* Add back metadata.json

* remove space

* Automatically bootstraps the Consul ACL system if no management token is given on the access config 

* KMSE: Key Model / Adapter / Serializer setup (#13638)

* First pass model

* KMS key adapter (create/update), serializer, model

* Add last rotated and provider to key

* KeyEdit secret-edit component, and more key model stuff

* add formatDate param support to infotablerow

* Add keymgmt key to routes and options-for-backend

* Rename keymgmt-key to keymgmt/key

* Add test, cleanup

* Add mirage handler for kms

* Address PR comments

* KMS Providers (#13797)

* adds pagination-controls component

* adds kms provider model, adapter and serializer

* adds kms provider-edit component

* updates secrets routes to handle itemType query param for kms

* updates kms key adapter to query by provider

* adds tests for provider-edit component

* refactors kms provider adapter to account for dynamic path

* adds model-validations-helper util

* removes keymgmt from supported-secret-backends

* fixes issue generating url for fetching keys for a provider

* updates modelType method on secret-edit route to accept options object as arg rather than transition

* adds additional checks to ensure queryParams are defined in options object for modelType method

* UI/keymgmt distribute key (#13840)

* Add distribution details on key page, and empty states if no permissions

* Allow search-select component to return object so parent can tell when new item was created

* Add stringarray transform

* Distribute component first pass

* Refactor distribute component for use with internal object rather than ember-data model

* Specific permission denied errors on key edit

* Allow inline errors on search-select component

* Style updates for form errors

* Styling and error messages on distribute component

* Allow block template on inline alert so we can add doc links

* Add distribute action, flash messages, cleanup

* Cleanup & Add tests

* More cleanup

* Address PR comments

* Move disable operations logic to commponent class

* KMSE Enable/Config (#14835)

* adds keymgmt secrets engine as supported backend

* adds comment to check on keymgmt as member of adp module

* updates kms provider to use model-validations decorator

* fixes lint errors and tests
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* Bootstrap Nomad ACL system if no token is given

Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul]
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.

[boostrap-consul]:https://github.com/hashicorp/vault/pull/10751

* Add changelog entry

* Remove debug log line

* Remove redundant else

* Rename Nomad acl bootstrap param

* Replace sleep with attempt to list nomad leader, setup will retry until successful

* fmt

- As part of the PKI rotation project we need to hook into some of the functions
   that were factored out for managed keys in regards to key handling within the
   CA bundles.
 - Refactor the codebase so that we only extract managed key stuff from oss/ent
   and not additional business logic.

* updates path help service to handle setting id of model

* adds changelog entry

* removes changelog entry

* clean up activity serailizer

* fix line chart so only plot months with data

* cleanup monthly serializer

* account for empty months in vertical bar chart

* tidy version upgrade info

* fix version history model typo

* extract const into helper

* add upgrade indicator to line chart

* fix tests

* add todos

* deprecating Legacy MFA

* removing legacy MFA doc json entry

* CL

* changing the link to legacy MFA in CL

* removing legacy MFA stuff from credentials' cli

VAULT-5827 Update mongodb, brotli

Closes https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11

* `brotli` 1.0.1 was withdrawn
* `go-client-mongodb-atlas` has an old dependency on a renamed repo, and
  has been renamed twice. This caused issues in
  https://github.com/hashicorp/vault-plugin-secrets-mongodbatlas/issues/11
  for example.
* VAULT-5827 Set unwrap token during database tests

The unwrap token is necessary for the plugins to start correctly when
running when running acceptance tests locally, e.g.,

```
$ VAULT_MONGODBATLAS_PROJECT_ID=... VAULT_MONGODBATLAS_PRIVATE_KEY=... VAULT_MONGODBATLAS_PUBLIC_KEY=... TEST='-run TestBackend_StaticRole_Rotations_MongoDBAtlas github.com/hashicorp/vault/builtin/logical/database'  make test

--- FAIL: TestBackend_StaticRole_Rotations_MongoDBAtlas (5.33s)
    rotation_test.go:818: err:%!s(<nil>) resp:&logical.Response{Secret:<nil>, Auth:<nil>, Data:map[string]interface {}{"error":"error creating database object: invalid database version: 2 errors occurred:\n\t* Unrecognized remote plugin message: PASS\n\nThis usually means that the plugin is either invalid or simply\nneeds to be recompiled to support the latest protocol.\n\t* Incompatible API version with plugin. Plugin version: 5, Client versions: [3 4]\n\n"}, Redirect:"", Warnings:[]string(nil), WrapInfo:(*wrapping.ResponseWrapInfo)(nil), Headers:map[string][]string(nil)}
```

Note the `PASS` message there, which indicates that the plugin exited
before starting the RPC server.

* remove storybook:

* changelog

* clean up

* update browserstack

* remove special case for storybook

* add back gen-story-md

* Includes sprig template functions
* Includes improvements to writeTo template function
* Add sprig functions test, improve failure message

* removes site source code

* remove algolia index and docker image workflows

* remove unneeded dependencies

* add BuildDate to version base

* populate BuildDate with ldflags

* include BuildDate in FullVersionNumber

* add BuildDate to seal-status and associated status cmd

* extend core/versions entries to include BuildDate

* include BuildDate in version-history API and CLI

* fix version history tests

* fix sys status tests

* fix TestStatusFormat

* remove extraneous LD_FLAGS from build.sh

* add BuildDate to build.bat

* fix TestSysUnseal_Reset

* attempt to add build-date to release builds

* add branch to github build workflow

* add get-build-date to build-* job needs

* fix release build command vars

* add missing quote in release build command

* Revert "add branch to github build workflow"

This reverts commit b835699ecb7c2c632757fa5fe64b3d5f60d2a886.

* add changelog entry

* website: rm content moved to learn

* fix: delete intro page file and data

* fix: restore page file so build works, need to make change in dev-dot

* fix: avoid empty sidebar data error

* fix: proper rm now that hashicorp/dev-portal#287 has landed

* fix TypeCommaIntSlice panic caused by json.Number input

* add changelog entry

* update /monthly endpoint

* change object key names to match API

* update serializers

* add optional no data mesage for horizontal chart

* add split chart option for attribution component

* wire up filtering namespaces and auth methods

* update clients current tests

* update todos and address comments

* fix attribution test

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Per updated toolchain update procedure.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add MFA support to login helpers

* WIP

* Cleanup

* cleanup

* Add changelog

* the conditional fix

* add test coverage

* changelog

* add possesive

* fix language

* fix

* fix

* change quotes

* fix

* replace with find

* fix dev-plugin-dir when backend is builtin

* use builtinRegistry.Contains

* revert aa76337

* use correct plugin type for logical backend after revert

* fix factory func default setting after revert

* add ut coverage for builtin plugin with plugin directory set

* add coverage for secrets plugin type

* use totp in tests to avoid test import cycle in ssh package

* use nomad in tests to avoid test import cycle

* remove secrets mount tests due to unavoidable test import cycle

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* VAULT-5422: Add rate limit for TOTP passcode attempts

* fixing the docs

* CL

* feedback

* Additional info in doc

* rate limit is done per entity per methodID

* refactoring a test

* rate limit OSS work for policy MFA

* adding max_validation_attempts to TOTP config

* feedback

* checking for non-nil reference

temporary namespace calls

* supporting google authenticator with Okta auth

* minor fix

* CL

* feedback

* Update changelog/14985.txt
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* updating docs
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Base on this line and my experiment, I think the default value of
vault.hashicorp.com/agent-cache-listener-port should be 8200.

https://github.com/hashicorp/vault-k8s/blob/main/agent-inject/agent/agent.go#L30

* Masked inputs always look the same when value is hidden

* Add changelog

* Fix failing test

* glimmerizes form field components

* updates model validations handling in components that use form field

* Typo fixes; numbering fixes.

* Removes changes to numbering - these aren't visible (see https://riptutorial.com/markdown/example/1805/numbered-lists)

- this is in support of removal of `stable-website`

* forwarding requests subjected to Login MFA to the active node

* CL, and making fmt happy

Page edited: https://www.vaultproject.io/docs/audit/socket. We should include a note detailing that Vault may become unresponsive due to a TCP based socket output becoming unavailable per https://www.vaultproject.io/docs/audit#blocked-audit-devices