From 4dd0ed56d4e8978f36ee2fc4d67b50403640d1d0 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Thu, 10 Mar 2022 16:28:35 -0500 Subject: [PATCH] backport of commit 59ed0a227e7d6daddd123c1040b8d5cc1dcff491 (#14449) Co-authored-by: Peter-Gess --- website/content/docs/concepts/client-count/faq.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/concepts/client-count/faq.mdx b/website/content/docs/concepts/client-count/faq.mdx index 22da742f6776..ee731330a0fd 100644 --- a/website/content/docs/concepts/client-count/faq.mdx +++ b/website/content/docs/concepts/client-count/faq.mdx @@ -74,7 +74,7 @@ Although client counts have been available via the usage metrics UI since Vault - Eliminated wrapped tokens and control groups from client count, thereby reducing the non-entity token count. Previously, the creation and usage of control groups and wrapping tokens affected the client count each time the response is read (in the case of a wrapping token) and each time a control group was created (a non-entity token was created) - Changed the logic of counting of active identity entities on usage instead of at create time, resulting in more accurate client counts - Vault 1.9: - - Changed the non-entity token computation logic to deduplicate non-entity tokens, reducing the overall client count. Moving forward, non-entity tokens, where there is no entity to map tokens, Vault will use the contents fo the token to generate a unique client identifier based on the namespace ID and associated policies. The clientID will prevent duplicating the same token in the overall client count when the token is used again during the billing period. + - Changed the non-entity token computation logic to deduplicate non-entity tokens, reducing the overall client count. Moving forward, non-entity tokens, where there is no entity to map tokens, Vault will use the contents of the token to generate a unique client identifier based on the namespace ID and associated policies. The clientID will prevent duplicating the same token in the overall client count when the token is used again during the billing period. - Changed the tracking of non-entity tokens to complete on access instead of creation. - Changed the computation logic to not include root tokens in the client count aggregate. - Changed the local auth mount computation logic such that local auth mounts count towards clients but not as non-entity tokens. Prior to Vault 1.9, local auth mounts counted towards non-entity tokens. Refer to the [What is a Client?](docs/concepts/client-count) documentation to learn more.