Backport of Improve databases documentation into stable-website (#13481)

hc-github-team-secure-vault-core · multani · web-flow · commit f88e3ecbc5ca · 2021-12-20T13:24:35.000-08:00
* backport of commit 1aeddca * backport of commit eb572c0 * backport of commit 72f9a6a Co-authored-by: Jonathan Ballet <jballet@edgelab.ch> Co-authored-by: Jonathan Ballet <jon@multani.info>
diff --git a/website/content/api-docs/secret/databases/cassandra.mdx b/website/content/api-docs/secret/databases/cassandra.mdx
@@ -56,7 +56,7 @@ has a number of parameters to further configure a connection.
   [the pki documentation](/docs/secrets/pki). Only one of `pem_bundle` or `pem_json` can be specified.
 
 <details>
-<summary>`pem_json` example</summary>
+<summary><b><tt>pem_json</tt> example</b></summary>
 
 ```json
 {
@@ -65,7 +65,9 @@ has a number of parameters to further configure a connection.
   "ca_chain": ["<CA as a PEM>", "<Additional PEM for the CA chain if needed"]
 }
 ```
-  If using the Vault CLI, it's probably easiest to write the JSON to a file and then reference the file:
+
+If using the Vault CLI, it's probably easiest to write the JSON to a file and then reference the file:
+
 ```shell
 vault write database/config/cassandra-example <...other fields> pem_json=@/path/to/file.json
 ```
@@ -83,7 +85,7 @@ vault write database/config/cassandra-example <...other fields> pem_json=@/path/
 
 - `local_datacenter` `(string: "")` – If set, enables host selection policy
   which will prioritize and use hosts which are in the local datacenter before
-  hosts in all other datacenters (for example "dc-01").
+  hosts in all other datacenters (for example `dc-01`).
 
 - `socket_keep_alive` `(string: "0s")` – the keep-alive period for an active
   network connection. If zero, keep-alives are not enabled.
@@ -180,32 +182,35 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{username}}' and '{{password}}' values will be substituted. If not
+  array. The `{{username}}` and `{{password}}` values will be substituted. If not
   provided, defaults to a generic create user statements that creates a
   non-superuser.
 
 - `revocation_statements` `(list: [])` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{username}}' value will be
+  a base64-encoded serialized JSON string array. The `{{username}}` value will be
   substituted. If not provided defaults to a generic drop user statement.
 
 - `rollback_statements` `(list: [])` – Specifies the database statements to be
   executed to rollback a create operation in the event of an error. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{username}}' value will be substituted. If not provided, defaults to
+  array. The `{{username}}` value will be substituted. If not provided, defaults to
   a generic drop user statement
 
 - `root_rotation_statements` `(list: [])` - Specifies the database statements
   to be executed when rotating the root user's password. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{username}}' value will be substituted. If not provided, defaults to
+  array. The `{{username}}` value will be substituted. If not provided, defaults to
   a reasonable default alter user statement.
 
 ~> Prior to Vault 1.7.1 and 1.6.4 the default `root_rotation_statements` does not
   allow for usernames with special characters in them due to missing quotes
   around the username. To fix this issue in versions prior to Vault 1.7.1/1.6.4,
-  specify the following `root_rotation_statements`:<br/>
-  `ALTER USER '{{username}}' WITH PASSWORD '{{password}}';`
+  specify the following `root_rotation_statements`:
+
+  ```sql
+  ALTER USER '{{username}}' WITH PASSWORD '{{password}}';
+  ```
diff --git a/website/content/api-docs/secret/databases/elasticdb.mdx b/website/content/api-docs/secret/databases/elasticdb.mdx
@@ -24,15 +24,15 @@ has a number of parameters to further configure a connection.
 
 ### Parameters
 
-- `url` `(string: <required>)` - The URL for Elasticsearch's API ("http://localhost:9200").
-- `username` `(string: <required>)` - The username to be used in the connection URL ("vault").
-- `password` `(string: <required>)` - The password to be used in the connection URL ("pa55w0rd").
+- `url` `(string: <required>)` - The URL for Elasticsearch's API (`http://localhost:9200`).
+- `username` `(string: <required>)` - The username to be used in the connection URL (`vault`).
+- `password` `(string: <required>)` - The password to be used in the connection URL (`pa55w0rd`).
 - `ca_cert` `(string: "")` - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.
 - `ca_path` `(string: "")` - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.
 - `client_cert` `(string: "")` - The path to the certificate for the Elasticsearch client to present for communication.
 - `client_key` `(string: "")` - The path to the key for the Elasticsearch client to use for communication.
-- `tls_server_name` `(string: "")` - This, if set, is used to set the SNI host when connecting via 1TLS.
-- `insecure` `(bool: false)` - Not recommended. Default to false. Can be set to true to disable SSL verification.
+- `tls_server_name` `(string: "")` - This, if set, is used to set the SNI host when connecting via TLS.
+- `insecure` `(bool: false)` - Not recommended. Default to `false`. Can be set to `true` to disable certificate verification.
 - `username_template` `(string)` - [Template](/docs/concepts/username-templating) describing how dynamic usernames are generated.
 
 ### Sample Payload
@@ -74,11 +74,13 @@ list the plugin does not support that statement type.
 
 - `creation_statements` `(string: <required>)` – Using JSON, either defines an
   `elasticsearch_role_definition` or a group of pre-existing `elasticsearch_roles`.
+
   The object specified by the `elasticsearch_role_definition` is the JSON directly
   passed through to the Elasticsearch API, so you can pass through anything shown
   [here](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/security-api-put-role.html).
+
   For `elasticsearch_roles`, add the names of the roles only. They must pre-exist
-  in Elasticsearch. Defining roles in Vault is more secure than using pre-existing
+  in Elasticsearch.  Defining roles in Vault is more secure than using pre-existing
   roles because a privilege escalation could be performed by editing the roles used
   out-of-band in Elasticsearch.
 
diff --git a/website/content/api-docs/secret/databases/hanadb.mdx b/website/content/api-docs/secret/databases/hanadb.mdx
@@ -26,7 +26,7 @@ has a number of parameters to further configure a connection.
 
 - `connection_url` `(string: <required>)` - Specifies the HANA DSN. This field
   can be templated and supports passing the username and password
-  parameters in the following format {{field_name}}. A templated connection URL is
+  parameters in the following format `{{field_name}}`. A templated connection URL is
   required when using root credential rotation.
 
 - `max_open_connections` `(int: 4)` - Specifies the maximum number of open
@@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
   `max_open_connections` it will be reduced to be equal.
 
 - `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
-  time a connection may be reused. If &lt;= 0s connections are reused forever.
+  time a connection may be reused. If &le; `0s`, connections are reused forever.
 
 - `username` `(string: "")` - The root credential username used in the connection URL.
 
@@ -54,7 +54,7 @@ has a number of parameters to further configure a connection.
   "max_open_connections": 5,
   "max_connection_lifetime": "5s",
   "username": "username",
-  "password": "password
+  "password": "password"
 }
 ```
 
@@ -84,7 +84,7 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{name}}', '{{password}}', and '{{expiration}}' values will be
+  array. The `{{name}}`, `{{password}}`, and `{{expiration}}` values will be
   substituted.
 
   - The expiration time will be HANA server time plus the role's `default_ttl`.
@@ -93,6 +93,6 @@ list the plugin does not support that statement type.
 - `revocation_statements` `(list: [])` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  a base64-encoded serialized JSON string array. The `{{name}}` value will be
   substituted. If not provided, defaults to dropping the user only if they have
   no dependent objects.
diff --git a/website/content/api-docs/secret/databases/index.mdx b/website/content/api-docs/secret/databases/index.mdx
@@ -41,7 +41,7 @@ list of additional parameters.
   during initial configuration. Defaults to true.
 
 - `allowed_roles` `(list: [])` - List of the roles allowed to use this connection.
-  Defaults to empty (no roles), if contains a "\*" any role can use this connection.
+  Defaults to empty (no roles), if contains a `*` any role can use this connection.
 
 - `root_rotation_statements` `(list: [])` - Specifies the database statements to be
   executed to rotate the root user's credentials. See the plugin's API page for more
@@ -273,12 +273,12 @@ This endpoint creates or updates a role definition.
   for this role.
 
 - `default_ttl` `(string/int: 0)` - Specifies the TTL for the leases
-  associated with this role. Accepts time suffixed strings ("1h") or an integer
+  associated with this role. Accepts time suffixed strings (`1h`) or an integer
   number of seconds. Defaults to system/engine default TTL time.
 
 - `max_ttl` `(string/int: 0)` - Specifies the maximum TTL for the leases
-  associated with this role. Accepts time suffixed strings ("1h") or an integer
-  number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).
+  associated with this role. Accepts time suffixed strings (`1h`) or an integer
+  number of seconds. Defaults to `sys/mounts`'s default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).
 
 - `creation_statements` `(list: <required>)` – Specifies the database
   statements executed to create and configure a user. See the plugin's API page
@@ -490,7 +490,7 @@ this in order to know the password.
 {
     "db_name": "mysql",
     "username": "static-database-user",
-    "rotation_statements": ["ALTER USER "{{name}}" WITH PASSWORD '{{password}}';"],
+    "rotation_statements": ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
     "rotation_period": "1h"
 }
 ```
@@ -533,9 +533,9 @@ $ curl \
   "data": {
     "db_name": "mysql",
     "username":"static-user",
-    "rotation_statements": ["ALTER USER "{{name}}" WITH PASSWORD '{{password}}';"],
-    "rotation_period":"1h",
-  },
+    "rotation_statements": ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
+    "rotation_period":"1h"
+  }
 }
 ```
 
diff --git a/website/content/api-docs/secret/databases/influxdb.mdx b/website/content/api-docs/secret/databases/influxdb.mdx
@@ -116,19 +116,19 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{username}}' and '{{password}}' values will be substituted. If not
+  array. The `{{username}}` and `{{password}}` values will be substituted. If not
   provided, defaults to a generic create user statements that creates a
   non-superuser.
 
 - `revocation_statements` `(list: [])` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{username}}' value will be
+  a base64-encoded serialized JSON string array. The `{{username}}` value will be
   substituted. If not provided defaults to a generic drop user statement.
 
 - `rollback_statements` `(list: [])` – Specifies the database statements to be
   executed to rollback a create operation in the event of an error. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{username}}' value will be substituted. If not provided, defaults to
-  a generic drop user statement
+  array. The `{{username}}` value will be substituted. If not provided, defaults to
+  a generic drop user statement.
diff --git a/website/content/api-docs/secret/databases/mongodb.mdx b/website/content/api-docs/secret/databases/mongodb.mdx
@@ -111,17 +111,17 @@ list the plugin does not support that statement type.
 - `creation_statements` `(string: <required>)` – Specifies the database
   statements executed to create and configure a user. Must be a
   serialized JSON object, or a base64-encoded serialized JSON object.
-  The object can optionally contain a "db" string for session connection,
-  and must contain a "roles" array. This array contains objects that holds
-  a "role", and an optional "db" value, and is similar to the BSON document that
+  The object can optionally contain a `db` string for session connection,
+  and must contain a `roles` array. This array contains objects that holds
+  a `role`, and an optional `db` value, and is similar to the BSON document that
   is accepted by MongoDB's `roles` field. Vault will transform this array into
   such format. For more information regarding the `roles` field, refer to
   [MongoDB's documentation](https://docs.mongodb.com/manual/reference/method/db.createUser/).
 
 - `revocation_statements` `(string: "")` – Specifies the database statements to
   be executed to revoke a user. Must be a serialized JSON object, or a base64-encoded
-  serialized JSON object. The object can optionally contain a "db" string. If no
-  "db" value is provided, it defaults to the "admin" database.
+  serialized JSON object. The object can optionally contain a `db` string. If no
+  `db` value is provided, it defaults to the `admin` database.
 
 ### Sample Creation Statement
 
diff --git a/website/content/api-docs/secret/databases/mongodbatlas.mdx b/website/content/api-docs/secret/databases/mongodbatlas.mdx
@@ -80,7 +80,7 @@ list the plugin does not support that statement type.
 - `default_ttl` `(string/int): 0` - Specifies the TTL for the leases associated with this role.
   Accepts time suffixed strings (`1h`) or an integer number of seconds. Defaults to system/engine default TTL time.
 - `max_ttl` `(string/int): 0` - Specifies the maximum TTL for the leases associated with this role. Accepts time
-  suffixed strings (`1h`) or an integer number of seconds. Defaults to system/mount default TTL time; this value
+  suffixed strings (`1h`) or an integer number of seconds. Defaults to `sys/mounts` default TTL time; this value
   is allowed to be less than the mount max TTL (or, if not set, the system max TTL),
   but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).
 
diff --git a/website/content/api-docs/secret/databases/mssql.mdx b/website/content/api-docs/secret/databases/mssql.mdx
@@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
   `max_open_connections` it will be reduced to be equal.
 
 - `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
-  time a connection may be reused. If <= 0s connections are reused forever.
+  time a connection may be reused. If <= `0s` connections are reused forever.
 
 - `username` `(string: "")` - The root credential username used in the connection URL.
 
@@ -116,10 +116,10 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{name}}' and '{{password}}' values will be substituted.
+  array. The `{{name}}` and `{{password}}` values will be substituted.
 
 - `revocation_statements` `(list: [])` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  a base64-encoded serialized JSON string array. The `{{name}}` value will be
   substituted. If not provided defaults to a generic drop user statement.
diff --git a/website/content/api-docs/secret/databases/mysql-maria.mdx b/website/content/api-docs/secret/databases/mysql-maria.mdx
@@ -26,7 +26,7 @@ has a number of parameters to further configure a connection.
 
 - `connection_url` `(string: <required>)` - Specifies the MySQL DSN. This field
   can be templated and supports passing the username and password
-  parameters in the following format {{field_name}}. A templated connection URL is
+  parameters in the following format `{{field_name}}`. A templated connection URL is
   required when using root credential rotation.
 
 - `max_open_connections` `(int: 4)` - Specifies the maximum number of open
@@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
   `max_open_connections` it will be reduced to be equal.
 
 - `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
-  time a connection may be reused. If &lt;= 0s connections are reused forever.
+  time a connection may be reused. If &le; 0s connections are reused forever.
 
 - `username` `(string: "")` - The root credential username used in the connection URL.
 
@@ -149,11 +149,11 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{name}}' and '{{password}}' values will be substituted. The
+  array. The `{{name}}` and `{{password}}` values will be substituted. The
   generated password will be a random alphanumeric 20 character string.
 
 - `revocation_statements` `(list: [])` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  a base64-encoded serialized JSON string array. The `{{name}}` value will be
   substituted. If not provided defaults to a generic drop user statement.
diff --git a/website/content/api-docs/secret/databases/oracle.mdx b/website/content/api-docs/secret/databases/oracle.mdx
@@ -35,7 +35,7 @@ has a number of parameters to further configure a connection.
   `max_open_connections` it will be reduced to be equal.
 
 - `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
-  time a connection may be reused. If <= 0s connections are reused forever.
+  time a connection may be reused. If <= `0s` connections are reused forever.
 
 - `username` `(string: "")` - The root credential username used in the connection URL.
 
@@ -109,10 +109,10 @@ list the plugin does not support that statement type.
   statements executed to create and configure a user. Must be a
   semicolon-separated string, a base64-encoded semicolon-separated string, a
   serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{name}}' and '{{password}}' values will be substituted.
+  array. The `{{name}}` and `{{password}}` values will be substituted.
 
 - `revocation_statements` `(string: "")` – Specifies the database statements to
   be executed to revoke a user. Must be a semicolon-separated string, a
   base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  a base64-encoded serialized JSON string array. The `{{name}}` value will be
   substituted. If not provided defaults to a generic drop user statement.
diff --git a/website/content/api-docs/secret/databases/postgresql.mdx b/website/content/api-docs/secret/databases/postgresql.mdx
diff --git a/website/content/api-docs/secret/databases/redshift.mdx b/website/content/api-docs/secret/databases/redshift.mdx
diff --git a/website/content/api-docs/secret/databases/snowflake.mdx b/website/content/api-docs/secret/databases/snowflake.mdx
