From 3f6f441562b31762e4abaf2ca4b113fe41dc72ca Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 16 Apr 2019 15:34:42 -0600 Subject: [PATCH 01/10] base branch for security and authorization docs --- content/v2.0/security/_index.md | 12 ++++++++++++ content/v2.0/users/_index.md | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 content/v2.0/security/_index.md diff --git a/content/v2.0/security/_index.md b/content/v2.0/security/_index.md new file mode 100644 index 000000000..61294d0ce --- /dev/null +++ b/content/v2.0/security/_index.md @@ -0,0 +1,12 @@ +--- +title: Manage security and authorization +description: placeholder +weight: 12 +menu: + v2_0: + name: Security & Authorization +--- + +placeholder + +{{< children >}} diff --git a/content/v2.0/users/_index.md b/content/v2.0/users/_index.md index 172c8808c..5c6a4a501 100644 --- a/content/v2.0/users/_index.md +++ b/content/v2.0/users/_index.md @@ -6,7 +6,7 @@ v2.0/tags: [users, authentication] menu: v2_0: name: Manage users -weight: 12 +weight: 11 --- Users are those with access to InfluxDB. From f8654485ae5b26912f5b9fece2f18ba48e3d01ba Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Tue, 16 Apr 2019 15:50:11 -0600 Subject: [PATCH 02/10] moved token management under security and authentication --- .../collect-data/use-telegraf/auto-config/_index.md | 2 +- .../v2.0/collect-data/use-telegraf/manual-config.md | 2 +- content/v2.0/get-started.md | 2 +- content/v2.0/reference/cli/influx/_index.md | 2 +- content/v2.0/security/_index.md | 2 +- content/v2.0/{users => security}/tokens/_index.md | 11 +++++++---- .../v2.0/{users => security}/tokens/create-token.md | 2 ++ .../v2.0/{users => security}/tokens/delete-token.md | 2 ++ .../v2.0/{users => security}/tokens/update-tokens.md | 4 +++- .../v2.0/{users => security}/tokens/view-tokens.md | 2 ++ content/v2.0/users/_index.md | 4 ++-- 11 files changed, 23 insertions(+), 12 deletions(-) rename content/v2.0/{users => security}/tokens/_index.md (60%) rename content/v2.0/{users => security}/tokens/create-token.md (96%) rename content/v2.0/{users => security}/tokens/delete-token.md (96%) rename content/v2.0/{users => security}/tokens/update-tokens.md (90%) rename content/v2.0/{users => security}/tokens/view-tokens.md (95%) diff --git a/content/v2.0/collect-data/use-telegraf/auto-config/_index.md b/content/v2.0/collect-data/use-telegraf/auto-config/_index.md index e752ad740..76f49ed8f 100644 --- a/content/v2.0/collect-data/use-telegraf/auto-config/_index.md +++ b/content/v2.0/collect-data/use-telegraf/auto-config/_index.md @@ -59,7 +59,7 @@ Requests to the InfluxDB v2.0 API must include an authentication token. A token identifies specific permissions to the InfluxDB instance. Define the `INFLUX_TOKEN` environment variable using your token. -_For information about viewing tokens, see [View tokens](/v2.0/users/tokens/view-tokens/)._ +_For information about viewing tokens, see [View tokens](/v2.0/security/tokens/view-tokens/)._ ```sh export INFLUX_TOKEN=YourAuthenticationToken diff --git a/content/v2.0/collect-data/use-telegraf/manual-config.md b/content/v2.0/collect-data/use-telegraf/manual-config.md index 193f6cfec..cc9043623 100644 --- a/content/v2.0/collect-data/use-telegraf/manual-config.md +++ b/content/v2.0/collect-data/use-telegraf/manual-config.md @@ -38,7 +38,7 @@ _By default, InfluxDB runs on port `9999`._ ##### token Your InfluxDB v2.0 authorization token. -For information about viewing tokens, see [View tokens](/v2.0/users/tokens/view-tokens/). +For information about viewing tokens, see [View tokens](/v2.0/security/tokens/view-tokens/). {{% note %}} #### Avoid storing tokens in plain text diff --git a/content/v2.0/get-started.md b/content/v2.0/get-started.md index 3c8abe019..a78483a64 100644 --- a/content/v2.0/get-started.md +++ b/content/v2.0/get-started.md @@ -213,7 +213,7 @@ use one of the following methods to provide your [authentication token](/v2.0/us 3. Store your token in `~/.influxdbv2/credentials`. _The content of the `credentials` file should be only your token._ -_See [View tokens](/v2.0/users/tokens/view-tokens/) for information about +_See [View tokens](/v2.0/security/tokens/view-tokens/) for information about retrieving authentication tokens._ {{% /note %}} diff --git a/content/v2.0/reference/cli/influx/_index.md b/content/v2.0/reference/cli/influx/_index.md index 1f52fc294..ebb732cec 100644 --- a/content/v2.0/reference/cli/influx/_index.md +++ b/content/v2.0/reference/cli/influx/_index.md @@ -38,7 +38,7 @@ with each `influx` command, use one of the following methods to store your token _**Note:** If you [set up InfluxDB using the CLI](/v2.0/reference/cli/influx/setup), InfluxDB stores your token in the credentials files automatically._ -_See [View tokens](/v2.0/users/tokens/view-tokens/) for information about +_See [View tokens](/v2.0/security/tokens/view-tokens/) for information about retrieving authentication tokens._ {{% /note %}} diff --git a/content/v2.0/security/_index.md b/content/v2.0/security/_index.md index 61294d0ce..e2192756e 100644 --- a/content/v2.0/security/_index.md +++ b/content/v2.0/security/_index.md @@ -4,7 +4,7 @@ description: placeholder weight: 12 menu: v2_0: - name: Security & Authorization + name: Security & authorization --- placeholder diff --git a/content/v2.0/users/tokens/_index.md b/content/v2.0/security/tokens/_index.md similarity index 60% rename from content/v2.0/users/tokens/_index.md rename to content/v2.0/security/tokens/_index.md index 17ac434d4..7b31a2688 100644 --- a/content/v2.0/users/tokens/_index.md +++ b/content/v2.0/security/tokens/_index.md @@ -1,17 +1,20 @@ --- -title: Manage tokens -seotitle: Manage tokens in InfluxDB +title: Manage authentication tokens +seotitle: Manage authentication tokens in InfluxDB description: Manage authentication tokens in InfluxDB using the InfluxDB UI or the influx CLI. +aliases: + - /v2.0/users/tokens v2.0/tags: [tokens, authentication] menu: v2_0: name: Manage tokens - parent: Manage users + parent: Security & authorization weight: 105 --- InfluxDB ensures secure interaction between users and data through the use of **authentication tokens**. -A token identifies InfluxDB permissions. +A token belongs to an organization and identifies InfluxDB permissions within the organization. + The following articles provide information about managing authentication tokens. diff --git a/content/v2.0/users/tokens/create-token.md b/content/v2.0/security/tokens/create-token.md similarity index 96% rename from content/v2.0/users/tokens/create-token.md rename to content/v2.0/security/tokens/create-token.md index d16b0da44..2fe5e3f0f 100644 --- a/content/v2.0/users/tokens/create-token.md +++ b/content/v2.0/security/tokens/create-token.md @@ -2,6 +2,8 @@ title: Create a token seotitle: Create an authentication token in InfluxDB description: Create an authentication token in InfluxDB using the InfluxDB UI or the `influx` CLI. +aliases: + - /v2.0/users/tokens/create-token/ menu: v2_0: name: Create a token diff --git a/content/v2.0/users/tokens/delete-token.md b/content/v2.0/security/tokens/delete-token.md similarity index 96% rename from content/v2.0/users/tokens/delete-token.md rename to content/v2.0/security/tokens/delete-token.md index 1b300daa6..13083063a 100644 --- a/content/v2.0/users/tokens/delete-token.md +++ b/content/v2.0/security/tokens/delete-token.md @@ -2,6 +2,8 @@ title: Delete a token seotitle: Delete an authentication token from InfluxDB description: Delete an authentication token from InfluxDB using the InfluxDB UI or the `influx` CLI. +aliases: + - /v2.0/users/tokens/delete-token menu: v2_0: name: Delete a token diff --git a/content/v2.0/users/tokens/update-tokens.md b/content/v2.0/security/tokens/update-tokens.md similarity index 90% rename from content/v2.0/users/tokens/update-tokens.md rename to content/v2.0/security/tokens/update-tokens.md index fe4339bfe..eb1b86533 100644 --- a/content/v2.0/users/tokens/update-tokens.md +++ b/content/v2.0/security/tokens/update-tokens.md @@ -1,7 +1,9 @@ --- title: Update a token seotitle: Update authentication tokens in InfluxDB -description: Update authentication tokens' descriptions in InfluxDB using the InfluxDB UI. +description: Update authentication tokens' descriptions in InfluxDB using the InfluxDB UI +aliases: + - /v2.0/users/tokens/update-tokens menu: v2_0: name: Update a token diff --git a/content/v2.0/users/tokens/view-tokens.md b/content/v2.0/security/tokens/view-tokens.md similarity index 95% rename from content/v2.0/users/tokens/view-tokens.md rename to content/v2.0/security/tokens/view-tokens.md index 09772a813..6dc3537e9 100644 --- a/content/v2.0/users/tokens/view-tokens.md +++ b/content/v2.0/security/tokens/view-tokens.md @@ -2,6 +2,8 @@ title: View tokens seotitle: View authentication tokens in InfluxDB description: View authentication tokens in InfluxDB using the InfluxDB UI or the `influx` CLI. +aliases: + - /v2.0/users/tokens/view-tokens menu: v2_0: name: View tokens diff --git a/content/v2.0/users/_index.md b/content/v2.0/users/_index.md index 5c6a4a501..e57fa73be 100644 --- a/content/v2.0/users/_index.md +++ b/content/v2.0/users/_index.md @@ -10,8 +10,8 @@ weight: 11 --- Users are those with access to InfluxDB. -In order to access any data, a user must be added as a member of an organization. -All users have unique authentication tokens with specific permissions used to grant them access to data within InfluxDB. +To grant a user permission to access data, add them as a [member of an organization](/v2.0/organizations/members/) +and provide them with an [authentication token](/v2.0/security/tokens/). The following articles walk through managing users. From 4314d1e68efa808db9981ac1380c104125353576 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Wed, 17 Apr 2019 11:00:40 -0600 Subject: [PATCH 03/10] initial draft of vault secret storage doc --- content/v2.0/security/use-vault.md | 130 +++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 content/v2.0/security/use-vault.md diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md new file mode 100644 index 000000000..dda5f8ac2 --- /dev/null +++ b/content/v2.0/security/use-vault.md @@ -0,0 +1,130 @@ +--- +title: Store InfluxDB secrets in Vault +description: Manage authentication tokens in InfluxDB using the InfluxDB UI or the influx CLI. +v2.0/tags: [tokens, security] +menu: + v2_0: + parent: Security & authorization +weight: 102 +--- + +[Vault](https://www.vaultproject.io/) secures, stores, and tightly controls access +to tokens, passwords, certificates, and other sensitive secrets. +InfluxDB provides a built-in Vault integration that lets you store sensitive +InfluxDB secrets in Vault. + +{{% note %}} +When not using Vault, secrets are Base64-encoded and stored in the InfluxDB embedded key value store, +[BoltDB](https://github.com/boltdb/bolt). +{{% /note %}} + +## Start a Vault server +Start a Vault server and ensure InfluxDB has network access to it. +The following links provide information about running Vault in both development and production: + +- [Install Vault](https://learn.hashicorp.com/vault/getting-started/install) +- [Start a Vault dev server](https://learn.hashicorp.com/vault/getting-started/dev-server) +- [Deploy Vault](https://learn.hashicorp.com/vault/getting-started/deploy) + +For this example, install Vault on your local machine and start a Vault dev server. + +```sh +vault server -dev +``` + +## Define Vault environment variables +Use [Vault environment variables](https://www.vaultproject.io/docs/commands/index.html#environment-variables) +to provide connection credentials and other important Vault-related information to InfluxDB. + +#### Required environment variables +- `VAULT_ADDR`: The API address of your Vault server _(provided in the Vault server output)_. +- `VAULT_TOKEN`: The [Vault token](https://learn.hashicorp.com/vault/getting-started/authentication) + required to access your Vault server. + +_Your Vault server configuration may require other environment variables._ + +```sh +export VAULT_ADDR='http://127.0.0.1:8200' VAULT_TOKEN='s.0X0XxXXx0xXxXXxxxXxXxX0x' +``` + +## Start InfluxDB +Start the [`influxd` service](/v2.0/reference/cli/influxd/) with the `--secret-store` +option set to `vault`. + +```bash +influxd --secret-store vault +``` + +## Test Vault storage +With Vault and InfluxDB servers running, use the InfluxDB API to test Vault: + +{{% note %}} +Replace `` with your [organization ID](#) and `` +with your [InfluxDB authentication token](/v2.0/security/tokens/). +{{% /note %}} + +##### Retrieve an organization's secrets +```sh +curl --request GET \ + --url http://localhost:9999/api/v2/orgs//secrets \ + --header 'authorization: Token ' + +# should return +# { +# "links": { +# "org": "/api/v2/orgs/031c8cbefe101000", +# "secrets": "/api/v2/orgs/031c8cbefe101000/secrets" +# }, +# "secrets": [] +# } +``` + +##### Add secrets to an organization +```sh +curl --request PATCH \ + --url http://localhost:9999/api/v2/orgs//secrets \ + --header 'authorization: Token ' \ + --header 'content-type: application/json' \ + --data '{ + "foo": "bar", + "hello": "world" +}' + +# should return 204 no content +``` + +##### Retrieve the added secrets +```bash +curl --request GET \ + --url http://localhost:9999/api/v2/orgs//secrets \ + --header 'authorization: Token ' + +# should return +# { +# "links": { +# "org": "/api/v2/orgs/031c8cbefe101000", +# "secrets": "/api/v2/orgs/031c8cbefe101000/secrets" +# }, +# "secrets": [ +# "foo", +# "hello" +# ] +# } +``` + +## Vault secrets storage +InfluxDB creates a [secrets engine](https://learn.hashicorp.com/vault/getting-started/secrets-engines) +for each organization using the following pattern: + +``` +/secret/data/ +``` + +Secrets are stored in Vault as key value pairs in their respective secrets engines. + +``` +/secret/data/031c8cbefe101000 -> + this_key: foo + that_key: bar + a_secret: key +``` From 9b0a7bb3637d2791ef1a9b11de1a5f27cdb86d40 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Wed, 17 Apr 2019 11:10:11 -0600 Subject: [PATCH 04/10] added instructions for viewing your org id, resolves #165 --- content/v2.0/organizations/view-orgs.md | 23 +++++++++++++++++++++++ content/v2.0/security/use-vault.md | 4 ++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/content/v2.0/organizations/view-orgs.md b/content/v2.0/organizations/view-orgs.md index f6f9ec896..96fbecdad 100644 --- a/content/v2.0/organizations/view-orgs.md +++ b/content/v2.0/organizations/view-orgs.md @@ -33,3 +33,26 @@ influx org find Filtering options such as filtering by name or ID are available. See the [`influx org find` documentation](/v2.0/reference/cli/influx/org/find) for information about other available flags. + +## View your organization ID +Use the InfluxDB UI or `influx` CLI to see your organization ID. + +### Organization ID in the UI +Your organization ID is in the InfluxDB UI URL after logging in. + +```sh +# Pattern +http://localhost:9999/orgs/ + +# Example +http://localhost:9999/orgs/03a2bbf46249a000 +``` + +### Organization ID in the CLI +View your organization ID in the output [`influx org find`](#view-organizations-using-the-influx-cli). + +```sh +ID Name +03a2bbf46249a000 org-1 +03ace3a859669000 org-2 +``` diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index dda5f8ac2..92cbb8956 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -59,8 +59,8 @@ influxd --secret-store vault With Vault and InfluxDB servers running, use the InfluxDB API to test Vault: {{% note %}} -Replace `` with your [organization ID](#) and `` -with your [InfluxDB authentication token](/v2.0/security/tokens/). +Replace `` with your [organization ID](/v2.0/organizations/view-orgs/#view-your-organization-id) +and `` with your [InfluxDB authentication token](/v2.0/security/tokens/). {{% /note %}} ##### Retrieve an organization's secrets From db4bb9aae272915c2b671756e226b279ee941125 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Wed, 17 Apr 2019 11:11:41 -0600 Subject: [PATCH 05/10] minor update to vault secrets doc, resolves #157 --- content/v2.0/security/use-vault.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index 92cbb8956..0bace2ef3 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -10,8 +10,7 @@ weight: 102 [Vault](https://www.vaultproject.io/) secures, stores, and tightly controls access to tokens, passwords, certificates, and other sensitive secrets. -InfluxDB provides a built-in Vault integration that lets you store sensitive -InfluxDB secrets in Vault. +InfluxDB provides a built-in Vault integration that lets you store sensitive secrets in Vault. {{% note %}} When not using Vault, secrets are Base64-encoded and stored in the InfluxDB embedded key value store, From 0f3e41bafc004125b4d069282e00f8339180c3ba Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 18 Apr 2019 09:05:56 -0600 Subject: [PATCH 06/10] updated auth token placeholders in api examples to be consistent with others --- content/v2.0/security/use-vault.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index 0bace2ef3..10ef0bdea 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -59,14 +59,14 @@ With Vault and InfluxDB servers running, use the InfluxDB API to test Vault: {{% note %}} Replace `` with your [organization ID](/v2.0/organizations/view-orgs/#view-your-organization-id) -and `` with your [InfluxDB authentication token](/v2.0/security/tokens/). +and `YOURAUTHTOKEN` with your [InfluxDB authentication token](/v2.0/security/tokens/). {{% /note %}} ##### Retrieve an organization's secrets ```sh curl --request GET \ --url http://localhost:9999/api/v2/orgs//secrets \ - --header 'authorization: Token ' + --header 'authorization: Token YOURAUTHTOKEN' # should return # { @@ -82,7 +82,7 @@ curl --request GET \ ```sh curl --request PATCH \ --url http://localhost:9999/api/v2/orgs//secrets \ - --header 'authorization: Token ' \ + --header 'authorization: Token YOURAUTHTOKEN' \ --header 'content-type: application/json' \ --data '{ "foo": "bar", @@ -96,7 +96,7 @@ curl --request PATCH \ ```bash curl --request GET \ --url http://localhost:9999/api/v2/orgs//secrets \ - --header 'authorization: Token ' + --header 'authorization: Token YOURAUTHTOKEN' # should return # { From 8f07c366208799fea953b41db2a3f05533cb6bd1 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 18 Apr 2019 11:18:08 -0600 Subject: [PATCH 07/10] added summary and description to security landing page --- content/v2.0/security/_index.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/content/v2.0/security/_index.md b/content/v2.0/security/_index.md index e2192756e..c2043d499 100644 --- a/content/v2.0/security/_index.md +++ b/content/v2.0/security/_index.md @@ -1,12 +1,18 @@ --- title: Manage security and authorization -description: placeholder +description: > + Security, access control, and sensitive secret handling are incredibly important + when handling any sort of sensitive data. + This section provides information about managing the security of your InfluxDB instance. weight: 12 menu: v2_0: name: Security & authorization +v2.0/tags: [security, auth] --- -placeholder +Security, access control, and sensitive secret handling are incredibly important +when handling any sort of sensitive data. +This section provides information about managing the security of your InfluxDB instance. {{< children >}} From b3ae9a6fc52db9f0d64165ffe6a423356904a003 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 18 Apr 2019 11:55:45 -0600 Subject: [PATCH 08/10] updated vault doc and view org doc to address PR feedback --- content/v2.0/organizations/view-orgs.md | 23 +++++++++++------------ content/v2.0/security/use-vault.md | 6 +++--- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/content/v2.0/organizations/view-orgs.md b/content/v2.0/organizations/view-orgs.md index 96fbecdad..c253d8ee7 100644 --- a/content/v2.0/organizations/view-orgs.md +++ b/content/v2.0/organizations/view-orgs.md @@ -35,24 +35,23 @@ See the [`influx org find` documentation](/v2.0/reference/cli/influx/org/find) for information about other available flags. ## View your organization ID -Use the InfluxDB UI or `influx` CLI to see your organization ID. +Use the InfluxDB UI or `influx` CLI to view your organization ID. ### Organization ID in the UI -Your organization ID is in the InfluxDB UI URL after logging in. +After logging in to the InfluxDB UI, your organization ID appears in the URL. -```sh -# Pattern -http://localhost:9999/orgs/ +
+http://localhost:9999/orgs/03a2bbf46249a000/...
+
-# Example -http://localhost:9999/orgs/03a2bbf46249a000 -``` ### Organization ID in the CLI -View your organization ID in the output [`influx org find`](#view-organizations-using-the-influx-cli). +Use [`influx org find`](#view-organizations-using-the-influx-cli) to view your organization ID. ```sh -ID Name -03a2bbf46249a000 org-1 -03ace3a859669000 org-2 +> influx org find + +ID Name +03a2bbf46249a000 org-1 +03ace3a859669000 org-2 ``` diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index 10ef0bdea..c39ab8adb 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -10,7 +10,7 @@ weight: 102 [Vault](https://www.vaultproject.io/) secures, stores, and tightly controls access to tokens, passwords, certificates, and other sensitive secrets. -InfluxDB provides a built-in Vault integration that lets you store sensitive secrets in Vault. +Store sensitive secrets in Vault using the InfluxDB built-in Vault integration. {{% note %}} When not using Vault, secrets are Base64-encoded and stored in the InfluxDB embedded key value store, @@ -112,8 +112,8 @@ curl --request GET \ ``` ## Vault secrets storage -InfluxDB creates a [secrets engine](https://learn.hashicorp.com/vault/getting-started/secrets-engines) -for each organization using the following pattern: +For each organization, InfluxDB creates a [secrets engine](https://learn.hashicorp.com/vault/getting-started/secrets-engines) +using the following pattern: ``` /secret/data/ From 157d921b6d888e75bab6982ae19ed9e15d28069b Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 18 Apr 2019 12:01:33 -0600 Subject: [PATCH 09/10] added clarification about vault network access --- content/v2.0/security/use-vault.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index c39ab8adb..fd7339857 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -18,7 +18,7 @@ When not using Vault, secrets are Base64-encoded and stored in the InfluxDB embe {{% /note %}} ## Start a Vault server -Start a Vault server and ensure InfluxDB has network access to it. +Start a Vault server and ensure InfluxDB has network (HTTP) access to the server. The following links provide information about running Vault in both development and production: - [Install Vault](https://learn.hashicorp.com/vault/getting-started/install) From afca976fdc789bd8023e3719faed5927ebe4b069 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 18 Apr 2019 12:09:24 -0600 Subject: [PATCH 10/10] updated security docs frontmatter, updated tags --- content/v2.0/security/_index.md | 2 +- content/v2.0/security/tokens/_index.md | 5 ++--- content/v2.0/security/use-vault.md | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/content/v2.0/security/_index.md b/content/v2.0/security/_index.md index c2043d499..c9643fb0b 100644 --- a/content/v2.0/security/_index.md +++ b/content/v2.0/security/_index.md @@ -8,7 +8,7 @@ weight: 12 menu: v2_0: name: Security & authorization -v2.0/tags: [security, auth] +v2.0/tags: [security, authentication] --- Security, access control, and sensitive secret handling are incredibly important diff --git a/content/v2.0/security/tokens/_index.md b/content/v2.0/security/tokens/_index.md index 7b31a2688..29544f37a 100644 --- a/content/v2.0/security/tokens/_index.md +++ b/content/v2.0/security/tokens/_index.md @@ -4,18 +4,17 @@ seotitle: Manage authentication tokens in InfluxDB description: Manage authentication tokens in InfluxDB using the InfluxDB UI or the influx CLI. aliases: - /v2.0/users/tokens -v2.0/tags: [tokens, authentication] +v2.0/tags: [tokens, authentication, security] menu: v2_0: name: Manage tokens parent: Security & authorization -weight: 105 +weight: 101 --- InfluxDB ensures secure interaction between users and data through the use of **authentication tokens**. A token belongs to an organization and identifies InfluxDB permissions within the organization. - The following articles provide information about managing authentication tokens. {{< children >}} diff --git a/content/v2.0/security/use-vault.md b/content/v2.0/security/use-vault.md index fd7339857..5fc8bc3bd 100644 --- a/content/v2.0/security/use-vault.md +++ b/content/v2.0/security/use-vault.md @@ -1,5 +1,5 @@ --- -title: Store InfluxDB secrets in Vault +title: Store secrets in Vault description: Manage authentication tokens in InfluxDB using the InfluxDB UI or the influx CLI. v2.0/tags: [tokens, security] menu: @@ -18,7 +18,7 @@ When not using Vault, secrets are Base64-encoded and stored in the InfluxDB embe {{% /note %}} ## Start a Vault server -Start a Vault server and ensure InfluxDB has network (HTTP) access to the server. +Start a Vault server and ensure InfluxDB has network access to the server. The following links provide information about running Vault in both development and production: - [Install Vault](https://learn.hashicorp.com/vault/getting-started/install)