* Add extra debugging to help identify failures within mssql test
* Switch up the AssertInitialized method for mssql tests by marking the test as failed instead of
   immediately failing, this will also allow us to see what happens even if this assertion fails to the rest
   of the test.

* fixes issue with oidc auth method when MetaMask chrome extenstion is used

* adds changelog entry

* updates auth-jwt integration tests

* fixes race condition in runCommands ui-panel helper method where running multiple commands would not always result in the same output order

This reverts commit 82d66627.

* Move the ctx capture outside the goroutine to avoid a race

* refactor the toggleable wrapper to avoid races

* Move the capture back outside the goroutine

* defer

* some client count docs updates

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: swayne275 <swayne275@gmail.com>

* remove full link path

* more path shortening for urls
Co-authored-by: swayne275 <swayne275@gmail.com>

- Add a new top level configuration stanza named kms_library with
   Vault's SharedConfig struct

* docs for counting tokens without entities

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: swayne275 <swayne275@gmail.com>

* remove parens in docs

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* update documentation to be consistent with the non-entity token terminology

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/client-count.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* add line about client ids to the api docs

* syntax and grammar
Co-authored-by: swayne275 <swayne275@gmail.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Add native Login method for GCP auth backend

* Add native Login method for Azure auth backend

* Add changelog entry

* Use official azure library Environment struct rather than passing string, add timeouts

* Use v1.3.0 which now has interface definition

* Don't throw away error and close resp body

* Back to WithResource so we can support non-Azure URLs for aud

* Restrict ECDSA signatures with NIST P-Curve hashes

When using an ECDSA signature with a NIST P-Curve, we should follow
recommendations from BIS (Section 4.2) and Mozilla's root store policy
(section 5.1.2) to ensure that arbitrary selection of signature_bits
does not exceed what the curve is capable of signing.

Related: #11245
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to certutil.ValidateKeyTypeSignatureLength(...)

Replaces previous calls to certutil.ValidateKeyTypeLength(...) and
certutil.ValidateSignatureLength(...) with a single call, allowing for
curve<->hash validation.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch to autodetection of signature_bits

This enables detection of whether the caller manually specified a value
for signature_bits or not; when not manually specified, we can provision
a value that complies with new NIST P-Curve policy.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Select hash function length automatically

Due to our change in behavior (to default to -1 as the value to
signature_bits to allow for automatic hash selection), switch
ValidateKeyTypeSignatureLength(...) to accept a pointer to hashBits and
provision it with valid default values.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent invalid Curve size lookups
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Switch from -1 to 0 as default SignatureBits
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* customizes empty state messages for transit and transform

* adds changelog

* clarifies key name

* Redirect /guies to https://learn.hashicorp.com

* Add link to Troubleshooting guide

* Add message while adding Oracle db connection

- Since UI currently doesn't have support for custom plugin names,
  inform user to use the default plugin name for oracle

* Updated warning message

* Updated message

* Add a periodic test of the autoseal to detect loss of connectivity

* Keep the logic adjacent to autoseal

* imports

* typo, plus unnecessary constant time compare

* changelog

* pr feedback

* More feedback

* Add locking and a unit test

* unnecessary

* Add timeouts to encrypt/decrypt operations, capture activeContext before starting loop

* Add a block scope for the timeout

* copy/paste ftl

* Refactor to use two timeouts, and cleanup the repetitive failure code

* Readd 0ing gauge

* use millis

* Invert the unit test logic

* return full issuer uri on read provider

* remove err check

* simplify full issuer logic

* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx
Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks
Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fixes issue removing raft peer via cli not reflected in UI until refresh

* adds changelog entry

* update activity log to use core's activeContext for cleaner worker termination

* update tests to use core activeContext instead of generic context

* pass context around instead

* revert context change

* undo test context changes

* change worker context

* accidentally undid context for fcn signature changes

- When loading an existing alias within processLocalAlias we aren't
   cloning the object from the memory store. There seems to be a data
   race within the function when calling entity.UpsertAlias and
   a concurrent invalidation routine.

 ==================
WARNING: DATA RACE
Read at 0x00c00bd03d08 by goroutine 94:
  google.golang.org/protobuf/internal/impl.pointer.Elem()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/pointer_unsafe.go:118 +0x2b3
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointerSlow()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:76 +0x265
  google.golang.org/protobuf/internal/impl.(*MessageInfo).sizePointer()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:56 +0x12a
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:40 +0x95
  google.golang.org/protobuf/internal/impl.(*MessageInfo).size-fm()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/internal/impl/encode.go:33 +0x6c
  google.golang.org/protobuf/proto.MarshalOptions.marshal()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:153 +0x1f3
  google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend()
      /go/pkg/mod/google.golang.org/protobuf@v1.27.1/proto/encode.go:122 +0xa5
  github.com/golang/protobuf/proto.marshalAppend()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:40 +0xe4
  github.com/golang/protobuf/proto.Marshal()
      /go/pkg/mod/github.com/golang/protobuf@v1.5.2/proto/wire.go:23 +0x64
  github.com/hashicorp/vault/helper/identity.(*Entity).Clone()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:34 +0x150
  github.com/hashicorp/vault/vault.(*IdentityStore).MemDBEntitiesByBucketKeyInTxn()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:1214 +0x306
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:216 +0xd6c
  github.com/hashicorp/vault/vault.(*IdentityStore).Invalidate-fm()
      /go/src/github.com/hashicorp/vault/vault/identity_store.go:160 +0x6d
  github.com/hashicorp/vault/sdk/framework.(*Backend).InvalidateKey()
      /go/src/github.com/hashicorp/vault/sdk/framework/backend.go:347 +0x8a
  github.com/hashicorp/vault/vault.(*IdentityStore).InvalidateKey()
      <autogenerated>:1 +0x7d
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateKey()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:58 +0x390
  github.com/hashicorp/vault/vault.(*Core).asyncInvalidateHandler()
      /go/src/github.com/hashicorp/vault/vault/replication_invalidation_ent.go:71 +0x9b
  github.com/hashicorp/vault/vault.startReplicationEnt·dwrap·453()
      /go/src/github.com/hashicorp/vault/vault/replication_util_ent.go:331 +0x71

Previous write at 0x00c00bd03d08 by goroutine 52:
  github.com/hashicorp/vault/helper/identity.(*Entity).UpsertAlias()
      /go/src/github.com/hashicorp/vault/helper/identity/identity.go:55 +0x271
  github.com/hashicorp/vault/vault.(*IdentityStore).processLocalAlias()
      /go/src/github.com/hashicorp/vault/vault/identity_store_util.go:720 +0x672
  github.com/hashicorp/vault/vault.possiblyForwardEntityCreation()
      /go/src/github.com/hashicorp/vault/vault/request_handling_util_ent.go:230 +0x286
  github.com/hashicorp/vault/vault.(*Core).handleLoginRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:1345 +0x234a
  github.com/hashicorp/vault/vault.(*Core).handleCancelableRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:607 +0x1a11
  github.com/hashicorp/vault/vault.(*Core).switchedLockHandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:442 +0x5b5
  github.com/hashicorp/vault/vault.(*Core).HandleRequest()
      /go/src/github.com/hashicorp/vault/vault/request_handling.go:408 +0xf2
  github.com/hashicorp/vault/http.request()
      /go/src/github.com/hashicorp/vault/http/handler.go:953 +0xb1
  github.com/hashicorp/vault/http.handleLogicalInternal.func1()
      /go/src/github.com/hashicorp/vault/http/logical.go:341 +0xca
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.handleRequestForwarding.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:887 +0x4eb
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.(*ServeMux).ServeHTTP()
      /usr/local/go/src/net/http/server.go:2424 +0xc5
  github.com/hashicorp/vault/http.wrapHelpHandler.func1()
      /go/src/github.com/hashicorp/vault/http/help.go:23 +0x281
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapCORSHandler.func1()
      /go/src/github.com/hashicorp/vault/http/cors.go:29 +0xb0e
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.rateLimitQuotaWrapping.func1()
      /go/src/github.com/hashicorp/vault/http/util.go:97 +0xf28
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapDRSecondaryHandler.func1()
      /go/src/github.com/hashicorp/vault/http/util_ent.go:81 +0x7e3
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/vault/http.wrapGenericHandler.func1()
      /go/src/github.com/hashicorp/vault/http/handler.go:465 +0x1843
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  github.com/hashicorp/go-cleanhttp.PrintablePathCheckHandler.func1()
      /go/pkg/mod/github.com/hashicorp/go-cleanhttp@v0.5.2/handlers.go:42 +0xc1
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2046 +0x4d
  net/http.serverHandler.ServeHTTP()
      /usr/local/go/src/net/http/server.go:2878 +0x89a
  net/http.initALPNRequest.ServeHTTP()
      /usr/local/go/src/net/http/server.go:3479 +0x34d
  net/http.(*initALPNRequest).ServeHTTP()
      <autogenerated>:1 +0x8f
  net/http.Handler.ServeHTTP-fm()
      /usr/local/go/src/net/http/server.go:87 +0x75
  net/http.(*http2serverConn).runHandler()
      /usr/local/go/src/net/http/h2_bundle.go:5832 +0xdd
  net/http.(*http2serverConn).processHeaders·dwrap·31()
      /usr/local/go/src/net/http/h2_bundle.go:5562 +0x64

* add function for routing activity log client counts to ent namespaces

* changelog

* updates secret list header to display badge for all versions

* adds changelog entry

* updates secret list header to only show badge for kv and generic engine types

* adds secret-engine mirage factory

* adds test helper for pushing serialized mirage data into store and returning ember data models

* adds secret engine type version badge display test

* updates mirage application serializer to return singular type key

* Add read support to sys/mounts/:path

Closes https://github.com/hashicorp/vault/issues/12349

* Add changelog entry

* Empty commit to trigger CI

* Empty commit to trigger CI

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: s/GPG/PGP keys, use GPG's proper name

* Use GPG's proper name GnuPG

* Use GPG's proper name GnuPG

* Consistency: GPG keys are PGP keys

* Fix typo

* Add note that monitor command may truncate logs

* Apply suggestions from code review
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

- Add a 'Connect Timeout' query parameter to the test helper to set
   a timeout value of 30 seconds in an attempt to address the following
   failure we see at times in TestDeleteUser and TestUpdateUser

   mssql_test.go:253: Failed to initialize: error verifying connection: TLS Handshake failed: cannot read handshake packet: EOF