From 83471df0dd2aad778c5195cec99bf373c3f7ca61 Mon Sep 17 00:00:00 2001 From: Steven Clark Date: Tue, 5 Aug 2025 09:24:25 -0400 Subject: [PATCH 1/2] Update behavior for the ssh config/ca endpoint when a CA exists - The docs mentioned that the values would be overwritten but we actually error out to the end user, telling them they must delete before the update will take place. Update our docs to match the code. --- content/vault/v1.16.x/content/api-docs/secret/ssh.mdx | 8 ++++++-- content/vault/v1.17.x/content/api-docs/secret/ssh.mdx | 8 ++++++-- content/vault/v1.18.x/content/api-docs/secret/ssh.mdx | 8 ++++++-- content/vault/v1.19.x/content/api-docs/secret/ssh.mdx | 8 ++++++-- content/vault/v1.20.x/content/api-docs/secret/ssh.mdx | 8 ++++++-- 5 files changed, 30 insertions(+), 10 deletions(-) diff --git a/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx index 0a1bee7c04..190d4e49a7 100644 --- a/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx @@ -558,8 +558,12 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. _If you have already set a certificate and key, they will be -overridden._ +key pair. + + +If a certificate or key are present, an error will be returned. To update the existing +values, the Delete CA information API will need to be called first. + | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx index f552fecf69..876e4d3782 100644 --- a/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx @@ -562,8 +562,12 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. _If you have already set a certificate and key, they will be -overridden._ +key pair. + + +If a certificate or key are present, an error will be returned. To update the existing +values, the Delete CA information API will need to be called first. + | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx index f552fecf69..876e4d3782 100644 --- a/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx @@ -562,8 +562,12 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. _If you have already set a certificate and key, they will be -overridden._ +key pair. + + +If a certificate or key are present, an error will be returned. To update the existing +values, the Delete CA information API will need to be called first. + | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx index b2fd836852..58af24b2c1 100644 --- a/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx @@ -559,8 +559,12 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. _If you have already set a certificate and key, they will be -overridden._ +key pair. + + +If a certificate or key are present, an error will be returned. To update the existing +values, the Delete CA information API will need to be called first. + | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx index e2add6f4ff..65dd97cab7 100644 --- a/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx @@ -559,8 +559,12 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. _If you have already set a certificate and key, they will be -overridden._ +key pair. + + +If a certificate or key are present, an error will be returned. To update the existing +values, the Delete CA information API will need to be called first. + | Method | Path | | :----- | :--------------- | -------------------------- | From 309f075f1621fa77d99ac73c33e178518f40160c Mon Sep 17 00:00:00 2001 From: Steven Clark Date: Wed, 6 Aug 2025 08:57:50 -0400 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- content/vault/v1.16.x/content/api-docs/secret/ssh.mdx | 8 +++----- content/vault/v1.17.x/content/api-docs/secret/ssh.mdx | 9 +++------ content/vault/v1.18.x/content/api-docs/secret/ssh.mdx | 9 +++------ content/vault/v1.19.x/content/api-docs/secret/ssh.mdx | 9 +++------ content/vault/v1.20.x/content/api-docs/secret/ssh.mdx | 9 +++------ 5 files changed, 15 insertions(+), 29 deletions(-) diff --git a/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx index 190d4e49a7..4bc6d77ffe 100644 --- a/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.16.x/content/api-docs/secret/ssh.mdx @@ -558,12 +558,10 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. +key pair. If you call submit CA with an existing certificate or key, the +endpoint returns an error. To update existing values, call the delete CA +information endpoint before calling the submit endpoint. - -If a certificate or key are present, an error will be returned. To update the existing -values, the Delete CA information API will need to be called first. - | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx index 876e4d3782..8bf78f8984 100644 --- a/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.17.x/content/api-docs/secret/ssh.mdx @@ -562,12 +562,9 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. - - -If a certificate or key are present, an error will be returned. To update the existing -values, the Delete CA information API will need to be called first. - +key pair. If you call submit CA with an existing certificate or key, the +endpoint returns an error. To update existing values, call the delete CA +information endpoint before calling the submit endpoint. | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx index 876e4d3782..8bf78f8984 100644 --- a/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.18.x/content/api-docs/secret/ssh.mdx @@ -562,12 +562,9 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. - - -If a certificate or key are present, an error will be returned. To update the existing -values, the Delete CA information API will need to be called first. - +key pair. If you call submit CA with an existing certificate or key, the +endpoint returns an error. To update existing values, call the delete CA +information endpoint before calling the submit endpoint. | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx index 58af24b2c1..56cf644636 100644 --- a/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.19.x/content/api-docs/secret/ssh.mdx @@ -559,12 +559,9 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. - - -If a certificate or key are present, an error will be returned. To update the existing -values, the Delete CA information API will need to be called first. - +key pair. If you call submit CA with an existing certificate or key, the +endpoint returns an error. To update existing values, call the delete CA +information endpoint before calling the submit endpoint. | Method | Path | | :----- | :--------------- | -------------------------- | diff --git a/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx b/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx index 65dd97cab7..d96bfe7806 100644 --- a/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx +++ b/content/vault/v1.20.x/content/api-docs/secret/ssh.mdx @@ -559,12 +559,9 @@ $ curl \ ## Submit CA information This endpoint allows submitting the CA information for the secrets engine via an SSH -key pair. - - -If a certificate or key are present, an error will be returned. To update the existing -values, the Delete CA information API will need to be called first. - +key pair. If you call submit CA with an existing certificate or key, the +endpoint returns an error. To update existing values, call the delete CA +information endpoint before calling the submit endpoint. | Method | Path | | :----- | :--------------- | -------------------------- |