docs/auth/azure.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ method as an external plugin. The azure plugin method is integrated into Vault a
a builtin method by default.

Assuming you have saved the binary `vault-plugin-auth-azure` to some folder and
configured the [plugin directory](/docs/internals/plugins#plugin-directory)
configured the [plugin directory](/docs/plugins/plugin-architecture#plugin-directory)
for your server at `path/to/plugins`:

1. Enable the plugin in the catalog:
Expand Down
2 changes: 1 addition & 1 deletion website/content/docs/configuration/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ to specify where the configuration is.

~> Note: Since each plugin runs as a separate process, you need to do the same
for each plugin in your [plugins
directory](/docs/internals/plugins#plugin-directory).
directory](/docs/plugins/plugin-architecture#plugin-directory).

If you use a Linux distribution with a modern version of systemd, you can add
the following directive to the "[Service]" configuration section:
Expand Down
2 changes: 1 addition & 1 deletion website/content/docs/internals/limits.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ are a function of the alphabet size.

### External plugin limits

The [plugin system](/docs/internals/plugins) launches a separate process
The [plugin system](/docs/plugins) launches a separate process
initiated by Vault that communicates over RPC. For each secret engine and auth
method that's enabled as an external plugin, Vault will spawn a process on the
host system. For the Database Secrets Engines, external database plugins will
Expand Down
256 changes: 0 additions & 256 deletions website/content/docs/internals/plugins.mdx

This file was deleted.

2 changes: 1 addition & 1 deletion website/content/docs/partnerships.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This program is intended to be largely a self-service process with links and gui

Vault is an Identity-based security solution that leverages trusted sources of identity to keep secrets and application data secured with one centralized, audited workflow for tightly controlling access to secrets across applications, systems, and infrastructure while encrypting data both in flight and at rest. For a full description of the current features please refer to the Vault [website](/).

Vault has a secure [plugin](/docs/internals/plugins) architecture. Vault’s plugins are completely separate, standalone applications that Vault executes and communicates with over RPC. This means the plugin process does not share the same memory space as Vault and therefore can only access the interfaces and arguments given to it.
Vault has a secure [plugin](/docs/plugins) architecture. Vault’s plugins are completely separate, standalone applications that Vault executes and communicates with over RPC. This means the plugin process does not share the same memory space as Vault and therefore can only access the interfaces and arguments given to it.

Vault plugins can be built-in and bundled with the Vault binary, or be external that has to be manually mounted. Built-in plugins are developed by HashiCorp, while external plugins can be developed by HashiCorp, technology partners, or the community. There is a curated collection of all plugins, both built-in and external, located on the [Plugin Portal](/docs/plugin-portal).

Expand Down
54 changes: 0 additions & 54 deletions website/content/docs/plugin.mdx

This file was deleted.

39 changes: 39 additions & 0 deletions website/content/docs/plugins/index.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
layout: docs
page_title: Plugin System
description: Learn about Vault's plugin system.
---


# Plugin System

All Vault auth methods and secrets engines are considered plugins. This simple concept
allows both built-in and external plugins to be treated like Legos. Any plugin
can exist at multiple different locations. Different versions of a plugin may
be at each location, with each version differing from Vault's version.

## Built-In Plugins

Built-in plugins are shipped with Vault, often for commonly used implementations,
and require no additional operator intervention to run. Built-in plugins are
just like any other backend code inside Vault.

To use a different or edited version of a built-in plugin, the plugin must be
run as an external plugin. See [Overriding Built-in Plugins](/docs/upgrading/plugins#overriding-built-in-plugins)
for details on how to override a built-in plugin in-place.

## External Plugins

External plugins are not shipped with Vault and require additional operator
intervention to run.

To run an external plugin, a binary of the plugin is required. Plugin
binaries can be obtained from [releases.hashicorp.com](https://releases.hashicorp.com/)
or they can be [built from source](/docs/plugins/plugin-development#building-a-plugin-from-source).

Vault's external plugins are completely separate, standalone applications that
Vault executes and communicates with over RPC. Each time a Vault secret engine
or auth method is mounted, a new process is spawned. However, database plugins
can be made to implement [plugin multiplexing](/docs/plugins/plugin-architecture#plugin-multiplexing)
which allows a single plugin process to be used for multiple database
connections.
Loading