* backport of commit ee7f9abcf82d15b758df6481a1ba8beb705a8419

* backport of commit a4144747cfb8c30bd2714fdf54d78c05e88f508a

* backport of commit aa1164f33c562041d9d6d4639ca4a077240e8403
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>

* backport of commit 36f24e8921c046abafac012f7c62aad90973c7e8

* backport of commit 9f165b0ef5ea79551a7c1dbb083d7641abe4fdfa

* backport of commit 4ff8321b7b084ceedd12a8746dcf5503f664e855

* backport of commit a53bdf9357d16c57e83e83669a1c6cc85a1ca0f2

* backport of commit 31c175fa213c1904d88793e8f14334d986780b20

* Empty state for current tab (#14319)

* update ci.hcl to remove 1.6.x and add in 1.10.x (#14310)

* Fix autoseal health check race by passing metrics sink in CoreConfig (#14196)

* Add empty state for current tab, config off, no read permissions on config
Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>

* update selector

* fix test

* remove helper
Co-authored-by: Claire Bontempo <cbontempo@hashicorp.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Scott Miller <smiller@hashicorp.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>

* backport of commit eaf5f1a50f72c4ebcae6c6c7d2fa6e5e94382ba5

* backport of commit a0e6d1b6b93fd84967314aca28dc4b7f58fbe6b0
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>

* backport of commit 250f95c92152276cc1d3519406316362b71e51de

* backport of commit bce725ebd161949d69b89777227243162fac4595

* backport of commit 6271bc8eaa9e3b549f83e9707e7b2d4250bb6436
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>

* backport of commit b9afbf71ce3649c0c0be7afecac16ea6724848b0

* backport of commit 805f9377a09aba33bb10a9d1163e6da59375f6c7
Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* update build and ci to point to release branch

* backport ssct oss optimizations

* update build and ci to point to release branch

* update version prerelease for 1.10 branch to be rc1 in prep for release

* deps: update plugin versions for Vault 1.10

* update vault-plugin-secrets-alicloud to v0.11.1

* downgrade alibaba-cloud-sdk-go

* update auth-jwt and auth-gcp, revert non-plugin deps

docs: consul secret engine improvements, database secrets engine disable_escaping parameter (#14260)

* Update consul secrets engine docs and api-docs
* Update databases secrets engine docs and api-docs

* Address slow CI causing failures in TestRateLimitQuota_Allow_WithBlock

 - An attempt to fix CI runs that are extremely slow and the for loop
   runs across two BlockIntervals within the rate limit window of operation.
 - Increasing BlockInterval was looked at but the normal test times would
   be increased due to us also validating that we are releasing clients post
   BlockInterval.

* Address TestRateLimitQuota_Allow_WithBlock slowness issue (take 2)

 - Increase the overall Interval value within the blocking test so that we
   should always be able to request at least 17 requests within the interval
   value.
 - Tested by changing the time.Sleep within the for loop to 20 from 2
   and could see that within the response, coming back from the rlq.allow,
   that we were no longer being rate limited by going over the 1 second
   interval value per host.

* Limit the number of active go routines in TestRateLimitQuota_Allow_WithBlock

As pointed out internally, a lot of the API docs and FrameworkField
descriptions of parameters were out of date. This syncs a number of
them, updating their descriptions where relevant.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* updates clients mirage handler activity endpoint

* fixes issue removing auth method filter after clearing namespace filter

* Add UI feature allowing database role credential rotation

* Only show the 'rotate credentials' option for static roles

* rotate role path uses id for permissions

* Add rotate credentials button to show page on static role

* Mirage handlers for role for simple testing

* Add changelog

* lint rules

* fix lint
Co-authored-by: Bartek Marczak <bartek.marczak@gmail.com>

* the fix

* add test coverage

* add more coverage

* spelling

The operations are handled identically, but ~85% of the references were
POST, and having a mix of PUT and POST was a source of questions.

A subsequent commit will update the internal use of "PUT" such as by
the API client and -output-curl-string.

* Add agent/v1/quit endpoint
  * Closes https://github.com/hashicorp/vault/issues/11089


* Agent quit API behind config setting
* Normalise test config whitespace
* Document config option
Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Login MFA

* ENT OSS segragation (#14088)

* Delete method id if not used in an MFA enforcement config (#14063)

* Delete an MFA methodID only if it is not used by an MFA enforcement config

* Fixing a bug: mfa/validate is an unauthenticated path, and goes through the handleLoginRequest path

* adding use_passcode field to DUO config (#14059)

* add changelog

* preventing replay attack on MFA passcodes (#14056)

* preventing replay attack on MFA passcodes

* using %w instead of %s for error

* Improve CLI command for login mfa (#14106)

CLI prints a warning message indicating the login request needs to get validated

* adding the validity period of a passcode to error messages (#14115)

* interactive CLI for mfa login

* minor fixes

* bail if no input was inserted

* change label name

* interactive CLI when single methodID is returned from login request

* minor fix

* adding changelog

* addressing feedback

* a user with a terminal should be able to choose between interactive and non-interactive.  A user without a terminal should not be able to use the interactive mode.
Co-authored-by: Josh Black <raskchanky@gmail.com>

* achieve parity with ent in core.go

* add VAULT_DISABLE_LOCAL_AUTH_MOUNT_ENTITIES

* parity in build.yml with ent but without adding the +ent

* pass base version to ldflags
Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>

* some styling changes

* a few more after design review

* chart fix

* address important

* remove

* translate hard copy

* resolves The default schema used in the mysql backend is insufficient for KVv2 storage #14114
* increases column width of vault_key from 512 to 3072 in mysql physical backend
* updates changelog

If directory is embeded using Go's embed package it should be present in
git repository to avoid failures/erros messages in Go commands.
Co-authored-by: Henri Koski <henri.t.koski@gmail.com>

We note that:

 - allow_bare_domains, allow_glob_domains, and allow_subdomains are all
   independent,
 - enforce_hostnames and allow_wildcard_certificates take precedence over
   allow_any_name,
 - We limit to RFC 6125 wildcards.
 - Clarify that both allow_bare_domains and allow_glob_domains will permit
   wildcard issuance in certain scenarios.
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Kit Haines <kit.haines@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Kit Haines <kit.haines@hashicorp.com>