Merge branch 'main' into prepare-terraform/v1.13

BrianMMcClain · web-flow · commit 68989b76c14b · 2025-08-21T14:01:42.000-04:00
diff --git a/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx b/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx
@@ -5,15 +5,24 @@
 | Breaking     | 1.20.1+, 1.19.7+, 1.18.12+, 1.16.23+ | All
 
 File audit devices require explicit configuration for prefixing and cannot use
-executable file permissions.  You must set `allow_audit_log_prefixing` to `true`
-in your server configuration to enable `file` audit devices with the `prefix`
-option. Additionally, `file` audit devices cannot use file modes with executable
-permissions (e.g., 0777, 0755).
+executable file permissions.
+
+Vault will not unseal on upgrade if your only configured audit device is a
+`file` device with the executable
+[mode](/vault/docs/commands/audit/enable#command-arguments) set.
+
+Vault `file` audit devices cannot use file modes with executable permissions
+(e.g., 0777, 0755), and should be configured with `0644` permissions
+(or similar).
+
+Additionally, to enable `file` audit devices with the `prefix` option, you must
+set `allow_audit_log_prefixing` to `true` in your server configuration on each
+node in your cluster.
 
 #### Recommendation
 
 If you use `file` audit devices:
 
 1. Add `allow_audit_log_prefixing = true` to your Vault server configuration if
    you want to use the `prefix` option.
-1. Use non-executable file modes (e.g., 0644, 0666) for log files.
+1. Use non-executable file modes (e.g., 0644, 0666) for log files.
diff --git a/content/vault/v1.14.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.14.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.15.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.15.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.16.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.16.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.17.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.17.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.18.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.18.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.19.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.19.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.20.x/content/docs/internals/recommended-patterns.mdx b/content/vault/v1.20.x/content/docs/internals/recommended-patterns.mdx
@@ -18,6 +18,7 @@ Help keep your Vault environments operating effectively by implementing the foll
 | [Improve upgrade cadence](#improve-upgrade-cadence)  	| Enterprise, Community |
 | [Test before upgrades](#test-before-upgrades)  	| Enterprise, Community 	|
 | [Rotate audit device logs](#rotate-audit-device-logs)  	| Enterprise, Community	|
+| [Monitor limits and maximums](/vault/docs/internals/limits) | Enterprise, Community |
 | [Monitor metrics](#monitor-metrics)   	| Enterprise, Community 	|
 | [Establish usage baseline](#establish-usage-baseline)  	| Enterprise, Community	|
 | [Minimize root token use](#minimize-root-token-use)  	| All 	|
diff --git a/content/vault/v1.20.x/content/partials/cli/audit/args/file/mode.mdx b/content/vault/v1.20.x/content/partials/cli/audit/args/file/mode.mdx
@@ -3,9 +3,8 @@
 **`mode (string : "0600")`**
 
 The `chmod`-style octal permissions for the audit file. Set `mode` to "0000" to
-prevent Vault from modifying the file mode.
-
-File audit devices cannot use file modes with executable permissions (e.g., 0777, 0755).
+prevent Vault from modifying the file mode. File audit devices cannot use file
+modes with executable permissions (e.g., 0777, 0755).
 
 **Example**: `mode="0644"`
 
