Snapshot Single Item Recovery Docs #1096
Conversation
github-actions
bot
added
Vault
Vercel Previews Deployed
|
lane-wetmore
force-pushed
the
lane-wetmore/single-item-recovery
branch
from
5d7f92b to
40cae9e
Compare
github-actions
bot
removed
the
Vault IC
Broken Link CheckerNo broken links found! 🎉 |
|
@lane-wetmore Is there a reason we didn't add the GUI instructions to the existing docs for recovering secrets in replicated and un-replicated environments instead of creating an entirely new docs? |
Hi @schavis, no reason beyond that I wasn't aware of those docs. I'll move the new content over there. |
@lane-wetmore No worries! They're relatively new. Feel free to ping me when it's ready for another look |
|
|
||
| <Tabs> | ||
|
|
||
| <Tab heading="Web UI" group="ui"> |
There was a problem hiding this comment.
| <Tab heading="Web UI" group="ui"> | |
| <Tab heading="GUI" group="gui"> |
The established tab name/group for GUI instructions is "GUI"
| 1. Open a web browser to access the Vault UI and sign in to the root namespace. | ||
| <Tip title="Namespace restriction"> | ||
|
|
||
| Snapshot load and unload operations are restricted to the root namespace. All other snapshot operations | ||
| can be performed in other namespaces. | ||
|
|
||
| </Tip> | ||
|
|
||
| <Tip title="Permissions Required"> | ||
| This requires snapshot management permissions. | ||
| </Tip> |
There was a problem hiding this comment.
| 1. Open a web browser to access the Vault UI and sign in to the root namespace. | |
| <Tip title="Namespace restriction"> | |
| Snapshot load and unload operations are restricted to the root namespace. All other snapshot operations | |
| can be performed in other namespaces. | |
| </Tip> | |
| <Tip title="Permissions Required"> | |
| This requires snapshot management permissions. | |
| </Tip> | |
| Snapshot load and unload operations are restricted to the root namespace. All other snapshot operations | |
| can be performed in other namespaces. | |
| 1. Open the Vault GUI and sign in to the root namespace. While you can perform | |
| other snapshot operations from any namespace, you must perform load and | |
| unload operations under the `root` namespace. |
Style correction: write in active voice
Structural correction: whenever possible, include information in normal text rather than asides
Since the permission requirement is a prerequisite, we should add it to the "Before you start" section, especially since it's probably not just a GUI requirement
| This requires snapshot management permissions. | ||
| </Tip> | ||
|
|
||
| 2. Select **Secrets Recovery** from the left navigation menu. |
There was a problem hiding this comment.
| 2. Select **Secrets Recovery** from the left navigation menu. | |
| 1. Select **Secrets Recovery** from the navigation menu. |
Markdown correction: use 1. for all items in a numbered list
Style correction: avoid referencing specific positions on the screen for UI elements
| 2. Select **Secrets Recovery** from the left navigation menu. | ||
|
|
||
| 3. Select **Upload snapshot**. | ||
|  |
There was a problem hiding this comment.
We really try to avoid multiple screenshots because of the maintenance cost. Is there a single, "hero" screenshot we can provide that we can use to make sure folks know they're on the right screen?
|
|
||
| 2. Select **Secrets Recovery** from the left navigation menu. | ||
|
|
||
| 3. Select **Upload snapshot**. |
There was a problem hiding this comment.
| 3. Select **Upload snapshot**. | |
| 1. Select **Upload snapshot**. |
| 1. A namespace selector will show when in the root namespace. Fill in the available fields to locate the secret to read or recover. | ||
|  | ||
|
|
||
| 2. Upon a successful read operation, the resource can be viewed as key value pairs or as JSON. | ||
|  | ||
|  | ||
|
|
||
| 3. In addition to recovering to the original resource path, recovering a copy to a new path is possible. The original resource will be unaffected. | ||
|  |
There was a problem hiding this comment.
| 1. A namespace selector will show when in the root namespace. Fill in the available fields to locate the secret to read or recover. | |
|  | |
| 2. Upon a successful read operation, the resource can be viewed as key value pairs or as JSON. | |
|  | |
|  | |
| 3. In addition to recovering to the original resource path, recovering a copy to a new path is possible. The original resource will be unaffected. | |
|  | |
|  | |
| Use the namespace selector to find the secret you want to read or recover. Once | |
| you recover the snapshot, you can: | |
| - view the snapshot data as key/value pairs or as a JSON object. | |
| - recover the original resource path | |
| - recover the original resource to a new path |
Again, this is just a single step so a numbered list doesn't really make sense
|
|
||
| 4. Select the method of upload. If loading from **automated** snapshots, an automated snapshot config is required. | ||
| Refer to the [automated snapshot API](https://developer.hashicorp.com/vault/api-docs/system/storage/raftautosnapshots#load-a-snapshot-from-an-automated-snapshot-configuration) | ||
| to learn more about automated snapshots. |
There was a problem hiding this comment.
| to learn more about automated snapshots. | |
| 1. Select your upload method. To use an automted snapshot you must provide an | |
| [automated snapshot config](/vault/api-docs/system/storage/raftautosnapshots#load-a-snapshot-from-an-automated-snapshot-configuration). |
Style correction: write in active voice
| 6. The status of the snapshot and the expiration date is shown. This also allows | ||
| navigation to the snapshot details view. | ||
|  |
There was a problem hiding this comment.
| 6. The status of the snapshot and the expiration date is shown. This also allows | |
| navigation to the snapshot details view. | |
|  | |
| 1. Monitor the upload until the status says "Ready" and the expiration date | |
| populates. | |
| 1. Click "View details → to open the snapshot details view. |
|
|
||
| <Tabs> | ||
|
|
||
| <Tab heading="Web UI" group="ui"> |
There was a problem hiding this comment.
| <Tab heading="Web UI" group="ui"> | |
| <Tab heading="GUI" group="gui"> |
|
|
||
| <Tabs> | ||
|
|
||
| <Tab heading="Web UI" group="ui"> |
There was a problem hiding this comment.
It looks like all the steps on this pages are the same as the replicated cluster instructions? If so, we should move them into partials (like the CLI and API directions) so we can use them across both pages
2 participants
Add documentation for snapshot single item recovery flow.
RFC: https://go.hashi.co/rfc/vlt-358