From 601490b9abb0809915bddbd76787dc426fa3daab Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Tue, 27 Jun 2023 11:22:10 -0400 Subject: [PATCH] Update wording on WAN fed and intermediate_pki_path (#17850) --- website/content/docs/connect/ca/vault.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx index 34ad19226847..828a6937cae1 100644 --- a/website/content/docs/connect/ca/vault.mdx +++ b/website/content/docs/connect/ca/vault.mdx @@ -139,8 +139,10 @@ The key after the slash refers to the corresponding option name in the agent con path does not exist, Consul will attempt to mount and configure this automatically. - When WAN Federation is enabled, every secondary - datacenter must specify a unique `intermediate_pki_path`. + When WAN federation is enabled, every secondary datacenter that shares a common Vault cluster + must specify a unique `intermediate_pki_path`. If a Vault cluster is not used by more than one Consul datacenter, + then you do not need to specify a unique value for the `intermediate_pki_path`. We still recommend using a + unique `intermediate_pki_path` for each datacenter, however, to improve operational and diagnostic clarity. - `IntermediatePKINamespace` / `intermediate_pki_namespace` (`string: `) - The absolute namespace that the `IntermediatePKIPath` is in. Setting this parameter overrides the `Namespace` option for the `IntermediatePKIPath`. Introduced in 1.12.3.