hashicorp · Dan-Heath · Dec 4, 2024 · Nov 1, 2024 · Nov 1, 2024 · Nov 12, 2024
@@ -1,7 +1,8 @@
 ---
 layout: docs
 page_title: Manage roles and permissions
-description: How to manage roles, permissions, and grants.
+description: >-
+  Use roles to manage permissions assigned to users and groups. Create roles and assign principals and grants to them. Add grant scopes and configure inheritance.
 ---
 
 # Manage roles and permissions

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Controller - configuration
-description: |-
-  The controller stanza configures controller-specifc parameters.
+page_title: Controller configuration
+description: >-
+  Learn about configuring controller-specific parameters. Understand how to configure the required KMS stanzas, and view a complete configuration example.
 ---
 
 # `controller` stanza
@@ -81,7 +81,7 @@ description will be read.
   bind a publicly accessible IP to a NIC on the host directly, such as an Amazon
   EIP. This value can be a direct address string, can refer to a file on disk (file://)
   from which an address will be read; an env var (env://) from which the
-  address will be read; or a [go-sockaddr template](https://godoc.org/github.com/hashicorp/go-sockaddr/template). 
+  address will be read; or a [go-sockaddr template](https://godoc.org/github.com/hashicorp/go-sockaddr/template).
   Note that the address should not include the protocol prefixes like `http://` or `https://`.
 
 - `auth_token_time_to_live` - Maximum time to live (TTL) for all auth tokens globally (pertains

@@ -1,7 +1,7 @@
 ---
 layout: docs
 page_title: Configure targets with credential brokering
-description: |-
+description: >-
   Configure credential brokering workflows so that Boundary centrally manages credentials and returns them to users when they successfully connect to a target.
 ---
 

@@ -1,7 +1,7 @@
 ---
 layout: docs
 page_title: Configure targets with credential injection
-description: |-
+description: >-
   Configure credential injection so Boundary provides users with a passwordless experience when connecting to targets. Availabile exclusively for Enterprise users.
 ---
 

@@ -1,7 +1,7 @@
 ---
 layout: docs
-page_title: Configure credentials with Boundary
-description: |-
+page_title: Credential management with Boundary
+description: >-
   Credential stores let you store and manage credentials in Boundary. Learn about configuring user workflows with credential management or credential injection.
 ---
 

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Manage static credentials with Boundary
-description: |-
-  Create a static credential store to manage static credentials in Boundary. Credential stores let you configure targets for credential brokering or injection.
+description: >-
+  Create a static credential store to manage static credentials. Credential stores let you configure targets for credential brokering or injection.
 ---
 
 # Create a static credential store

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Manage static credentials with Vault
-description: |-
-  Create a Vault credential store to manage credentials in Boundary. Credential stores let you configure targets for credential brokering or credential injection.
+description: >-
+  Create a Vault credential store to manage credentials. Credential stores let you configure targets for credential brokering or credential injection.
 ---
 
 # Create a Vault credential store

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Assignable permissions
-description: |-
-  Assignable permissions
+description: >-
+  Learn about using actions and output fields to grant users permissions to any resources that are identified by ID or Type.
 ---
 
 # Assignable permissions

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Permissions index
-description: |-
-  Boundary's permissions model
+description: >-
+  Learn about Boundary's RBAC (Role-based access control), allow-only permissions model. Understand how permissions are configured using grant strings and roles.
 ---
 
 # Permissions in Boundary

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Permission grant formats
-description: |-
-  Permission grant formats
+description: >-
+  Learn how to construct grant strings that map resources and permissions. Understand ID, Type, Pinned, and Wildcard grant formats. View possible grant templates.
 ---
 
 # Permission grant formats

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Resource table
-description: |-
-  Resource table
+description: >-
+  View a list of resources and their available permissions parameters and actions to help you configure and manage permissions.
 ---
 
 # Resource tables

@@ -1,7 +1,8 @@
 ---
 layout: docs
-page_title: Overview/top-level parameters
-description: Boundary configuration reference.
+page_title: Top-level configuration parameters
+description: >-
+  Learn about the parameters that make up the Boundary HCL configuration file. View parameters for HCP and self-managed installations.
 ---
 
 # Configuration

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: AEAD - configuration
-description: |-
-  The AEAD KMS configures AEAD-specific parameters.
+page_title: AEAD KMS configuration
+description: >-
+  Learn about using the Authenticated Encryption with Associated Data (AEAD) KMS for key management. AEAD is typically used for development workflows or testing.
 ---
 
 # `aead` KMS

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: AliCloud KMS - KMSs - configuration
+page_title: AliCloud KMS configuration
 description: >-
-  The AliCloud KMS configures Boundary to use AliCloud KMS for key management.
+  Learn about using the AliCloud KMS for key management and configuring parameters and authentication. View an example alicloudkms configuration.
 ---
 
 # `alicloudkms` KMS

@@ -1,9 +1,8 @@
 ---
 layout: docs
-page_title: AWS KMS - KMSs - Configuration
-description: |-
-  The AWS KMS configures Boundary to use AWS KMS for key management.
-  mechanism.
+page_title: AWS KMS Configuration
+description: >-
+  Learn about using the AWS KMS for key management, configuring parameters and authentication, and best practices for key rotation. View an example configuration.
 ---
 
 # `awskms`

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Azure Key Vault - seals - configuration
+page_title: Azure Key Vault configuration
 description: >-
-  The Azure Key Vault seal configures Boundary to use Azure Key Vault for key management.
+  Learn about using the Azure Key Vault KMS for key management and configuring parameters and authentication. View an example azurekeyvault configuration.
 ---
 
 # `azurekeyvault` KMS

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: GCP Cloud KMS - KMSs - configuration
+page_title: GCP Cloud KMS configuration
 description: >-
-  The GCP Cloud KMS configures Boundary to use GCP Cloud KMS for key management.
+  Learn about using the GCP Cloud KMS for key management and configuring parameters and authentication. View an example gcpkms configuration.
 ---
 
 # `gcpckms` KMS

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: KMS - configuration
-description: |-
-  The KMS stanza configures KMS-specific parameters.
+page_title: KMS configuration
+description: >-
+  Learn about using the kms stanza to configure key management system parameters. Discover resources for learning about specific KMS technologies.
 ---
 
 # `kms` stanza

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: OCI KMS - KMSs - configuration
-description: |-
-  The OCI KMS configures Boundary to use OCI KMS for key management.
+page_title: OCI KMS configuration
+description: >-
+  Learn about using the OCI KMS for key management and configuring parameters and authentication. View an example configuration. Understand OCI KMS key rotation.
 ---
 
 # `ocikms` KMS

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Vault Transit - seals - configuration
-description: |-
-  The Transit configures Boundary to use Vault's Transit Secret Engine for key management.
+page_title: Vault Transit configuration
+description: >-
+  Learn about using the Vault transit secrets engine for key management and configuring parameters and authentication. View an example Transit KMS configuration.
 ---
 
 # `transit` seal

@@ -1,9 +1,8 @@
 ---
 layout: docs
-page_title: Listeners - configuration
-description: |-
-  The listener stanza configures the addresses and ports on which Boundary will
-  respond to requests.
+page_title: Listener configuration
+description: >-
+  Learn about TCP and Unix listener configuration settings. Understand where to change the default addresses and ports on which Boundary responds to requests.
 ---
 
 # `listener` stanza

@@ -1,9 +1,8 @@
 ---
 layout: docs
-page_title: TCP - listeners - configuration
-description: |-
-  The TCP listener configures Boundary to listen on the specified TCP address and
-  port.
+page_title: TCP listener configuration
+description: >-
+  Learn about using the TCP listener on a TCP address and port, and view configurable parameters. Understand custom response headers. View example configurations.
 ---
 
 # `tcp` listener

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Unix domain socket - listeners - configuration
-description: |-
-  The Unix listener configures Boundary to listen on the specified Unix domain socket.
+page_title: Unix domain socket listener configuration
+description: >-
+  Learn about using the Unix listener on a specified Unix domain socket, and view configurable parameters. View example Unix listener configurations.
 ---
 
 # `unix` listener

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Plugins - configuration
-description: |-
-  The plugins stanza configures plugin-specific parameters.
+page_title: Plugin configuration
+description: >-
+  Learn about the plugin-specific parameter that configures a directory for Boundary to use for writing and executing its built-in plugins.
 ---
 
 # `plugin` stanza

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Configure storage bucket policies
-description: |-
-  How to configure storage bucket lifecycle policies for session recording in Boundary
+description: >-
+  Configure storage bucket policies to manage the lifecycles of session recordings. Specify retention and deletion policies to codify compliance periods.
 ---
 
 # Configure storage bucket policies
@@ -50,7 +50,7 @@ Complete the following steps to create a storage policy in Boundary for session
 1. Complete the following fields to create the Boundary storage policy:
    - **Name**: (Optional) The name field is optional, but if you enter a name it must be unique.
    - **Description**: (Optional) An optional description of the Boundary storage policy for identification purposes.
-   - **Retention Policy**: (Required) Specifies how long a recording must be stored, in days. 
+   - **Retention Policy**: (Required) Specifies how long a recording must be stored, in days.
    Policy values include:
      - `Forever`: If enabled, the **Deletion Policy** field is disabled.
      - `Custom`: Specify a custom retention policy in days.
@@ -186,7 +186,7 @@ In this example, recordings stored within the global scope must be retained for
 
 <Warning>
 
-  Boundary does not support an undo action. Storage policies are meant to enforce compliance to a specific law or regulation. Updating the storage policy of a session recording can have immediate and possibly unexpected results such as the immediate deletion of session recordings. 
+  Boundary does not support an undo action. Storage policies are meant to enforce compliance to a specific law or regulation. Updating the storage policy of a session recording can have immediate and possibly unexpected results such as the immediate deletion of session recordings.
 
 </Warning>
 
@@ -216,7 +216,7 @@ The following example applies the policy created above to an org named `prod-dat
 
    ```shell-session
    $ boundary policies list
-   Policy information: 
+   Policy information:
      ID:                    pst_WZ3SQSSYJY
        Version:             1
        Type:                storage
@@ -382,12 +382,12 @@ Check that the storage policy was successfully attached to the `prod-databases`
      Storage Policy ID:   pst_WZ3SQSSYJY
      Updated Time:        Thu, 25 Jan 2024 22:00:27 MST
      Version:             7
-   
+
      Scope (parent):
        ID:                global
        Name:              global
        Type:              global
-   
+
      Authorized Actions:
        detach-storage-policy
        no-op
@@ -503,7 +503,7 @@ New session recordings under the `prod-databases` scope should now show a `retai
 
 1. Create a new session recording on a target within the `prod-databases` org.
 1. Log in to Boundary.
-1. Click **Session Recordings** in the navigation panel. 
+1. Click **Session Recordings** in the navigation panel.
 1. Click **View** for a new recording that was made after the storage policy was attached to the `prod-databases` scope.
 1. Under **Session details**, verify that the *Retain until* and *Delete after* dates match the durations defined in the `soc2-policy`.
 
@@ -564,7 +564,7 @@ New session recordings under the `prod-databases` scope should now show a `retai
      Storage Bucket ID:    sb_DC8SPb9uc2
      Type:                 ssh
      Updated Time:         Mon, 29 Jan 2024 23:25:53 MST
-   
+
      ...
      ... More Output ...
      ...
@@ -581,18 +581,18 @@ New session recordings under the `prod-databases` scope should now show a `retai
 1. The following API call is an example of reading the details of a session recording with the `soc2-policy` storage policy applied to the `prod-databases` scope.
 
    List the available session recordings. This example recursively lists all recordings    within the global scope.
-   
+
    ```shell-session
    $ curl --header "Content-Type: application/json" \
        --header "Authorization: Bearer $(boundary config get-token)" \
        --request GET \
        $BOUNDARY_ADDR/v1/session-recordings?recursive=true&scope_id=global | jq
    ```
-   
+
    **Example output:**
-   
+
    <CodeBlockConfig hideClipboard highlight="4,57-58">
-   
+
    ```plaintext
    {
      "items": [

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Configure workers for local storage
-description: |-
-  How to configure Boundary workers for session recording.
+description: >-
+  Configure workers for session recording storage. View requirements and an example configuration. Understand possible storage states for local and remote storage.
 ---
 
 # Configure workers for session recording

@@ -1,8 +1,8 @@
 ---
 layout: docs
 page_title: Create a storage bucket
-description: |-
-  How to create a storage bucket for session recording in Boundary
+description: >-
+  Create a storage bucket in an external storage provider to store recorded sessions. You can review recorded sessions later for compliance and threat management.
 ---
 
 # Create a storage bucket