Max Bowsher

The only way to do it in current Vault versions would be to have an external process parse the Vault audit log, and independently track last access time - as...

Making an HTTP request with multiple consecutive slashes in the URL-path to the Vault API does not have a defined behaviour. The actual behaviour is that Vault inherits the Go...

That's an interesting question... In one way, it would make things easier for me, in that I'm already dreading how we manage to deploy this in production, even if it's...

@cipherboy Perhaps we should deprecate those endpoints in the PKI secrets engine and add replacements that are separate from the `/cert/+` APIs? I had just assumed, that given how the...

> I fear that any automation which pulls from `cert/crl`'s JSON endpoint would need to be migrated if we deprecate it, which would be less than ideal and prone to...

Documentation added. I believe this PR is now ready for review and merge.

Thanks for the feedback! Let me explain why I did it this way, and then you can tell me which trade-off you would prefer to prioritise. Currently, there is a...

IIUC, the behaviour observed here actually counts as "Vault functioning as intended". Vault expects and requires that it is the only thing that is writing to its storage, so by...

With your questions above, you've skipped past the really big important point to focus on some specific tiny parts of it, so I need to reiterate: The Vault application is...

Caching the absence of a storage entry is a valid thing to do, to prevent needing to re-check its absence with the storage backend later. See #18251 for further discussion.