diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/bootstrap-token.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/bootstrap-token.mdx index 582f781c236b..ea63dc992428 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/bootstrap-token.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/bootstrap-token.mdx @@ -29,7 +29,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, First, generate and store the ACL bootstrap token in Vault. You will only need to perform this action once: ```shell-session -$ vault kv put secret/consul/bootstrap-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" +$ vault kv put consul-kv/secret/bootstrap-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` ## Create Vault policy @@ -41,7 +41,7 @@ The path to the secret referenced in the `path` resource is the same value that ```HCL -path "secret/data/consul/bootstrap-token" { +path "consul-kv/data/secret/bootstrap-token" { capabilities = ["read"] } ``` @@ -88,7 +88,7 @@ global: manageSystemACLsRole: consul-server-acl-init acls: bootstrapToken: - secretName: secret/data/consul/bootstrap-token + secretName: consul-kv/data/secret/bootstrap-token secretKey: token ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license.mdx index ef3ab8eaafcb..9b32cf468ebb 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/enterprise-license.mdx @@ -29,7 +29,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, First, store the enterprise license in Vault: ```shell-session -$ vault kv put secret/consul/license key="" +$ vault kv put consul-kv/secret/enterpriselicense key="" ``` ## Create Vault policy @@ -41,7 +41,7 @@ The path to the secret referenced in the `path` resource is the same value that ```HCL -path "secret/data/consul/license" { +path "consul-kv/data/secret/enterpriselicense" { capabilities = ["read"] } ``` @@ -103,7 +103,7 @@ global: consulServerRole: consul-server consulClientRole: consul-client enterpriseLicense: - secretName: secret/data/consul/enterpriselicense + secretName: consul-kv/data/secret/enterpriselicense secretKey: key ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/gossip.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/gossip.mdx index 186ae3f7dc4f..c6c71875a56c 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/gossip.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/gossip.mdx @@ -29,7 +29,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, First, generate and store the gossip key in Vault. You will only need to perform this action once: ```shell-session -$ vault kv put secret/consul/gossip key="$(consul keygen)" +$ vault kv put consul-kv/secret/gossip key="$(consul keygen)" ``` ## Create Vault policy @@ -40,7 +40,7 @@ The path to the secret referenced in the `path` resource is the same value that ```HCL -path "secret/data/consul/gossip" { +path "consul-kv/data/secret/gossip" { capabilities = ["read"] } ``` @@ -101,7 +101,7 @@ global: consulServerRole: consul-server consulClientRole: consul-client gossipEncryption: - secretName: secret/data/consul/gossip + secretName: consul-kv/data/secret/gossip secretKey: key ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx index 2ce631b9cec7..819d0e4a9751 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx @@ -92,10 +92,14 @@ For example, if your Consul on Kubernetes servers need access to [Consul Server 1. Enterprise License + + Vault API calls to version 2 of the Key-Value secrets engine require the `data` field in the path configuration. In the following example, the key-value data in `consul-kv/secret/enterpriselicense` becomes accessible for Vault API calls on the `consul-kv/data/secret/enterpriselicense` path. + + ```HCL - path "secret/data/consul/license" { + path "consul-kv/data/secret/enterpriselicense" { capabilities = ["read"] } ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/partition-token.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/partition-token.mdx index b646a6f80302..329c96ebef09 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/partition-token.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/partition-token.mdx @@ -30,7 +30,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, First, generate and store the ACL partition token in Vault. You will only need to perform this action once: ```shell-session -$ vault kv put secret/consul/partition-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" +$ vault kv put consul-kv/secret/partition-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` ## Create Vault policy @@ -42,7 +42,7 @@ The path to the secret referenced in the `path` resource is the same value that ```HCL -path "secret/data/consul/partition-token" { +path "consul-kv/data/secret/consul/partition-token" { capabilities = ["read"] } ``` @@ -90,7 +90,7 @@ global: adminPartitionsRole: consul-partition-init acls: partitionToken: - secretName: secret/data/consul/partition-token + secretName: consul-kv/data/secret/partition-token secretKey: token ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/replication-token.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/replication-token.mdx index a7f351d54a7e..6d6077facdac 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/replication-token.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/replication-token.mdx @@ -29,7 +29,7 @@ Prior to setting up the data integration between Vault and Consul on Kubernetes, First, generate and store the ACL replication token in Vault. You will only need to perform this action once: ```shell-session -$ vault kv put secret/consul/replication-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" +$ vault kv put consul-kv/secret/replication-token token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` ## Create Vault policy @@ -41,7 +41,7 @@ The path to the secret referenced in the `path` resource is the same value that ```HCL -path "secret/data/consul/replication-token" { +path "consul-kv/data/secret/replication-token" { capabilities = ["read"] } ``` @@ -88,7 +88,7 @@ global: manageSystemACLsRole: consul-server-acl-init acls: replicationToken: - secretName: secret/data/consul/replication-token + secretName: consul-kv/data/secret/replication-token secretKey: token ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/data-integration/snapshot-agent-config.mdx b/website/content/docs/k8s/deployment-configurations/vault/data-integration/snapshot-agent-config.mdx index 235ef68f8454..532b415b0954 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/data-integration/snapshot-agent-config.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/data-integration/snapshot-agent-config.mdx @@ -29,7 +29,7 @@ Before you set up data integration between Vault and Consul on Kubernetes, compl First, store the snapshot agent config in Vault: ```shell-session -$ vault kv put secret/consul/snapshot-agent-config key="" +$ vault kv put consul-kv/secret/snapshot-agent-config key="" ``` ## Create Vault policy @@ -41,7 +41,7 @@ The path to the secret referenced in the `path` resource is the same values that ```HCL -path "secret/data/consul/snapshot-agent-config" { +path "consul-kv/data/secret/snapshot-agent-config" { capabilities = ["read"] } ``` @@ -91,7 +91,7 @@ global: client: snapshotAgent: configSecret: - secretName: secret/data/consul/snapshot-agent-config + secretName: consul-kv/data/secret/snapshot-agent-config secretKey: key ``` diff --git a/website/content/docs/k8s/deployment-configurations/vault/systems-integration.mdx b/website/content/docs/k8s/deployment-configurations/vault/systems-integration.mdx index 7c4de80bba61..a35a9969e24a 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/systems-integration.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/systems-integration.mdx @@ -34,7 +34,7 @@ The following secrets can be stored in Vault KV secrets engine, which is meant t In order to store any of these secrets, we must enable the [Vault KV secrets engine - Version 2](/vault/docs/secrets/kv/kv-v2). ```shell-session -$ vault secrets enable -path=consul kv-v2 +$ vault secrets enable -path=consul-kv kv-v2 ``` ## Vault PKI Engine diff --git a/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx b/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx index 041b73033fc3..3afcbb7072c4 100644 --- a/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx +++ b/website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx @@ -129,7 +129,7 @@ Repeat the following steps for each datacenter in the cluster: 1. Enable [Vault KV secrets engine - Version 2](/vault/docs/secrets/kv/kv-v2) in order to store the [Gossip Encryption Key](/consul/docs/k8s/helm#v-global-acls-replicationtoken) and the ACL Replication token ([`global.acls.replicationToken`](/consul/docs/k8s/helm#v-global-acls-replicationtoken)). ```shell-session - $ vault secrets enable -path=consul kv-v2 + $ vault secrets enable -path=consul-kv kv-v2 ``` 1. Enable Vault PKI Engine in order to leverage Vault for issuing Consul Server TLS certificates. @@ -314,15 +314,15 @@ Repeat the following steps for each datacenter in the cluster: 1. Store the ACL bootstrap and replication tokens, gossip encryption key, and root CA certificate secrets in Vault. ```shell-session - $ vault kv put consul/secret/gossip key="$(consul keygen)" + $ vault kv put consul-kv/secret/gossip key="$(consul keygen)" ``` ```shell-session - $ vault kv put consul/secret/bootstrap token="$(uuidgen | tr '[:upper:]' '[:lower:]')" + $ vault kv put consul-kv/secret/bootstrap token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` ```shell-session - $ vault kv put consul/secret/replication token="$(uuidgen | tr '[:upper:]' '[:lower:]')" + $ vault kv put consul-kv/secret/replication token="$(uuidgen | tr '[:upper:]' '[:lower:]')" ``` ```shell-session $ vault write pki/root/generate/internal common_name="Consul CA" ttl=87600h @@ -332,7 +332,7 @@ Repeat the following steps for each datacenter in the cluster: ```shell-session $ vault policy write gossip - <